This rule aims to detect malicious attachments that solicit users to enable macros, a common tactic used in malware distribution. It recursively scans files and archives while checking for documents that contain specific phrases urging the user to enable macros, including instances where such text may appear in embedded images. The rule captures various file types, particularly those with extensions commonly associated with macros and other archives, and also considers files that are of unknown type but meet certain criteria, such as being smaller than 100 MB and having a generic content type. Additionally, the rule incorporates sender profile analysis to filter out solicited messages and flag potential threats that may originate from senders with a history of malicious or spammy behavior, enhancing its detection capabilities by excluding known false positives.