Effective Saturday, May 25th, antivirus signatures were updated in the SpamTitan filter to protect against a new potential virus known as Win.Exploit.CVE_2019_0903-6966169-0. This virus exploits a Windows vulnerability that allows for remote code execution, allowing for the virus to remotely execute programs such as ransomware on any current version of Windows. One major vector for viruses of this nature are PDF files, as well as macro-enabled Word and Excel documents and Trojan Horses.

The Windows exploit currently does not have any patches or fixes, so it does pose a significant threat to all users.  Following the introduction of the new antivirus signature, SpamTitan appears to be aggressively blocking PDF attachments in particular. Some customers may find the blocks too aggressive. While it is not recommended, our support team is able to modify the block rule for individual domains or users to simply tag emails with suspected virus attachments rather than blocking them. If you would like to have this change made, please contact our support team.