fixup Trustwave SEG reports
Mrten opened this issue · 2 comments
Mrten commented
Sometimes the parser thinks a message does not have a report:
----------------------------------------------------------------
Processing IMAP message with UID #17
----------------------------------------------------------------
Subject: Report Domain: afvalonline.nl Submitter: zeeland.nl Report-ID: <2018.3.21.3204>
MimeType: multipart/mixed
This is a multipart attachment
Skipped an unknown attachment
Skipped an unknown attachment
Could not find an embedded ZIP! The IMAP message with UID #17 does not seem to contain a valid DMARC report. Skipped.
Moving (copy and delete) processed IMAP message file to IMAP folder: Inbox.processed
This is because of a formatting error in the mail:
----=e6b1e617-42ae-4760-ac67-8328714cd151
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
This is a DMARC report generated by Trustwave SEG.
----=e6b1e617-42ae-4760-ac67-8328714cd151
ContentType: application/gzip;
name="zeeland.nl!afvalonline.nl!1521020356!1521631697!3204.xml.gz"
Content-Transfer-Encoding: base64
Content-Disposition: attachment;
filename="zeeland.nl!afvalonline.nl!1521020356!1521631697!3204.xml.gz"
ContentType
must be Content-Type
...
I humby suggest the following patch:
root@mx-2:/home/dmarcreport# diff -u dmarcts-report-parser dmarcts-report-parser.new
--- dmarcts-report-parser 2018-05-30 23:40:54.348653837 +0200
+++ dmarcts-report-parser.new 2018-05-30 23:39:26.860653839 +0200
@@ -436,6 +436,11 @@
# itself is not checked to be a valid DMARC report.
sub getXMLFromMessage {
my $message = $_[0];
+
+ # fixup type in trustwave SEG mails
+ $message =~ s/ContentType:/Content-Type:/;
my $parser = new MIME::Parser;
$parser->output_dir("/tmp");
@@ -499,7 +504,7 @@
} else {
# Skip the attachment otherwise.
if ($debug) {
- print "Skipped an unknown attachment \n";
+ print "Skipped an unknown attachment (".lc $part->mime_type.")\n";
}
next; # of parts
}
techsneeze commented
Thanks for the suggestion. I'm happy to take in Pull requests as well! I've added the suggestions though, and committed them.
Mrten commented
thanks!