fix: do not attach the full email by default unless spamtrap mode

2018-05-11 11:33:58 -04:00 · 2018-05-11 11:33:58 -04:00 · 3003730156
parent 9d7e992219
commit 3003730156
2 changed files with 4 additions and 2 deletions
--- a/mail_to_misp.py
+++ b/mail_to_misp.py
@ -40,6 +40,7 @@ class Mail2MISP():
        self.misp = PyMISP(misp_url, misp_key, verifycert, debug=config.debug)
        self.config = config
        self.debug = self.config.debug
+        self.config_from_email_body = {}
        # Init Faup
        self.f = Faup()

@ -123,7 +124,8 @@ class Mail2MISP():
                        self.misp_event.add_object(section)
                email_object.add_reference(f_object.uuid, 'related-to', 'Email attachment')
        self.process_body_iocs(email_object)
-        self.misp_event.add_object(email_object)
+        if self.config.spamtrap or self.config.attach_original_mail or self.config_from_email_body.get('attach_original_mail'):
+            self.misp_event.add_object(email_object)
        return email_object

    def process_email_body(self):
--- a/mail_to_misp_config.py-example
+++ b/mail_to_misp_config.py-example
@ -14,7 +14,7 @@ m2m_benign_attachment_keyword = 'benign'
 debug = False
 nameservers = ['149.13.33.69']
 email_subject_prefix = 'M2M'
-attach_original_mail = True
+attach_original_mail = False

 excludelist = ('google.com', 'microsoft.com')
 externallist = ('virustotal.com', 'malwr.com', 'hybrid-analysis.com', 'emergingthreats.net')