[Intelmq-users] Long filenames and Generic Mail Attachment Fetcher
L. Aaron Kaplan
kaplan at cert.at
Fri Feb 28 12:09:45 CET 2020
Thanks Patrick for sharing this!
> On 28.02.2020, at 10:31, Patrick Forsberg <fors at cert.sunet.se> wrote:
>
> Signed PGP part
> Hi,
>
> I'm pretty sure some of you (at least Sebastian) is aware of this, but there is currently a problem with the intelmq.bots.collectors.mail.collector_mail_attach and attachments with long filenames.
> The error is not in the bot itself, but in the underlying imbox library that doesn't handle long filenames spread over multiple "filename*=" lines in Content-Disposition.
>
> The end result is that some attachments will probably fail to be extracted and it will look similar to the following line in the Collector log.
> Shadowserver-Mail-Attachment-Fetcher-Collector - INFO - Attachment sv.zip didn't match regex.
>
> There is a non merged pull request in the imbox Git repository to handle this but it hasn't been merged with the main repo.
>
> The solution is to patch imbox/parser.py
>
> I've attached my patch against the pip3 version of imbox (slightly different to the umerged Git pull request)
>
> Regards,
>
> Patrick Forsberg
> SUNET CERT
>
> <parser.py.patch>
>
>
--
// L. Aaron Kaplan <kaplan at cert.at> - T: +43 1 5056416 78
// CERT Austria - https://www.cert.at/
// Eine Initiative der nic.at GmbH - http://www.nic.at/
// Firmenbuchnummer 172568b, LG Salzburg
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: Message signed with OpenPGP
URL: <http://lists.cert.at/pipermail/intelmq-users/attachments/20200228/b161011a/attachment.sig>
More information about the Intelmq-users
mailing list