Hello,
Last days I have some problem with a pattern which looks like this
UEsDBBQABgAIAAAAIQB+OOx6hwEAAK0FAAATAAgCW0NvbnRlbnRfVHlwZXNdLnhtbCCiBAIooAAC
It's a .docm attachment, it does contain a malicious macro. The problem is the "+" in the middle of the pattern. If I try to block the hole pattern the server(SME 9.1) it won't. As a result only the characters before the "+" will work, and .xlsx files would be blocked too.
Any ideea?