Our school is getting quite a lot of ransomware emails. They come is a zip file. So far only one user has opened one (thank goodness for backups). The client anitivirus (SEP12) doesn't seem to catch it wuick enough. Our mail is "washed" before coming to use but they are still managing to get in. I was wondering if there is anything I can do at the GWIA end to drop the messages. I don't want to bounce them as such, the subject or attachment name will just then be changed. Does anyone have a strategy for dealing with these?