PlatformAnalysis APIDocsGitHubContact
Log in

Control
your email environment

name:

HTML smuggling via attachment

severity:

high

source:

| type.inbound and any(attachments, .file_extension in~ ('html', 'htm') and any(binexplode(.), any(.scan.javascript.identifiers, . == "unescape") ) )

actions:

alert:

tines

block:

quarantine

tags:

- "Suspicious attachment"

- "HTML smuggling"

Modern email security is a one-size-fits-all black box. The same phishing attacks continue to land, and the same legitimate emails continue to get blocked.

Sublime

lets you write and run custom detection and response rules to

block phishing attacks, hunt for threats, and more.

Learn more

Rule

Message

name:

HTML smuggling via attachment

severity:

high

source:

| type.inbound and any(attachments, .file_extension in~ ('html', 'htm') and any(binexplode(.), any(.scan.javascript.identifiers, . == "unescape") ) )

actions:

alert:

tines

block:

quarantine

tags:

- "Suspicious attachment"

- "HTML smuggling"

Free and self-hostable

Run the full Sublime Platform without sending any sensitive email data outside of your environment.

Open-source rules

Use any of the open-source community rules, or write and share your own.

Block

Write sophisticated rules to block and detect phishing attacks. Operationalize threat intel from any source.

Hunt

Identify and remediate campaigns using behavioral patterns and historical message search. Detect malicious forwarding rules.

© 2022. Sublime Security, Inc.

TermsPrivacySecurityDisclosureEmailRep