Malware & Payload Attacks

What is malware in email? What are common email-based malware types (Trojans, ransomware, worms)? What is a malicious attachment? What are macro-enabled document attacks? What are ZIP or ISO attachment attacks? What is a drive-by download? How do attackers use compressed files to evade filters? How do antivirus engines scan emails? What’s the difference between attachment scanning and link scanning? What are sandbox environments for email? How do security gateways neutralize payloads? What is a phishing link that drops malware? How does URL reputation protect against malware links? What is SPF/DKIM’s role (or lack thereof) in malware detection? How does quarantine differ from deletion?