Dear Experts,

We currently have a  mail box which contains only shadow server feeds  attachment files in a zipped form. The IntelMQ is able to read the emails but cannot extract and forward them to the shadow server parser.

We need your assistance .

See details below

Configuration From Runtime.conf

------------------------------------------------------------------------------------------------------

"Mail-Attachment-Fetcher-Collector": {

        "parameters": {

            "extract_files": "True",

            "attach_regex": "[A-Za-z:0-9\\.\\_ \\[\\]\\-]",

            "folder": "INBOX",

            "mail_host": "imap.xxxx.xxx",

            "mail_password": "xxxxxxxxxx",

            "mail_ssl": true,

            "mail_user": "johndoe",

            "name": "Via IMAP",

            "provider": "ShadowServer",

            "rate_limit": 86400,

            "subject_regex": "[A-Za-z:0-9 \\[\\]\\-]"

        },

        "name": "Mail Attachment Fetcher",

        "group": "Collector",

        "module": "intelmq.bots.collectors.mail.collector_mail_attach",

        "description": "Monitor IMAP mailboxes and retrieve mail attachments",

        "enabled": true,

        "run_mode": "continuous"

Below are the logs

tail -n 1000 Mail-Attachment-Fetcher-Collector.log 

2020-02-18 18:31:12,672 - Mail-Attachment-Fetcher-Collector - INFO - Email report read.

2020-02-18 18:31:19,310 - Mail-Attachment-Fetcher-Collector - INFO - Email report read.

2020-02-18 18:31:25,574 - Mail-Attachment-Fetcher-Collector - INFO - Email report read.

2020-02-18 18:31:31,816 - Mail-Attachment-Fetcher-Collector - INFO - Email report read.

Should you need any further information, please do not hesitate to contact me.

Thanks

Regards,

Vincent M

UG-CERT