Still catching "Possible Microsoft security vulnerability attack"

[John Hanks]

I must still be doing something wrong, I now have in my mailscanner.conf
file the following lines:

Allow IFrame Tags
Allow Codebase Tags

but I am still catching messages with this report. Am I missing something
obvious again? Most of the messages quarantined have had iframe tags. There
was one that I couldn't locate either an iframe tag or object codebase tag
in, but it had some encoded areas that may have contained them and I didn't
dig that deep yet.

Thanks,

jbh