We have been seeing, over several customers, that Puremessage has been putting a lot of messages into quarantine that really should be deleted.
The messages are fake invoices with a *.doc attachement which according to a quick search contains a macro virus.
An example being http://sanesecurity.blogspot.co.uk/2015/03/linsen-parts-uk-ltd-invoice-from-linsen.html
The problem with this is that a user still gets notified of the item and can still download it.
Our Pure message is set at 90 to delete messages and these seem to score 82-84 or so.
We have filtered some buy using athe subject, but others are craftier with a subject that keeps changing.
Any ideas or recommendations how to stop these other than reducing the delete threshold ?
This thread was automatically locked due to age.
