This week we've discovered some Mails with a nasty method how to sneak throught Email Gateway filters:
Mails come in pretending to have an embedded excel Spreadsheet hiding behind an excel icon graphic.
Here's an excerpt of the source code within the html file:
Unescaping the Codesequence reveals a Phishing Site on this case.
If these mails manage to get pass the Antispam and Reputationfilters, and You have no Webgateway or Advanced Threat Defense, You're may be doomed.
PS: Did some enhanced Testing on this. One solution can be to filter HTML attachments by Filetype. HTML Email Content is not affected on this, only attachments.
I might be a day late and a dollar short on this one, but... If you create a custom compliance dictionary that applies to everything and contains the strings "<script" and/or "</script>", and then add that dictionary to the "Spam Terms" component of the anti-spam settings for your inbound mail rule, wouldn't that help stop these? That should block anything inbound that appears to contain a script. (Unless you actually do need to receive some messages containing scripts.)