As for ClamAV out of the box we weren't catching much of anything, but after adding in the signatures from Sanescurity.net and Securiteinfo.com (usage instructions for the former are at http://sanesecurity.com/usage/signatures/ and if I remember correctly you have to sign-up for the later at https://www.securiteinfo.com/services/improve-detection-rate-of-zero-day-malwares-for-clamav.shtml) we now catch the lion's share of viruses and the attachments that get through that contain bad juju are very rare.

 

(See the threads from Joe Wolf at https://portal.smartertools.com/community/a86419/sm-14-clamsup-problems-and-how-to-fix-them-temporarily-at-least.aspx and https://portal.smartertools.com/community/a2583/how-to-greatly-improve-clamav-even-zero-hour-style-protection-for-free.aspx for more information on getting more effectiveness out of ClamAV).

 

Also don't hesitate to be heavy-handed with your Incoming Attachment Blocklist (SETTINGS > GENERAL > ATTACHMENTS). At a minimum you should set this to match GMail's (https://support.google.com/mail/answer/6590?hl=en) although we have expanded our own list to 80 more file-types to a grand total of 117 that are blocked. With the proliferation of File Sharing services (and the File Storage function in Smartermail) it wouldn't be entirely unreasonable to block even the more common file types such as .xls and .doc in email (depending on your user's expectations, needs, and requirements).

 

We still advise users to run an AV program on their device and keep it updated regularly, never open unsolicited attachments from an unrecognized sender, yadda-yadda-yadda, etc., but stopping the bad attachments before they get to their Inbox is still the best defense.