A Postfix filter which takes a piped message and submits it to Cuckoo Sandbox
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
README.md
cuckoolyse-filter.py
cuckoolyse.py

README.md

postfix-cuckoolyse

Article with a better explanation here: https://tribalchicken.com.au/technical/automated-mail-server-cuckoo-analysis-v2-0/

This is a simple script used with Postfix to grab email from a Pipe, scan for interesting attachments and automatically submit the attachment to Cuckoo.

It says Postfix, but will now it just takes input from a pipe really has nothing to do with postfix.

There are two versions:

  • cuckoolyse: This is what I am using currently which takes email and simply submits. I use this in conjunction with Postfix's bcc_recipient_maps and recipient_transport to get a copy of all incoming mail and submit
  • cuckoolyse-filter: This is the original version I wrote with the intention of using as a simple content filter. This will need some work.

Note: I do not pretend to be a coder!

Feedback and changes are welcome.