This detection rule identifies unsolicited email attachments containing unscannable encrypted ZIP files, which can be a vector for malware or ransomware. The rule works by recursively scanning files and examining attachments within inbound emails. It specifically looks for ZIP files identified as encrypted based on YARA rule signatures, which do not have cracked passwords. If the sender is deemed unsolicited, or if there is a history of malicious or spam messages without false positives, the alert is triggered. This mechanism is crucial for preventing potential threats embedded within encrypted archives that users may inadvertently open.