From cbf0c07b674a2a21a5e3ff5304241e41f80cbfa7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Rapha=C3=ABl=20Vinot?= Date: Thu, 2 Aug 2018 11:55:37 +0200 Subject: [PATCH] new: Allow to disable DNS lookups Fix #26 --- mail2misp/mail2misp.py | 23 ++++++++++++++--------- 1 file changed, 14 insertions(+), 9 deletions(-) diff --git a/mail2misp/mail2misp.py b/mail2misp/mail2misp.py index 9d651d8..e569297 100644 --- a/mail2misp/mail2misp.py +++ b/mail2misp/mail2misp.py @@ -14,7 +14,11 @@ from pyfaup.faup import Faup from pymisp import PyMISP, MISPEvent, MISPObject, MISPSighting from pymisp.tools import EMailObject, make_binary_objects from defang import refang -import dns.resolver +try: + import dns.resolver + HAS_DNS = True +except ImportError: + HAS_DNS = False def is_ip(address): @@ -299,15 +303,16 @@ class Mail2MISP(): email_object.add_reference(attribute.uuid, 'contains') else: related_ips = [] - try: - syslog.syslog(hostname) - for rdata in dns.resolver.query(hostname, 'A'): + if HAS_DNS and self.config.enable_dns: + try: + syslog.syslog(hostname) + for rdata in dns.resolver.query(hostname, 'A'): + if self.debug: + syslog.syslog(str(rdata)) + related_ips.append(rdata.to_text()) + except Exception as e: if self.debug: - syslog.syslog(str(rdata)) - related_ips.append(rdata.to_text()) - except Exception as e: - if self.debug: - syslog.syslog(str(e)) + syslog.syslog(str(e)) if related_ips: hip = MISPObject(name='ip-port')