Showing results for 
Search instead for 
Did you mean: 
Level 9

Problem with embedded and encoded Javascripts

Hi all

This week we've discovered some Mails with a nasty method how to sneak throught Email Gateway filters:

Mails come in pretending to have an embedded excel Spreadsheet hiding behind an excel icon graphic.

Behind that there is attached html-file that contains an embedded and encoded Javascript.


Here's an excerpt of the source code within the html file:


The Emailgateway does not detect any Javascript by filetype here, as it is a html/txt Document, and shows no offending code on the first glimpse.

Unescaping the Codesequence reveals a Phishing Site on this case.

In my opinion this is the prestep of the next Malware wave as this bypasses AV-Engine and Javascript Filetype detection.

If these mails manage to get pass the Antispam and Reputationfilters, and You have no Webgateway or Advanced Threat Defense, You're may be doomed.

Best Regards,


PS: Did some enhanced Testing on this. One solution can be to filter HTML attachments by Filetype. HTML Email Content is not affected on this, only attachments.

0 Kudos
1 Reply
Level 10

Re: Problem with embedded and encoded Javascripts

I might be a day late and a dollar short on this one, but...  If you create a custom compliance dictionary that applies to everything and contains the strings "<script" and/or "</script>", and then add that dictionary to the "Spam Terms" component of the anti-spam settings for your inbound mail rule, wouldn't that help stop these?  That should block anything inbound that appears to contain a script.  (Unless you actually do need to receive some messages containing scripts.)

0 Kudos