A low-level trend has been identified where an email containing very little content and an HTML file attachment is delivered to the recipient. These HTML files are malware and zero day. This article describes how to create a Message Rule that will block this type of email message.
- Navigate to Products, Email Security and then Message Rules. Click the + button to create a new rule.
- Enter a name for the Rule e.g “HTML Attachments”
- Add the Direction condition and set to Inbound.
- Add the Attachment Name condition and select HTML attachments.
- Add the Sender in List condition and select Does Not Match -> All Safelists
- Add the Add to Virus Score action and set the value to 123.
The rule should look like this:
- Move or drag the rule above the Confirmed Spam and Possible Spam rules so that it triggers first.
Additional conditions can be used, for example recipient notification or a custom rule data exclusion list. Legitimate HTML files are rarely sent in emails these days, but there could be false positives as this rule will automatically exclude the safelist. It is expected that you may need to adjust the rule to suit your company’s requirements.
Please do report any HTML file based emails to firstname.lastname@example.org for analysis and inclusion in the virus heuristics and definitions.
Should you require additional help in configuring a rule to your requirements please contact your Service Provider.