Hi Ian, I understand the stance on now allowing whitelists for malware but macros aren't always malware. Our customers are some of the biggest companies in the world and they still send documents with macros in them. If we turn off the protection we leave ourselves open to people running malicious macros and causing damage.
Anti-virus doesn't know the difference, so it's no use blocking macros with that, and we'd just run into the same issue of customer documents not opening.
If there's no whitelist then we need another solution to allow messages with macros through from certain domains/senders.
This is really hurting us at the moment. We get so much other bitdefender hits that turning on notifications would be pointless. Either adding a whitelist for macro checking or breaking macro checking out into its own engine with a whitelist would be really useful.
Sending malicious macros has come back into fashion again, so we've had to turn on the blocking feature. The customer in this case is too big to care, so my team is having to check the logs every few hours to make sure we don't miss any important emails.
This is the kind of issue that if not resolved soon, will force me to look fo replace GFI with something else.
For this particular scenario we suggest to use the Reporting feature as this can give you insight on the entire mailflow in the organization (all multi-servers)
Being able to release emails for a distribution group you are a member of is desperately needed.