I've set up the filters for executables and ".zip.exe" modifications, and that has helped. It is just like the rest, though. It changes constantly and you are constantly having to edit your kill list.
User education only goes so far, as well. Today we had a -person- ask about a very cheezily written Peoples Bank phishing email. C'mon, this dude is a PhD and has been informed weekly by IT about phishing scams and he brings in this piece of junk and has to ask if it is a scam.
Go figure.
