Sometimes, spammers and malware writers create malware that passes through our service and arrives in customer inboxes. This is known as zero-day malware. The anti-malware engines that we use have not yet created signatures for them, and sometimes the spam rules do not catch them because the small amount of content has nothing for the spam rules to detect without causing false positives.
One solution to block this is to use an Exchange Transport Rule to block executable content. This will catch malware that uses commonly used malware mechanisms – content that executes automatically.
The above instructions will help catch zero-day malware. However, they should not be considered the definitive solution: