How to classify E-Mails with *.html or *.htm attachments as spam?

And they are all obfuscated JavaScript, aren't they?

Sadly the first thing you need to look for are the number of mails with HTML attachment that aren't phishes. I would be surprised if the figure is really as low as 1%. It may seem silly to send legitimate mail with HTML attachments in a world where very few mail clients cannot handle HTML message bodies, but there are reasons for doing so. PDF support is not universal and you would also get in trouble for assuming that any image format is universally acceptable or that plain text is going to be displayed in a non-proportional font.

Armed with this list, you may discover that the X% of your HTML attachment senders who are legitimate are regular repeat senders whom you can exempt from a rule sending the rest to the hosted quarantine. That is more for small tenants rather than large ones with extremely diverse inflows.

Where that is not an option, you might discover that it's very rare for freemailer accounts to send legitimate HTML attachments. You can then have a rule to send mail from their domains to the hosted quarantine if it has an HTML attachment.

Finally, you might find that some of the more obscure formats such as SHTML are never used legitimately. If that is the case they can be added to your common attachment types filter.