When an email is quarantined due to malware on the sender's domain, Proofpoint may block that email to protect you from clicking the link to their website and being subject to a malware infection.  This typically happens when the website infected is in the sender's signature.


If you have received a message from Patriot IT Security as shown below, please follow the instructions listed:



Step 1: Please contact the recipient to inform them of the malware threat on their website. You can do so by phone or by email. 

Please note: If they respond to your email and the message contains a link to their website, you may not receive their reply. You may also want to inform them that this does not only affect mail sent to our organization. Other organizations they do business with that use Proofpoint, and possibly other email security tools, may not receive their emails either while the malware threat is present.


Step 2: Once the recipient confirms the malware threat has been cleared and Proofpoint now recognizes the threat as cleared, system processes should restore the formerly quarantined messages automatically.  Otherwise, if you need Patriot IT Security to validate that the threat has been cleared, please open a ticket with ITSIRT@patriotgis.com

Step 2a: If the recipient needs more information on the malware threat, please contact ITSIRT@patriotgis.com 


Step 3: Once the IT Security Team verifies the threat was remediated, all formerly quarantined messages within the last 30 days can and will be restored.