[Test Rules] [PR #4690] modified rule: Impersonation: Legal firm with copyright infringement notice

Author: github-actions[bot]

detection-rules/4690_impersonation_fake_copyright_infringement_notice_from_unsolicited_sender.yml

@@ -6,7 +6,9 @@ source: |
   type.inbound
   and length(body.previous_threads) == 0
   and length(body.current_thread.text) < 5000
-  and length(body.links) < 10
+  and (
+    0 < length(body.links) < 10 or beta.scan_qr(file.message_screenshot()).found
+  )
   
   // common strings in subject or base
   and (
@@ -154,4 +156,4 @@ detection_methods:
 id: "01580fe8-324f-5aba-ac91-27a5dffed750"
 og_id: "85bf58f6-3891-56ea-ae0a-d88073ade20f"
 testing_pr: 4690
-testing_sha: 84936f97ce19c17adbc36ae285c20698fcc0436c
+testing_sha: 61501f1a10baa0f0cb48ba35813ec4d7db104528