Even with "Check attachment files" set to No, html files (e.g. subsilver2/template/breadcrumbs.html) which contain the <table></table> tags will be rejected as attachments with the message "The upload was rejected because the uploaded file was identified as a possible attack vector."
There may be other tags that will produce this, but all html files tested without those tags upload OK. EDIT - it is those tags listed in the config table in mime_triggers.
EDIT - further discussion reveals that this is caused by the fix for this - http://tracker.phpbb.com/browse/PHPBB3-9764 such that when check_attachment_contents is set to No, $disallowed_content is overwritten with mime_triggers anyway.
A workaround is to delete the tags not wanted as triggers from mime_triggers, purge the cache, and set Check attachment files to Yes in Attachment settings.