This detection rule identifies potentially malicious emails containing links to 'avast.com' that exploit an open redirect vulnerability. The rule specifically checks if any links in the email body point to 'avast.com' and include the query parameter 'DisplayRedirectCustomPage'. It also verifies that the email sender does not belong to 'avast.com', thereby flagging emails from external sources trying to exploit open redirects to lead recipients to phishing or malicious pages. Additional checks are made to determine if the email was solicited and if previous messages from the sender have been flagged as malicious or spam while ensuring there have been no false positives. The focus on open redirect exploits highlights the growing concern for credential phishing and malware distribution tactics, allowing security teams to proactively mitigate risks.