From b9ba7a256fae6083e8c5752277bf811cd1b1a191 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Rapha=C3=ABl=20Vinot?= <raphael@vinot.info>
Date: Thu, 18 Jul 2019 16:12:44 +0200
Subject: [PATCH] fix: Buggy decode, the email was added twice

---
 mail2misp/mail2misp.py         | 5 ++---
 mail_to_misp_config.py-example | 2 ++
 tests/config_spamtrap.py       | 2 ++
 3 files changed, 6 insertions(+), 3 deletions(-)

diff --git a/mail2misp/mail2misp.py b/mail2misp/mail2misp.py
index f6557ed..a5ba335 100644
--- a/mail2misp/mail2misp.py
+++ b/mail2misp/mail2misp.py
@@ -175,7 +175,6 @@ class Mail2MISP():
     def process_body_iocs(self, email_object=None):
         if email_object:
             body = html.unescape(email_object.email.get_body(preferencelist=('html', 'plain')).get_payload(decode=True).decode('utf8', 'surrogateescape'))
-            self.misp_event.add_object(email_object)
         else:
             body = self.clean_email_body
 
@@ -255,7 +254,7 @@ class Mail2MISP():
             if self.debug:
                 syslog.syslog(domainname)
 
-            if domainname.decode('utf-8') in self.config.internallist:  # Add link to internal reference
+            if domainname in self.config.internallist:  # Add link to internal reference
                 attribute = self.misp_event.add_attribute('link', entry, category='Internal reference',
                                                           to_ids=False, enforceWarninglist=False)
                 if email_object:
@@ -371,7 +370,7 @@ class Mail2MISP():
 
         if self.offline:
             return self.misp_event.to_json()
-        event = self.misp.add_event(self.misp_event)
+        event = self.misp.add_event(self.misp_event, pythonify=True)
         if self.config.sighting:
             for value, source in self.sightings_to_add:
                 self.sighting(value, source)
diff --git a/mail_to_misp_config.py-example b/mail_to_misp_config.py-example
index 3c7096b..b4f9801 100644
--- a/mail_to_misp_config.py-example
+++ b/mail_to_misp_config.py-example
@@ -76,3 +76,5 @@ hash_only_tags = {'TODO:VT-ENRICHMENT'}
 
 # If an attribute is on any MISP server side `warning list`, skip the creation of the attribute
 skip_item_on_warninglist = True
+
+vt_key = None
diff --git a/tests/config_spamtrap.py b/tests/config_spamtrap.py
index 8f5dad4..d76aac6 100644
--- a/tests/config_spamtrap.py
+++ b/tests/config_spamtrap.py
@@ -75,3 +75,5 @@ hash_only_tags = {'TODO:VT-ENRICHMENT'}
 
 # If an attribute is on any MISP server side `warning list`, skip the creation of the attribute
 skip_item_on_warninglist = True
+
+vt_key = None