Detect inbound emails containing PDF attachments whose PDF metadata indicates Canva as the producer and an author field containing '@proton.me'. This pattern can indicate misuse of mainstream design tooling in conjunction with privacy-focused email services, potentially for BEC, credential phishing, or other abuse. The detection uses Exif data parsing on PDFs and file analysis of attachments, triggered when a message contains a PDF with those metadata conditions.