On 4/5/2016 8:40 PM, Alex wrote: > These targeted macro viruses are killing us. I hoped someone would > [...] > What strategy are other people using to block zero-day macro viruses?
I quarantine these before they get to SA with some logic in mimedefang that combines the OLE2 result from clamav with bogofilter scores and a couple arbitary pattern matches that i update as needed.
