Thank you for sharing this. I can relate how annoying these emails have been in the last couple of months. Been doing some research on mitigating this at our organisation.

We currently have exim+spamassassin+clamav setup on our MX. A bit of googling lead me to the links below and implementing them has significantly assisted in blocking majority of these email attachments. I am sure there are hacks for other *nix MTAs.

Hoping this info will be useful other email admins.

[1] https://github.com/Exim/exim/wiki/ExiscanFilenameBlocking

[2] https://github.com/extremeshok/clamav-unofficial-sigs

Cheers.

On 10 November 2016 at 12:37, Tony White via skunkworks <skunkworks@lists.my.co.ke> wrote:

If anyone still has client-based email software collecting emails, be
very suspicious of ALL emails with attachments.

Why not set up a filter to forward any email with an attachment to a
gmail account, and then pick the attachment from there. Google will
sanitise your attachments - and you don't have to use this gmail
account for sending, so you can still use your corporate email for
sending/replying to genuine mails.

Just an idea ;)

Cheers,
Tony

On 10/11/2016, Alex Ngatia via skunkworks <skunkworks@lists.my.co.ke> wrote:
> Hi guys,
>
> In light of recent ransom ware attacks an interesting read on the issue:
>
>
> http://www.symantec.com/content/en/us/enterprise/media/security_response/
> whitepapers/ISTR2016_Ransomware_and_Businesses.pdf
>
> The spammers/hackers have gone a step further and I now get suspicious
> emails containing zip and doc files from African names.
>
> Regards,
>
> Alex
>

--
Tony White

_______________________________________________
skunkworks mailing list
skunkworks@lists.my.co.ke
------------
List info, subscribe/unsubscribe
http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks
------------

Skunkworks Rules
http://my.co.ke/phpbb/viewtopic.php?f=24&t=94
------------
Other services @ http://my.co.ke

Regards,
David