The HTML Threat Engine

The HTML Threat Engine

Introduction to the HTML Threat Engine

The HTML threat engine (previously called email threat engine) is designed to analyze HTML emails for potential threats and defuse them.

The HTML threat engine basically analyses inbound HTML e-mail for HTML scripts. As soon as it finds an HTML script, it disables the script by replacing the script with placeholders. The effect of this is that the mail can still be sent to the recipient, and the recipient can read the e-mail as usual, including formatting and images, but the e-mail is totally harmless.

This HTML defusing is an automatic process and happens without administrator intervention. The HTML defusing process is patented by GFI Software Ltd.

Why defuse HTML scripts?

The introduction of HTML mail has allowed senders to include scripts in email that can be triggered automatically upon opening mail. HTML scripts are used in a number of headline hitting viruses, such as the KAK worm. Also HTML scripts can be used in one-off attacks directed towards particular users and particular companies.

So it's recommended that you disable HTML scripts in e-mail. The HTML script defuser is an easy way to do this.

© 2009. All rights reserved. GFI Software	Home Products Download Trials Support Ordering Site Map About Us Contact us
GFI solutions: exchange anti spam filter - exchange anti virus - isa server - network vulnerability scanner - event log management - usb security software - exchange archiving - fax server software