Detects inbound SVG attachments that hide malicious URLs using three or more consecutive HTML numeric entity references in href attributes. This technique, commonly called HTML smuggling or entity encoding evasion, aims to bypass simple content scanners. The rule flags attachments when the file is SVG (by extension, mime type image/svg+xml, or file type svg), and the parsed text (tried with ASCII, UTF-8, and UTF-16-LE) contains an href value beginning with three or more numeric entities. It relies on file analysis and content analysis to identify obfuscated links which could deliver malware or facilitate credential phishing. Severity is medium. Use with other email security controls and inspect decoded hrefs in sandbox environments.