In recent days we have been seeing a significant increase in malware that relies on macros in Word, Excel, and other Office document files.  When the file is opened and the macro is allowed to run by the user, JavaScript code is executed that downloads harmful malware such as the Locky virus.  As part of our ongoing work to block these and other emerging threats via use of multiple techniques, we will be making a configuration change in our service, by which we will by default categorize as spam all Office documents that contain macros.   Likewise, messages with attachments that include JavaScript code will be categorized as spam by default.  These changes will be effective on Wednesday, March 16.   Customers who desire a less aggressive configuration (or a more aggressive configuration by which the same messages are treated as viruses by default rather than as spam), can change this setting in the Management > Inbound Filtering > Additional Blocking Rules > Attachment Types section of the control panel.

Thanks for your attention.