One of my clients just got hit with the latest and greatest crypto-locker variant which has the very cute name of "Locky" and is very effective. It does the same thing as previous iterations and more. It attacks more file types, and it will attack network shares, even UNCs. Yes. Which it did, but luckily didn't get too far, not sure why yet. It also will attempt to kill any shadow copies used by VSS in order to prevent restore from shadow copy.
I grabbed a copy of the malicious code from the message archive and have it sitting on my desktop. Avast doesn't consider it a virus either. Seems that until one executes the code, most AV has nothing to say about it.
So, at the server, I can't really block all zip attachments but is there away to have SmarterMail look inside the zip and if a file extension which is on the block list is detected, then block it? What security settings do other admins use at mail server to reduce these exploits from getting through?