From 7e65e5dfaf319933bb4028e4a56894079f9d6e1d Mon Sep 17 00:00:00 2001
From: seamus tuohy <code@seamustuohy.com>
Date: Sat, 19 Dec 2020 17:03:26 -0500
Subject: [PATCH] Updated for support for msg format.

Adding first class support for Emails in .msg format to the email definition.
This includes making the  attribute support multiple bodies. Msg formats
nearly always have at least 2, if not 3, versions of the body (plain text, rtf, html).
---
 objects/email/definition.json | 12 ++++++++++--
 1 file changed, 10 insertions(+), 2 deletions(-)

diff --git a/objects/email/definition.json b/objects/email/definition.json
index 30191bd..15f0899 100644
--- a/objects/email/definition.json
+++ b/objects/email/definition.json
@@ -26,6 +26,7 @@
       "description": "Body of the email",
       "disable_correlation": true,
       "misp-attribute": "email-body",
+      "multiple": true,
       "ui-priority": 1
     },
     "eml": {
@@ -34,6 +35,12 @@
       "misp-attribute": "attachment",
       "ui-priority": 1
     },
+    "msg": {
+      "description": "Full MSG",
+      "disable_correlation": true,
+      "misp-attribute": "attachment",
+      "ui-priority": 1
+    },
     "from": {
       "categories": [
         "Payload delivery"
@@ -204,8 +211,9 @@
     "x-mailer",
     "return-path",
     "email-body",
-    "eml"
+    "eml",
+    "msg"
   ],
   "uuid": "a0c666e0-fc65-4be8-b48f-3423d788b552",
   "version": 15
-}
\ No newline at end of file
+}