The HTML Threat Engine 

Introduction to the HTML Threat Engine 

The  HTML  threat  engine  (previously  called  email  threat  engine)  is 

designed  to  analyze  HTML  emails  for  potential  threats  and  defuse 

them.  

The HTML threat engine basically analyses inbound HTML e mail for 

HTML scripts. As soon as it finds an HTML script, it disables the script 

by replacing the script with placeholders. The effect of this is that the 

mail can still be sent to the recipient, and the recipient can read the e 

mail as usual, including formatting and images, but the e mail is totally 

harmless. 

This  HTML  defusing  is  an  automatic  process  and  happens  without 

administrator intervention. The HTML defusing process is patented by 

GFI Software Ltd. 

Why defuse HTML scripts? 

The introduction of HTML mail has allowed senders to include scripts 

in email that can be triggered automatically upon opening mail. HTML 

scripts  are  used  in a  number  of  headline  hitting  viruses, such  as  the 

KAK worm. Also HTML scripts can be used in one off attacks directed 

towards particular users and particular companies. 

So  it's  recommended  that  you  disable  HTML  scripts  in  e mail.  The 

HTML script defuser is an easy way to do this. 

The HTML Threat Engine 

 63