[Intelmq-users] Long filenames and Generic Mail Attachment Fetcher
Patrick Forsberg
fors at cert.sunet.se
Fri Feb 28 10:31:32 CET 2020
Hi,
I'm pretty sure some of you (at least Sebastian) is aware of this, but there is currently a problem with the intelmq.bots.collectors.mail.collector_mail_attach and attachments with long filenames.
The error is not in the bot itself, but in the underlying imbox library that doesn't handle long filenames spread over multiple "filename*=" lines in Content-Disposition.
The end result is that some attachments will probably fail to be extracted and it will look similar to the following line in the Collector log.
Shadowserver-Mail-Attachment-Fetcher-Collector - INFO - Attachment sv.zip didn't match regex.
There is a non merged pull request in the imbox Git repository to handle this but it hasn't been merged with the main repo.
The solution is to patch imbox/parser.py
I've attached my patch against the pip3 version of imbox (slightly different to the umerged Git pull request)
Regards,
Patrick Forsberg
SUNET CERT
-------------- next part --------------
A non-text attachment was scrubbed...
Name: parser.py.patch
Type: text/x-patch
Size: 1227 bytes
Desc: not available
URL: <http://lists.cert.at/pipermail/intelmq-users/attachments/20200228/46665bc4/attachment.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: OpenPGP digital signature
URL: <http://lists.cert.at/pipermail/intelmq-users/attachments/20200228/46665bc4/attachment.sig>
More information about the Intelmq-users
mailing list