efa-project.org

In my situation I have blocked .doc and .docm files but allow .docx and it's been like this for years. Lately I have a user that is being sent a lot of legitimate .doc attachments and I'm having to chase them down and release them almost daily. I'm looking for a way to either allow .doc attachments just to him or either put the file blocking after the whitelist so that I can whitelist messages from certain outsiders to him, if that makes sense. The very last option would be to send him an email when he gets a blocked message but I don't want to send all my users such emails. As administrator, I do get the emails on blocked files but I get them for everyone.

Also is the general consensus that .doc files should be blocked? I also block .zip files and every once in a while I'll check and see a lot of phishing and even spear phishing to our users that have malicious attachments of these types.

my opinion:

Unfortunately, it's too hard to block .doc files as we still get so many of them. If we could have a guaranteed way to detect macros in word documents, that would be best, but for various reasons (thanks Microsoft!), that's impossible.

I rely on the spam/antivirus/malware scanners to protect me from any bad documents, so I let them through.