Hi, It's been a while since I've seen a password-protected zip or PDF, but I got one today that wasn't tagged and was hoping someone might have some ideas. https://pastebin.com/msPCQHyD
I've created some basic body and attachment rules, but would be interested in hearing thoughts (either directly or using the above to improve your own rules) from others about how to block them. At the least, it should have been identified by clamav. Thanks, Alex
