From 30037301560c3e135fccf6b49a9ec5eb0ae8b1c8 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Rapha=C3=ABl=20Vinot?= Date: Fri, 11 May 2018 11:33:58 -0400 Subject: [PATCH] fix: do not attach the full email by default unless spamtrap mode --- mail_to_misp.py | 4 +++- mail_to_misp_config.py-example | 2 +- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/mail_to_misp.py b/mail_to_misp.py index a5b0793..fc8b71c 100755 --- a/mail_to_misp.py +++ b/mail_to_misp.py @@ -40,6 +40,7 @@ class Mail2MISP(): self.misp = PyMISP(misp_url, misp_key, verifycert, debug=config.debug) self.config = config self.debug = self.config.debug + self.config_from_email_body = {} # Init Faup self.f = Faup() @@ -123,7 +124,8 @@ class Mail2MISP(): self.misp_event.add_object(section) email_object.add_reference(f_object.uuid, 'related-to', 'Email attachment') self.process_body_iocs(email_object) - self.misp_event.add_object(email_object) + if self.config.spamtrap or self.config.attach_original_mail or self.config_from_email_body.get('attach_original_mail'): + self.misp_event.add_object(email_object) return email_object def process_email_body(self): diff --git a/mail_to_misp_config.py-example b/mail_to_misp_config.py-example index 916839f..5f972cb 100644 --- a/mail_to_misp_config.py-example +++ b/mail_to_misp_config.py-example @@ -14,7 +14,7 @@ m2m_benign_attachment_keyword = 'benign' debug = False nameservers = ['149.13.33.69'] email_subject_prefix = 'M2M' -attach_original_mail = True +attach_original_mail = False excludelist = ('google.com', 'microsoft.com') externallist = ('virustotal.com', 'malwr.com', 'hybrid-analysis.com', 'emergingthreats.net')