Filters not working very well?

I am seeing quite a bit more email getting blocked downstream from Comodo.
“Scanned image from MX-2600N VBS/Schopets.A”

Used to get 2 or 3 of these a week. Now getting them 1 or 2 a minute.
What happened?


OK, contacted support and got a quick reply asking for some headers. Sent same and, shortly thereafter, the stuff stopped and went back to normal. Kudos to ASG.
Thank you,

Lou, that’s a phishing campaign spreading Locky Malware. Do you say you get the emails in your inbox? or blocked?

For more info, you can check our weekly Threat Intelligence update video ( IKarus is last week’s campaign and Scanned image is this week’s, but practically same group, sending same malware. There is also a publication about it:

No, these were emails that were caught and blocked downstream. I suspect that something changed when the new server was activated… After my report to support, things went back to normal. I have 2 more AV services before the mail hits our users.