Hi all. We've suddenly begun getting deluged with emails containing infected MS Word .doc files that use, if memory serves, a W97 macro attack. I have both Avira and Sophos antivirus engines running on our inbound email, but these things are sailing right through the Sophos firewall. Can anyone suggest a way to intercept these while allowing uninfected .doc files through? The attacks are old; it's not like they're using an attack that the antivirus has never heard of.
Dual UTM-525 in HA active/passive cluster running 9.315-2.
I see that we're not the only ones seeing this uptick: https://threatpost.com/microsoft-reports-massive-increase-in-macros-enabled-threats/110204
TIA,
Brian
This thread was automatically locked due to age.
