This rule detects potentially malicious content within SVG files that might be used as vectors for smuggling and executing JavaScript code. The presence of embedded JavaScript in SVG files poses a significant threat, as it can lead to various attack types, including malware and ransomware. The detection logic focuses on analyzing SVG files and archives containing SVG files for specific patterns and keywords associated with JavaScript execution, such as 'onload', 'window.location.href', 'onerror', and similar script-related strings. The rule implements both string matching and regex analysis on parsed text from files, alongside base64 scan checks to identify any obfuscated payloads within the SVG content. By utilizing file extensions and MIME types, the rule further ensures comprehensive analysis of relevant file types to mitigate the risks posed by the embedded scripts in SVGs. This high-severity rule is crucial for preventing malicious downloads and execution resulting from such attachments.