diff options
| author | userjack6880 <john@systemanomaly.com> | 2019-07-03 05:13:26 +0300 |
|---|---|---|
| committer | userjack6880 <john@systemanomaly.com> | 2019-07-03 05:13:26 +0300 |
| commit | d2dad05295cf03a05f1fa8a9f867fc967f76060d (patch) | |
| tree | 0f2828118601218b01f17be423163d0280c00083 | |
| parent | ced9e4959478149003d228850ba8a85310bdd2c5 (diff) | |
| parent | 0dceb94e257aa77989e0f155b59b8d0344ebdd75 (diff) | |
Merge branch 'techsneeze-master'
| -rw-r--r-- | README.md | 7 | ||||
| -rw-r--r-- | dmarcts-report-parser.conf.sample | 4 | ||||
| -rwxr-xr-x | dmarcts-report-parser.pl | 86 |
3 files changed, 90 insertions, 7 deletions
@@ -18,19 +18,19 @@ To install dependencies... ### on Debian: ``` -apt-get install libmail-imapclient-perl libmime-tools-perl libxml-simple-perl \ +apt-get install libfile-mimeinfo-perl libmail-imapclient-perl libmime-tools-perl libxml-simple-perl \ libclass-dbi-mysql-perl libio-socket-inet6-perl libio-socket-ip-perl libperlio-gzip-perl \ libmail-mbox-messageparser-perl unzip ``` ### on Fedora (Fedora 23): ``` -sudo dnf install perl-Mail-IMAPClient perl-MIME-tools perl-XML-Simple perl-DBI \ +sudo dnf install perl-File-MimeInfo perl-Mail-IMAPClient perl-MIME-tools perl-XML-Simple perl-DBI \ perl-Socket6 perl-PerlIO-gzip perl-DBD-MySQL unzip ``` ### on CentOS (CentOS 7): ``` yum install https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm -yum install perl-Mail-IMAPClient perl-MIME-tools perl-XML-Simple perl-DBI \ +yum install perl-File-MimeInfo perl-Mail-IMAPClient perl-MIME-tools perl-XML-Simple perl-DBI \ perl-Socket6 perl-PerlIO-gzip perl-DBD-MySQL unzip perl-Mail-Mbox-MessageParser ``` @@ -106,6 +106,7 @@ One of the following source options must be provided: # -m : Read reports from mbox file(s) provided in PATH. # -e : Read reports from MIME email file(s) provided in PATH. # -x : Read reports from xml file(s) provided in PATH. +# -z : Read reports from zip file(s) provided in PATH. ``` The following options are always allowed: diff --git a/dmarcts-report-parser.conf.sample b/dmarcts-report-parser.conf.sample index 3976b8a..2ed7caf 100644 --- a/dmarcts-report-parser.conf.sample +++ b/dmarcts-report-parser.conf.sample @@ -19,8 +19,8 @@ $imapuser = 'username'; $imappass = 'password'; $imapport = '143'; $imapssl = '0'; # If set to 1, remember to change server port to 993 and disable imaptls. -$imaptls = '0'; # Enabled as the default and best-practice. -$tlsverify = '0'; # Enable verify server cert as the default and best-practice. +$imaptls = '1'; # Enabled as the default and best-practice. +$tlsverify = '1'; # Enable verify server cert as the default and best-practice. $imapignoreerror = '0'; # set it to 1 if you see an "ERROR: message_string() # expected 119613 bytes but received 81873 you may # need the IgnoreSizeErrors option" because of malfunction diff --git a/dmarcts-report-parser.pl b/dmarcts-report-parser.pl index 419260d..0225ce0 100755 --- a/dmarcts-report-parser.pl +++ b/dmarcts-report-parser.pl @@ -72,6 +72,7 @@ use Socket; use Socket6; use PerlIO::gzip; use File::Basename (); +use File::MimeInfo; use IO::Socket::SSL; #use IO::Socket::SSL 'debug3'; @@ -181,12 +182,17 @@ if (exists $options{i}) { $reports_source = TS_IMAP; } +if (exists $options{z}) { + $source_options++; + $reports_source = TS_ZIP_FILE; +} + if ($source_options > 1) { show_usage(); - die "Only one source option can be used (-i, -x, -m or -e).\n"; + die "Only one source option can be used (-i, -x, -m, -e or -z).\n"; } elsif ($source_options == 0) { show_usage(); - die "Please provide a source option (-i, -x, -m or -e).\n"; + die "Please provide a source option (-i, -x, -m, -e or -z).\n"; } if ($ARGV[0]) { @@ -351,6 +357,14 @@ if ($reports_source == TS_IMAP) { } } while(defined($filecontent)); + } elsif ($reports_source == TS_ZIP_FILE) { + # filecontent is zip file + $filecontent = getXMLFromZip($f); + if (processXML(TS_ZIP_FILE, $filecontent, "xml file <$f>") & 2) { + # processXML return a value with delete bit enabled + unlink($f); + } + $counts++; } elsif (open FILE, $f) { $filecontent = join("", <FILE>); @@ -408,6 +422,7 @@ sub processXML { my $xml; #TS_XML_FILE or TS_MESSAGE_FILE if ($type == TS_MESSAGE_FILE) {$xml = getXMLFromMessage($filecontent);} + elsif ($type == TS_ZIP_FILE) {$xml = $filecontent;} else {$xml = getXMLFromXMLString($filecontent);} # If !$xml, the file/mail is probably not a DMARC report. @@ -586,6 +601,73 @@ sub getXMLFromMessage { return $xml; } +################################################################################ + +sub getXMLFromZip { + my $filename = $_[0]; + my $mtype = mimetype($filename); + + if (open FILE, $filename) { + if ($debug) { + print "Filename: $filename, MimeType: $mtype\n"; + } + } + + my $isgzip = 0; + + if(lc $mtype eq "application/zip") { + if ($debug) { + print "This is a ZIP file \n"; + } + } elsif (lc $mtype eq "application/gzip" or lc $mtype eq "application/x-gzip") { + if ($debug) { + print "This is a GZIP file \n"; + } + + $isgzip = 1; + } else { + if ($debug) { + print "This is not an archive file \n"; + } + } + + # If a ZIP has been found, extract XML and parse it. + my $xml; + if(defined($filename)) { + # Open the zip file and process the XML contained inside. + my $unzip = ""; + if($isgzip) { + open(XML, "<:gzip", $filename) + or $unzip = "ungzip"; + } else { + open(XML,"unzip -p " . $filename . " |") + or $unzip = "unzip"; # Will never happen. + + # Sadly unzip -p never failes, but we can check if the + # filehandle points to an empty file and pretend it did + # not open/failed. + if (eof XML) { + $unzip = "unzip"; + close XML; + } + } + + # Read XML if possible (if open) + if ($unzip eq "") { + $xml = getXMLFromXMLString(join("", <XML>)); + if (!$xml) { + print "The XML found in ZIP file (<$filename>) does not seem to be valid XML! "; + } + close XML; + } else { + print "Failed to $unzip ZIP file (<$filename>)! "; + } + } else { + print "Could not find an <$filename>! "; + } + + return $xml; +} ################################################################################ |