A Postfix filter which takes a piped message and submits it to Cuckoo Sandbox
Article with a better explanation here: https://tribalchicken.com.au/technical/automated-mail-server-cuckoo-analysis-v2-0/

This is a simple script used with Postfix to grab email from a Pipe, scan for interesting attachments and automatically submit the attachment to Cuckoo.

It says Postfix, but will now it just takes input from a pipe really has nothing to do with postfix.

There are two versions:

  • cuckoolyse: This is what I am using currently which takes email and simply submits. I use this in conjunction with Postfix's bcc_recipient_maps and recipient_transport to get a copy of all incoming mail and submit
  • cuckoolyse-filter: This is the original version I wrote with the intention of using as a simple content filter. This will need some work.

Note: I do not pretend to be a coder!

Feedback and changes are welcome.