Email Deliveries - Blocked by Virus Scanners

The Problem: Emails being blocked by “false positives” from email virus scanners.

Affects: Trend Micro (and possibly other) email filter systems, when receiving emails with Microsoft Word attachments.

Win.Exploit.CVE_2016_3316-1 email filter false positives

On August 10 our Docmosis Cloud monitoring system started receiving alerts that some email deliveries from our Cloud service were being blocked.

The most common reason we saw included:

  • “This message contains a virus or other harmful content (Win.Exploit.CVE_2016_3316-1)”

  • “rejected due to virus“

Diagnostics on our system confirmed:

  • no sign of a security issue with our Cloud services

  • no indication that the outbound delivery had been altered / compromised.

In discussions with one of our customers a manual email of a Word Document, that was known to have safe content, was emailed to one of the affected destinations. It was also rejected as having unsafe content. This confirmed our suspicion that a false-positive was the root cause.

The Solution: Contact your email provider to ensure they are correcting the fault with email/virus filters.

Within 24 hours we could find other references to the issue:


    “We have at least two users this morning that can't send Word documents through email “


    “August 2016 - Microsoft Releases 9 Security Advisories”

So it appears that a Microsoft security update is the root cause.


Tags : Email, False Positive, Virus, Win_Exploit_CVE_2016_3316-1 Author : Paul Jowett