I just received one.
From: PayPal <email@example.com>
Subject: Online Account Verification
Please take a few minutes out of your online experience to know why we have limited the access (temporarily) to your account.
The time it takes to restore the access is usually uncertain; depending on the type of issue, it may take our security team a few minutes or hours to resolve the problem.
There are a variety of reasons why an account is set to Limited; One of them is un-authorized access (another user tried to use your account without your consent).
An attachment is given to you through this notification. Please download and open it in your browser to verify your account.
Our security team will immediately review the information you have provided, and your account should be restored back to normal.
We would like to thank you for your attention to this matter.
PayPal Account Security Division
Jotti says that only Sophos flags it, 20 other products say it's OK.
Virustotal says that only Sophos flags it, 54 other products say it's OK.
Metascan says that only Sophos and Preventon flag it, 41 other products say it's OK.
So does your email filter check for html files? If so, what does it do?