This rule detects email attachments that contain OLE (Object Linking and Embedding) external relationships leading to executable file types, which are significant red flags for potential malware distribution. The rule targets various suspicious file extensions and common archive formats, ensuring comprehensive coverage against malicious attachments. The detection criteria include checks on the file's extension, type, content type, and size, alongside evaluating the OLE relationships within the file. Specifically, it examines the relationship's target URL scheme and employs regex to identify known executable file extensions. Additionally, the rule incorporates sender profiling to minimize false positives by corroborating whether the sender has a history of malicious or spam messages. The overall aim is to avert the initiation and execution of malware by intercepting potentially harmful attachments before any action can be taken by the recipient.