#464 -- in progress

TheHive-Project · Apr 18, 2019 · cf264bd · cf264bd
1 parent c192220
commit cf264bd
Show file tree

Hide file tree

Showing 3 changed files with 11 additions and 8 deletions.
diff --git a/analyzers/FileInfo/requirements.txt b/analyzers/FileInfo/requirements.txt
@@ -6,5 +6,5 @@ pefile
 git+https://github.com/AnyMaster/pehashng
 git+https://github.com/Rafiot/pdfid.git
 oletools>=0.52
-git+https://github.com/mattgwwalker/msg-extractor[email protected]
+msg-extractor
 IMAPClient
diff --git a/analyzers/FileInfo/submodules/submodule_metadata.py b/analyzers/FileInfo/submodules/submodule_metadata.py
@@ -66,8 +66,8 @@ def analyze_file(self, path):
         self.add_result_subsection('Exif Info', self.exif(path))
 
         # Get libmagic info
-        magicliteral = magic.Magic().from_file(path)
-        mimetype = magic.Magic(mime=True).from_file(path)
+        magicliteral = magic.Magic(mime_encoding=True).from_file(path)
+        mimetype = magic.Magic(mime=True,mime_encoding=True).from_file(path)
         # filetype = pyexifinfo.fileType(path)
 
 

diff --git a/analyzers/FileInfo/submodules/submodule_outlook.py b/analyzers/FileInfo/submodules/submodule_outlook.py
@@ -2,7 +2,8 @@
 import magic
 from .submodule_base import SubmoduleBaseclass
 
-from ExtractMsg import Message, Attachment
+#  from ExtractMsg import Message, Attachment
+from extract_msg import Message, Attachment
 from imapclient.imapclient import decode_utf7
 
 
@@ -32,10 +33,12 @@ def xstr(s):
         a = []
         for attachment in attachments:
             sha256 = hashlib.sha256()
-            sha256.update(attachment.data)
-            a.append({'name': attachment.longFilename,
+            if type(attachment.data) is not Message:
+                sha256.update(attachment.data)
+                minfo = magic.Magic(uncompress=True).from_buffer(attachment.data)
+                a.append({'name': attachment.longFilename,
                       'sha256': sha256.hexdigest(),
-                      'mimeinfo':  magic.Magic(uncompress=True).from_buffer(attachment.data)
+                      'mimeinfo': minfo
                       })
 
 
@@ -49,4 +52,4 @@ def xstr(s):
                     'attachments': a
                  }
         self.add_result_subsection('Email details', email)
-        return self.results
+        return self.results