One of the primary vectors for downloaded malware are "downloader" scripts and macros. While these scripts are not in and of themselves malware, they provide a means by which malware is placed on the target system. One popular mechanism for these downloader scripts is via Javascript attachments to email messages. These attachments can be identified by Messaging Gateway (SMG) as follows.

1. Configure at attachment list for Javascript files
2. Configure a content fitlering (CF) rule to identify messages with these attachments and act on them

Setting up the Attachment List

1. Log into the SMG control center as an admin account with "Manage Policies" access
2. Open the Content -> Attachment Lists page
3. Click "Add"
4. Name the attachment list something meaningful like "Javascript"
5. Select the second radio button and add the "If the MIME-type contains javascript" attachment type rule
6. Select the second radio button and add the "If the MIME-type contains js" attachment type rule
7. Select the second radio button and add the "Extension is js" attachment type rule
8. Click "Save"

When complete your attachment list should appear as follows:

Configuring the CF Policy

1. Select the Content tab
2. Click "Add" to add a new policy
3. Select the Blank policy template
4. Give the policy a meaningful name like "Javascript: Quarantine"
5. Ensure that "Disable decomposition of files" is unchecked
6. Apply to "Inbound" messages
7. Select Any for the conditions to be met
8. Click Add under policy conditions
9. Select the "Attachment or Body Part" radio button
10. Select the "Is in attachment list" radio button
11. Select the new attachment list from the pulldown menu on the right
12. Click Add Condition
13. The policy condition should appear as follows
    
    
14. Under Actions click Add
15. Configure the desired policy action such as "Hold message in Spam Quarantine"
16. Select the desired policy groups to apply the CF rule to
17. Click Save
18. The final policy should appear as follows