We receive many encrypted attachments that are legit, but also an increasing number that are viruses. And we can't block all encrypted attachments because we need to receive the important ones. So we have configured the malware policy to hold all e-mails with encrypted attachments to the Spam Quarantine, and we have to check and release the "good" e-mails manually from the Quarantine every day. This makes us a lot of stupid work.
The Reputation-List ("Local Good Sender Domain") will not work to bypass the malware scanning.
It is possible to make an improvement here? In Example, move the "encrypted Attachments"-Rule from the "Malware"-tab to the "Content"-tab, so I can create a Dictionary with "good" senders which the "encrypted"-Rule can be skipped?
Best Regards
Rolf