You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Describe the bug
When a msg file contains a attachment that is a encrypted it breaks.
To Reproduce
Steps to reproduce the behavior:
attach a zip file with a password to an email and save that email as msg
upload msg in TheHive
scan with FileInfo_7_0
Expected behavior
The application should just say that the zip is encrypted instead of crashing.
Complementary information Traceback (most recent call last): File "/Cortex-Analyzers/analyzers/FileInfo/fileinfo_analyzer.py", line 76, in <module> FileInfoAnalyzer().run() File "/Cortex-Analyzers/analyzers/FileInfo/fileinfo_analyzer.py", line 64, in run module_results = module.analyze_file(self.filepath) File "/Cortex-Analyzers/analyzers/FileInfo/submodules/submodule_oletools.py", line 64, in analyze_file self.analyze_vba(path) File "/Cortex-Analyzers/analyzers/FileInfo/submodules/submodule_oletools.py", line 128, in analyze_vba path = decrypt(path) File "/usr/local/lib/python3.7/dist-packages/oletools/crypto.py", line 380, in decrypt exec('raise UnsupportedEncryptionError(filename) from None') File "<string>", line 1, in <module>oletools.common.errors.UnsupportedEncryptionError: Office file /tmp/cortex-job-VNuI4XYBJz5T0REiygnt-4775860985038091071/input/attachment12357675004074500511 is encrypted, not yet supported
Work environment
Cortex Analyzer/Responder name: FileInfo
Cortex Analyzer/Responder version: 7
Possible solutions
By adding a simple try: statement on line 64 of fileinfo_analyzer.py the error doesn't crash the analyzer anymore
The text was updated successfully, but these errors were encountered:
Describe the bug
When a msg file contains a attachment that is a encrypted it breaks.
To Reproduce
Steps to reproduce the behavior:
Expected behavior
The application should just say that the zip is encrypted instead of crashing.
Complementary information
Traceback (most recent call last): File "/Cortex-Analyzers/analyzers/FileInfo/fileinfo_analyzer.py", line 76, in <module> FileInfoAnalyzer().run() File "/Cortex-Analyzers/analyzers/FileInfo/fileinfo_analyzer.py", line 64, in run module_results = module.analyze_file(self.filepath) File "/Cortex-Analyzers/analyzers/FileInfo/submodules/submodule_oletools.py", line 64, in analyze_file self.analyze_vba(path) File "/Cortex-Analyzers/analyzers/FileInfo/submodules/submodule_oletools.py", line 128, in analyze_vba path = decrypt(path) File "/usr/local/lib/python3.7/dist-packages/oletools/crypto.py", line 380, in decrypt exec('raise UnsupportedEncryptionError(filename) from None') File "<string>", line 1, in <module>oletools.common.errors.UnsupportedEncryptionError: Office file /tmp/cortex-job-VNuI4XYBJz5T0REiygnt-4775860985038091071/input/attachment12357675004074500511 is encrypted, not yet supportedWork environment
Possible solutions
By adding a simple
try:statement on line 64 offileinfo_analyzer.pythe error doesn't crash the analyzer anymoreThe text was updated successfully, but these errors were encountered: