Forum Discussion

Phraramond's avatar
Phraramond
Copper Contributor
Mar 26, 2021

Security & Compliance Malware Quarantine HTM attachments Nameless.htm

We have a Malware policy to block incoming htm and html attachments, just recently we have started to see incoming emails blocked because of an attachment called Nameless.htm.

 

Examples

 

It looks like this might be something that is being created by Office 365, Exchange Online when an email has a MS Word document attached to. These Word documents can be either type; .doc or docx. The source of these emails are both local applications and Web Apps.

 

Is anyone seeing something similar? Web searched have just three results for namless.htm.

 

 

 

 

 

  • HomerJones's avatar
    HomerJones
    Copper Contributor

    Phraramond I believe one instance where this issue happens when the sender is using Apple Mail.  If they place their attachments In-line (In the middle of their text) the text after the attachment will be sent as an htm attachment.  If they have images in their signature, that can cause issues also.

     

    I don't own any Apple products to test, but from my research the Apple mail sender can select Edit > Attachments > Always Send Windows-Friendly Attachments; and Always Insert Attachments at the End of Message.

     

    Good luck trying to get an Apple user to alter their email attachment behavior to work with what they consider an inferior system (Anything not Apple). They do not care and they will find another company to do business with that doesn't block their emails. (Until that company gets ransomware, that is.)

     

    I have raised a ticket with Microsoft (Which they closed without resolution.) to work with Apple to get this sorted out.  We can't have htm, html, or eml attachments in this day and age.  We need this issue to get addressed.

  • YannUX's avatar
    YannUX
    Copper Contributor

    Phraramond 

     

    Hello,

    We have exactly the same behavior and filtering problem with ghost HTML attachments (nameless.htm) added to others attached documents.
    It looks the same for PNG, PDF files etc: it seems to depends on the sender

    Have you found a solution ?


    Regards

    Yann+

    • LeiLei0815's avatar
      LeiLei0815
      Copper Contributor
      ms: please give us an answer!
      Contacting your 365-Support-Team was a waste of time.
  • AshwinPai's avatar
    AshwinPai
    Copper Contributor

    Not sure if this is still an issue ,we resolved it & I thought I would share the solution

    We encountered this issue in Feb of 2023.

    1. Do not add .htm & html to the list of files in malware filter.

    2. Create a transport rule as shown below.

    Works like a charm

    • bumpyballs's avatar
      bumpyballs
      Copper Contributor

      AshwinPai 

       

      I wouldn't recommend doing this. How long do you think it will take for bad guys to figure this out and start naming their malicious attachments "Nameless.htm"?

      • AshwinPai's avatar
        AshwinPai
        Copper Contributor

        bumpyballs 

        Agreed , but I cannot see what else to do. MS and Apple are both saying it is the others problem.

        This at least stops many

Resources