1. A method of anti-virus processing an email having an executable attachment comprising the steps, executed by a machine, of:
a) extracting structural elements from the email;
b) examining the executable attachments for code, data or encoded data that could have created the structural elements extracted earlier; and
c) signalling that the attachment is possibly viral or not on the basis of the extent to which the examining step b) finds evidence that the structural elements have been created by that attachment.