Trying to run macrofilter with python 3 because pymilter is not available for python 2 in my distro.
Made a few changes to macrofilter.py such as:
import Milter
try:
from StringIO import StringIO
except ImportError:
from io import StringIO
import io
import time
import email
import sys
import re
import hashlib
import os
import errno
import logging
import logging.handlers
import io
import traceback
import tempfile
import shutil
import olefile
import json
try:
from sets import Set
except ImportError:
pass
from oletools import olevba, mraptor
from Milter.utils import parse_addr
from socket import AF_INET6
try:
from ConfigParser import SafeConfigParser
except ImportError:
from configparser import SafeConfigParser
from oletools.olevba import VBA_Parser
and then replaced StringIO.StringIO calls with io.StringIO.
When I send an e-mail with a malicious macro DOC attachment, I get nothing in the macromilter log except the connection status.
grep MacroMilter /var/log/messages
Jan 26 17:35:08 python[3976]: MacroMilter: milter claimed not to reply in state 4 but did anyway 3
cat /var/log/macromilter/macromilter.log
2020-01-26 17:34:31,060 - INFO: Starting MarcoMilter v3.6.1 - listening on inet:3690@127.0.0.1
2020-01-26 17:34:31,061 - DEBUG: Python version: 3.6.9 (default, Dec 23 2019, 00:36:40)
[GCC 9.2.0]
2020-01-26 17:35:08,531 - DEBUG: [1] Connect from sonic317-20.consmr.mail.gq1.yahoo.com at ('98.137.66.146', 41907)
Hi,
Trying to run macrofilter with python 3 because pymilter is not available for python 2 in my distro.
Made a few changes to macrofilter.py such as:
import Milter try: from StringIO import StringIO except ImportError: from io import StringIO import io import time import email import sys import re import hashlib import os import errno import logging import logging.handlers import io import traceback import tempfile import shutil import olefile import json
try: from sets import Set except ImportError: pass from oletools import olevba, mraptor from Milter.utils import parse_addr from socket import AF_INET6 try: from ConfigParser import SafeConfigParser except ImportError: from configparser import SafeConfigParser from oletools.olevba import VBA_Parser
and then replaced StringIO.StringIO calls with io.StringIO.
When I send an e-mail with a malicious macro DOC attachment, I get nothing in the macromilter log except the connection status.
grep MacroMilter /var/log/messages
Jan 26 17:35:08 python[3976]: MacroMilter: milter claimed not to reply in state 4 but did anyway 3
cat /var/log/macromilter/macromilter.log
2020-01-26 17:34:31,060 - INFO: Starting MarcoMilter v3.6.1 - listening on inet:3690@127.0.0.1 2020-01-26 17:34:31,061 - DEBUG: Python version: 3.6.9 (default, Dec 23 2019, 00:36:40) [GCC 9.2.0] 2020-01-26 17:35:08,531 - DEBUG: [1] Connect from sonic317-20.consmr.mail.gq1.yahoo.com at ('98.137.66.146', 41907)
Nothing else in the log.
What can I try?