Lately we received e-mail with html attachment. First thought - nothing special just fake payment (invoice) notification.
Message didn't have any "executable" attachment. No malicous links inside.
Attachment (html file) did not make any remote connections (sandbox analysis). In html file there was a link to ...file but file was inside that html.
After searching the information about content (html code) I found that html files can contain small embedded files (Data URLs).
Knowing the construction of the URL it was simple to decode base64 text.
In embedded file there was a zip file with vbe script.
Can SMG look inside the html file and block those e-mails based on policy "delete executable files violations" or similar verdicts (suspect attachment(s))?
Regards,
Tomasz