Recently one of my users I received a virus from an external sender. The virus was a VBScript macro in a Word Document. Usually the anti-malware filter would remove any suspicious attachments but in this case it left the attachment. However, when the user forwarded the email to an internal recipient the attachment was removed by the malware filtering policy.
I can not see a reason why this would happen. I had assumed it must have been a setting in the Malware filter policy but I can not see anything which would cause this.
Does anyone know why this might have happened and how I can stop it happening again?