We are seeing a large increase in password protected .DOC file attachments containing macro virus making it through CPL. ATP, and ESG.
All of them contain the password to open the attachment in the body of the email "for security reasons"
Is there any way to detect and block (or at lease quarantine) these emails?
We already quarantine password protected archives, but these are making it through.