Re: Quest for HEX Strings
n0m@xxxxxxx wrote:
...the Virus scanner glue the Message and the attachement together.
To recover the containing file you can just use a simple HEX Editor.
Lets say we are looking for a DOC File as attachment. The Header of a
DOC is "D0 CF 11". So I look for this Value in the File and then I
delete everything above. Than I save the rest as DOC and tada the DOC
can be opend.
Now I want to create a script wre I can automate this task.
... Afterwards I would like to cut off the parts that I need of course
I've appended some code. I've tested it with a corrupted mail. But
I use always the same boundary for the attachments and I don't know
if this is a problem when merging multiple repaired mails in a mbox
file
If I get that far I wil try to place that somewhere on a website.
See sourceforge.net/projects/webmailsucker/ from which I've taken
most of the code.
You think I am crazy? :-D
No, thats Perl is good for. Here a script which should solve your problem.
# ----------------------------------------------------------------- #
# I assume that the mail header is still complete incl. the
# first empty line after beginning of the file (end of the header).
#
# If you give the corrupted files the extension *.bin you may
# repair all files with one call like:
# perl repair.pl *.bin >>repair.log
#
# This script rebuilds a complete mail with extension .eml which may
# be imported into a mail client and also saves the pure word file
# with the extension .doc.
#
# To import the *.eml files all at once into Outlook Express 6 simply
# drag & drop the files into the window of an opened mail folder.
#
# To convert them to the mbox format (Unix) use the utility
# eml2mbx.exe (http://home.arcor.de/luethje/prog/)
# ----------------------------------------------------------------- #
use strict;
use MIME::Base64;
my $fileAsString;
my $g_wordfile;
print "-----------------------\n";
print "Repair on file pattern: ".$ARGV[0]."\n\n";
@filenames = glob($ARGV[0]);
foreach my $filename (@filenames) {
print "Filename: ".$filename."\n";
open( IN, $filename)
or die "Can't read corrupt file:\n -- $filename\n -- $!\n --";
{ # create a block to limit the scope of $/
local $/; # record separator now undef, reads whole file
while (<IN>) {
$fileAsString = $_;
}
}
# $/ is restored here
(my $fbasicname = $filename) =~ s/\.\w+$//;
my $crumpled;
my ($mailheader, $mailcontent)
= $fileAsString =~ m{(.+?)[\r\n]{2,4}(.+)}s;
# magic token for word
($crumpled, $g_wordfile)
= $mailcontent =~ m{(.*?)(\xD0\xCF\x11.+)}s;
my $mail
= buildMail( $mailheader, $crumpled, $fbasicname);
open( OUT, ">$fbasicname.eml")
or die "Can't save repaired email:\n -- $!\n --";
print OUT $mail;
close(OUT);
print "New Mail saved as: ".$fbasicname.".eml\n";
print "-----------------------\n";
} ## foreach
exit(0);
# ---------- #
sub buildMail {
my ($mailheader, $mailtext, $fbasicname) = @_;
my $mail;
my $conttype;
my $boundary;
my $mime;
my $boundbody;
my $attachhead;
my $attachbody;
if ( $mailheader =~ m{boundary="(.+?)"} ) {
# delete old MIME/boundary markers, if exist
$boundary = $1;
$mailheader =~ s/\nContent-Type: .+?\n/\n/i;
$mailheader =~ s/\n\s+boundary=".+?\n/\n/i;
$mailheader =~ s/\nMime-Version: .+?\n/\n/i;
$g_wordfile =~ s/\s+--$boundary--\s+//;
}
# Use this as a shortcut to save the word file directly without
# a mail envelope. The end of the file probably will contain the
# old mail boundary, but that seems to result in no problems.
open( OUTDOC,">$fbasicname.doc")
or die " -- Can't create file:\n -- DBGout.txt\n -- $!\n --";
binmode( OUTDOC);
print OUTDOC $g_wordfile;
close(OUTDOC);
print "Word doc saved as: ".$fbasicname.".doc\n";
# rebuild mail with cleaned word file
# constant boundary for all mails, don't know if this
# may become a problem
$boundary = "------=2159074098175";
$conttype
= "Content-Type: multipart/mixed; boundary=\"$boundary\"\n";
$mime = "Mime-Version: 1.0\n";
$mailheader =
$mailheader
. "\n"
. $conttype
. $mime
;
$boundbody =
"--$boundary\n"
. "Content-Type: text/plain; charset=\"iso-8859-1\"\n"
. "Content-Disposition: inline\n"
. "Content-transfer-Encoding: 8bit\n"
;
$attachhead =
"--$boundary\n"
. "Content-Type: application/msword\n"
. "Content-Disposition: attachment; filename=\"repaired.doc\"\n"
. "Content-Transfer-Encoding: base64\n"
. "\n"
;
# if the corrupted mail contains the pure binary word file, it
# should be encoded
$attachbody = encode_base64( $g_wordfile);
$mail =
$mailheader
. "\n\n"
. $boundbody
. "\n"
. $mailtext
. "\n\n"
. $attachhead
. $attachbody
. "--"
. $boundary
. "--\n\n"
;
return $mail;
} ## end sub buildMail
# ----------------------------------------------------------------- #
.
Relevant Pages
- Re: Macro to Break Links to Excel in Document Header
... WholeStory refers only to the body of the document (ie not the header). ... For each pRange in ActiveDocument.StoryRanges ... I have created a Word file as a template file which uses links to an Excel ... Open the Excel file and enter all the data in the highlighted fields. ...
(microsoft.public.word.docmanagement) - Re: Word Automation causes blank headers to appear
... Note The primary header and footer exist in all new documents by default. ... actually save the word file, and then I go in and open the word file. ... the top margin still says 0.3"! ... toolbar for editing headers, and then when I close that toolbar (without ...
(microsoft.public.office.developer.automation) - Re: Controlling email headers - at the email client or ???
... It includes envelope sender (it is passed ... This header is not added by MUA (Mail User Agent or mail reading ... Every MTA (Mail Transport Agent) is suuposed to add one header ... published as a formal extension to this ...
(comp.mail.misc) - Re: How to know image type?
... I just think "Checking Header" may not be accountable. ... no influence of my insertion is observed. ... have extension name, or have WRONG extension name (for example, file ... "XXX.bmp" may contains a JPG image). ...
(microsoft.public.vb.general.discussion) - Re: Name clash in C extension
... I'm trying to write an extension interfacing with the C iGraph ... What happens if you define a wrapper for the calls you make to the IGraph ... That way you include only the wrapper's header in the extension's ...
(comp.lang.ruby) |
|
