Hi, I received an email that was tagged as spam for other reasons, but I'd like to write a rule that catches the attempt to present a ZIP as a PDF file.
href="https://securesite.fdsit.net/uu/Propuesta-estrategia.zip"; rel="noopener noreferrer" target=_blank><SPAN=20 style="TEXT-DECORATION: none; VERTICAL-ALIGN: bottom; COLOR= : rgb(17,85,204)" dir=ltr>Propuesta-estrategia.pdf</SPAN></A> How do I catch the variation in the URI description that differs from the URI itself? I've tried something like the following, but it's not right. uri _URI_ZIP_PDF m;https?://.{1,80}\.(zip|docx?).{0,40}\.pdf;i Full email here https://pastebin.com/NfSzv9Wa
