[Rspamd-Users] rspamd, oletools
Florian Piekert
floppy at floppy.org
Thu Jan 30 14:50:22 UTC 2025
Dear users,
I am still struggling to get olefy working with oletools and rspamd.
As user olefy on cmd line testing seems to work
olefy at sonne:~$ /var/lib/olefy/.local/bin/olevba text.xlsx
XLMMacroDeobfuscator: pywin32 is not installed (only is required if you want to use MS Excel)
olevba 0.60.2 on Python 3.12.3 - http://decalage.info/python/oletools
===============================================================================
FILE: text.xlsx
Type: OpenXML
No VBA or XLM macros found.
Sending email apparently does not. I tried sending a single xlsx file, that doesn't even appear in the logfiles. Then I send our of curiosity 5 xlsx and 1 docx and got this in a heap.
Jan 30 15:29:39 sonne python3[1464738]: olefy DEBUG connection_made ('127.0.0.1', 46284) new connection was made
Jan 30 15:29:39 sonne python3[1464738]: olefy DEBUG connection_made ('127.0.0.1', 46286) new connection was made
Jan 30 15:29:39 sonne python3[1464738]: olefy DEBUG connection_made ('127.0.0.1', 46296) new connection was made
Jan 30 15:29:39 sonne python3[1464738]: olefy DEBUG data_received ('127.0.0.1', 46284) data received from new connection
Jan 30 15:29:39 sonne python3[1464738]: olefy DEBUG data_received ('127.0.0.1', 46286) data received from new connection
Jan 30 15:29:39 sonne python3[1464738]: olefy DEBUG data_received ('127.0.0.1', 46296) data received from new connection
Jan 30 15:29:39 sonne python3[1464738]: olefy DEBUG protocol_split olefy_headers: {'olefy': 'OLEFY/1.0', 'Method': 'oletools', 'Rspamd-ID': 'B7A9916E042Fa7'}
Jan 30 15:29:39 sonne python3[1464738]: olefy DEBUG eof_received <B7A991> /tmp/1738247379.4132054.46284.B7A991 choosen as tmp filename
Jan 30 15:29:39 sonne python3[1464738]: olefy INFO eof_received <B7A991> 11922 bytes (stream size)
Jan 30 15:29:39 sonne python3[1464738]: olefy INFO oletools <B7A991> application/x-decompression-error-gzip-Stdin-has-more-than-one-entry--rest-ignored (libmagic output)
Jan 30 15:29:39 sonne python3[1464738]: olefy ERROR oletools <B7A991> olevba returned <30 chars - rc: 1, response: '', error: 'Traceback (most recent call last):\n File "/var/lib/olefy/.local/bin/olevba", line 5, in <module>\n from oletools.olevba import main\nModuleNotFoundError: No module named \'oletools\'\n'
Jan 30 15:29:39 sonne python3[1464738]: olefy DEBUG oletools <B7A991> /tmp/1738247379.4132054.46284.B7A991 deleting tmp file
Jan 30 15:29:39 sonne python3[1464738]: olefy DEBUG oletools <B7A991> response: [ { "error": "Unhandled error - too short olevba response" } ]
Jan 30 15:29:39 sonne python3[1464738]: olefy INFO eof_received <B7A991> ('127.0.0.1', 46284) response send: b'[ { "error": "Unhandled error - too short olevba response" } ]\t\n\n\t'
Jan 30 15:29:39 sonne python3[1464738]: olefy DEBUG data_received ('127.0.0.1', 46286) data received from new connection
Jan 30 15:29:39 sonne python3[1464738]: olefy DEBUG data_received ('127.0.0.1', 46296) data received from new connection
Jan 30 15:29:39 sonne python3[1464738]: olefy DEBUG connection_made ('127.0.0.1', 46304) new connection was made
Jan 30 15:29:39 sonne python3[1464738]: olefy DEBUG connection_made ('127.0.0.1', 46306) new connection was made
Jan 30 15:29:39 sonne python3[1464738]: olefy DEBUG data_received ('127.0.0.1', 46286) data received from new connection
Jan 30 15:29:39 sonne python3[1464738]: olefy DEBUG data_received ('127.0.0.1', 46296) data received from new connection
Jan 30 15:29:39 sonne python3[1464738]: olefy DEBUG data_received ('127.0.0.1', 46286) data received from new connection
Jan 30 15:29:39 sonne python3[1464738]: olefy DEBUG data_received ('127.0.0.1', 46296) data received from new connection
Jan 30 15:29:39 sonne python3[1464738]: olefy DEBUG data_received ('127.0.0.1', 46304) data received from new connection
Jan 30 15:29:39 sonne python3[1464738]: olefy DEBUG data_received ('127.0.0.1', 46306) data received from new connection
Jan 30 15:29:39 sonne python3[1464738]: olefy DEBUG protocol_split olefy_headers: {'olefy': 'OLEFY/1.0', 'Method': 'oletools', 'Rspamd-ID': 'B7A9916E042Fa7'}
Jan 30 15:29:39 sonne python3[1464738]: olefy DEBUG eof_received <B7A991> /tmp/1738247379.512279.46286.B7A991 choosen as tmp filename
Jan 30 15:29:39 sonne python3[1464738]: olefy INFO eof_received <B7A991> 497218 bytes (stream size)
Jan 30 15:29:39 sonne python3[1464738]: olefy INFO oletools <B7A991> application/x-decompression-error-gzip-Stdin-has-more-than-one-entry--rest-ignored (libmagic output)
Jan 30 15:29:39 sonne python3[1464738]: olefy ERROR oletools <B7A991> olevba returned <30 chars - rc: 1, response: '', error: 'Traceback (most recent call last):\n File "/var/lib/olefy/.local/bin/olevba", line 5, in <module>\n from oletools.olevba import main\nModuleNotFoundError: No module named \'oletools\'\n'
Jan 30 15:29:39 sonne python3[1464738]: olefy DEBUG oletools <B7A991> /tmp/1738247379.512279.46286.B7A991 deleting tmp file
Jan 30 15:29:39 sonne python3[1464738]: olefy DEBUG oletools <B7A991> response: [ { "error": "Unhandled error - too short olevba response" } ]
Jan 30 15:29:39 sonne python3[1464738]: olefy INFO eof_received <B7A991> ('127.0.0.1', 46286) response send: b'[ { "error": "Unhandled error - too short olevba response" } ]\t\n\n\t'
Jan 30 15:29:39 sonne python3[1464738]: olefy DEBUG protocol_split olefy_headers: {'olefy': 'OLEFY/1.0', 'Method': 'oletools', 'Rspamd-ID': 'B7A9916E042Fa7'}
Jan 30 15:29:39 sonne python3[1464738]: olefy DEBUG eof_received <B7A991> /tmp/1738247379.512279.46296.B7A991 choosen as tmp filename
Jan 30 15:29:39 sonne python3[1464738]: olefy INFO eof_received <B7A991> 763035 bytes (stream size)
Jan 30 15:29:39 sonne python3[1464738]: olefy INFO oletools <B7A991> application/x-decompression-error-gzip-Stdin-has-more-than-one-entry--rest-ignored (libmagic output)
Jan 30 15:29:39 sonne python3[1464738]: olefy ERROR oletools <B7A991> olevba returned <30 chars - rc: 1, response: '', error: 'Traceback (most recent call last):\n File "/var/lib/olefy/.local/bin/olevba", line 5, in <module>\n from oletools.olevba import main\nModuleNotFoundError: No module named \'oletools\'\n'
Jan 30 15:29:39 sonne python3[1464738]: olefy DEBUG oletools <B7A991> /tmp/1738247379.512279.46296.B7A991 deleting tmp file
Jan 30 15:29:39 sonne python3[1464738]: olefy DEBUG oletools <B7A991> response: [ { "error": "Unhandled error - too short olevba response" } ]
Jan 30 15:29:39 sonne python3[1464738]: olefy INFO eof_received <B7A991> ('127.0.0.1', 46296) response send: b'[ { "error": "Unhandled error - too short olevba response" } ]\t\n\n\t'
Jan 30 15:29:39 sonne python3[1464738]: olefy DEBUG protocol_split olefy_headers: {'olefy': 'OLEFY/1.0', 'Method': 'oletools', 'Rspamd-ID': 'B7A9916E042Fa7'}
Jan 30 15:29:39 sonne python3[1464738]: olefy DEBUG eof_received <B7A991> /tmp/1738247379.512279.46304.B7A991 choosen as tmp filename
Jan 30 15:29:39 sonne python3[1464738]: olefy INFO eof_received <B7A991> 11497 bytes (stream size)
Jan 30 15:29:39 sonne python3[1464738]: olefy INFO oletools <B7A991> application/x-decompression-error-gzip-Stdin-has-more-than-one-entry--rest-ignored (libmagic output)
Jan 30 15:29:39 sonne python3[1464738]: olefy ERROR oletools <B7A991> olevba returned <30 chars - rc: 1, response: '', error: 'Traceback (most recent call last):\n File "/var/lib/olefy/.local/bin/olevba", line 5, in <module>\n from oletools.olevba import main\nModuleNotFoundError: No module named \'oletools\'\n'
Jan 30 15:29:39 sonne python3[1464738]: olefy DEBUG oletools <B7A991> /tmp/1738247379.512279.46304.B7A991 deleting tmp file
Jan 30 15:29:39 sonne python3[1464738]: olefy DEBUG oletools <B7A991> response: [ { "error": "Unhandled error - too short olevba response" } ]
Jan 30 15:29:39 sonne python3[1464738]: olefy INFO eof_received <B7A991> ('127.0.0.1', 46304) response send: b'[ { "error": "Unhandled error - too short olevba response" } ]\t\n\n\t'
Jan 30 15:29:39 sonne python3[1464738]: olefy DEBUG protocol_split olefy_headers: {'olefy': 'OLEFY/1.0', 'Method': 'oletools', 'Rspamd-ID': 'B7A9916E042Fa7'}
Jan 30 15:29:39 sonne python3[1464738]: olefy DEBUG eof_received <B7A991> /tmp/1738247379.512279.46306.B7A991 choosen as tmp filename
Jan 30 15:29:39 sonne python3[1464738]: olefy INFO eof_received <B7A991> 25888 bytes (stream size)
Jan 30 15:29:39 sonne python3[1464738]: olefy INFO oletools <B7A991> application/x-decompression-error-gzip-Stdin-has-more-than-one-entry--rest-ignored (libmagic output)
Jan 30 15:29:39 sonne python3[1464738]: olefy ERROR oletools <B7A991> olevba returned <30 chars - rc: 1, response: '', error: 'Traceback (most recent call last):\n File "/var/lib/olefy/.local/bin/olevba", line 5, in <module>\n from oletools.olevba import main\nModuleNotFoundError: No module named \'oletools\'\n'
Jan 30 15:29:39 sonne python3[1464738]: olefy DEBUG oletools <B7A991> /tmp/1738247379.512279.46306.B7A991 deleting tmp file
Jan 30 15:29:39 sonne python3[1464738]: olefy DEBUG oletools <B7A991> response: [ { "error": "Unhandled error - too short olevba response" } ]
Jan 30 15:29:39 sonne python3[1464738]: olefy INFO eof_received <B7A991> ('127.0.0.1', 46306) response send: b'[ { "error": "Unhandled error - too short olevba response" } ]\t\n\n\t'
I have installed oletools as user olefy with pipx as "pipx install oletools[Full]" .
It ended up in
/var/lib/olefy/.local/bin
since /var/lib/olefy/ is the homedir of olefy.
Python is 3.12.3.
Maybe some1 has an idea what to do.
Thanks for pointers.
Florian
More information about the Users
mailing list