I've become a little addicted to flickr's random interesting photos page, so I decided to find a script to rotate my wallpaper based on this set. I found a VBS script in the flickr Yahoo Hacks! group which promised just that: unfortunately, Mcafee Enterprise believed the script to be the VBS/Psyme trojan and immediately deleted it.
I found this a bit unlikely so I fetched the VBS on my linux desktop and read the source. It looked pretty innocent, so I read up a bit on this VBS/Psyme trojan.
It turns out this worm exploits an unpatched IE exploit related to something called ADODB.Stream. Sure enough, this string appears in the flickr wallpaper VBS:
'Create a Stream instance Dim objStream Set objStream = CreateObject("ADODB.Stream")
I started to harbour a suspicion that this Enterprise virus scanner was doing little more than simple pattern matching on the VBS. So, I changed it thusly:
'Create a Stream instance foo = "ADO" bar = "DB.S" baz = "tream" Dim objStream Set objStream = CreateObject(foo & bar & baz)
...and it passed by without harm.
I've never personally relied on virus scanners (which I have found tend to make a windows desktop considerably slower than it would be otherwise), instead relying on savvy with regards running things, and using external firewalling. This experience hasn't changed that.