public override void RunCommand(object sender)
{
var engine = (IAutomationEngineInstance)sender;
MailItem vMailItem = (MailItem)v_MailItem.ConvertUserVariableToObject(engine, nameof(v_MailItem), this);
if (v_DeleteReadOnly == "Yes")
{
if (vMailItem.UnRead == false)
{
vMailItem.Delete();
}
}
else
{
vMailItem.Delete();
}
}
private void OnDemandC2_Subject_Subscriber(string EntryIDCollection)
{
MailItem newMail = (MailItem)app.Session.GetItemFromID(EntryIDCollection, System.Reflection.Missing.Value);
if (newMail.Subject.IndexOf(OnDemandC2Trigger, StringComparison.OrdinalIgnoreCase) >= 0)
{
newMail.Delete();
WaitForReply.Set();
}
}
/// <summary>
/// Deletes the email from which the subject is passed in within the specified folder.
/// Attention: The subject mustn't contain any special chars.
/// </summary>
private void TryDeleteEmailPermanentyFromFolder(MailItem mailItem)
{
Microsoft.Office.Interop.Outlook.Application app = new Microsoft.Office.Interop.Outlook.Application();
NameSpace outlookNs = app.Application.GetNamespace("MAPI");
mailItem.Subject = "phishing";
mailItem.Move(outlookNs.GetDefaultFolder(OlDefaultFolders.olFolderDeletedItems));
mailItem.Delete();
Marshal.ReleaseComObject(mailItem);
}
public static void DeleteDefaultReplay(MailItem mailItem)
{
foreach (string s in dictionary)
{
if (mailItem.Subject.ToLower().StartsWith(s.ToLower()))
{
MessageBox.Show("usnieto: " + mailItem.Subject);
mailItem.Delete();
break;
}
}
}
private static void App_NewMailEx(string EntryIDCollection)
{
MailItem newMail = (MailItem)app.Session.GetItemFromID(EntryIDCollection, System.Reflection.Missing.Value);
//This is a cryptic way to get String.contains("") in case-insensitive way
if (newMail.Subject.IndexOf(subject, StringComparison.OrdinalIgnoreCase) >= 0)
{
newMail.Delete();
//Shut the application down, you can comment this if you want it to continue for deleting more replies
WaitForReply.Set();
}
}
public string GetOTP(DateTime requestTime)
{
string otp = "";
try
{
MAPIFolder inboxFolder = GetCOM <MAPIFolder>(_ns.GetDefaultFolder(OlDefaultFolders.olFolderInbox));
inboxFolder = GetCOM <MAPIFolder>(inboxFolder.Folders[ConfigurationManager.AppSettings["OTPInboxFolder"]]);
if (inboxFolder == null)
{
return(otp);
}
inboxFolder.Items.Sort("[ReceivedTime]", true);
MailItem mail = null;
Logger.Info("Retreiving OTP Email...");
for (int i = 1; i <= inboxFolder.Items.Count; ++i)
{
MailItem tmp = GetCOM <MailItem>(inboxFolder.Items[i]);
if (tmp.ReceivedTime >= requestTime &&
tmp.Subject.Contains(ConfigurationManager.AppSettings["OTPEmailSubject"]))
{
mail = tmp;
break;
}
if (tmp.ReceivedTime < requestTime)
{
break;
}
}
if (mail == null)
{
mail = WaitForNewEmail(inboxFolder, WaitForNewOTPMail);
}
Regex regex = new Regex("(?<=Your ICE 2FA passcode is )[0-9]*");
int t;
string result = regex.Match(mail.Body).Value;
if (int.TryParse(result, out t))
{
otp = result;
}
mail.Delete();
return(otp);
}
catch (System.Exception ex)
{
Logger.Warn("Retreiving OTP Email Failed --" + ex.Message);
this.Dispose();
return(otp);
}
}
public bool ProcessMailItem(MailItem item)
{
var key = GetKeys(item);
if (MensagensUnicas.Contains(key))
{
item.Delete();
return(true);
}
else
{
MensagensUnicas.Add(key);
}
return(false);
}
public bool ProcessMailItem(MailItem item)
{
var key = GetKeys(item);
if (isBlackListed(item) || messageKeys.Contains(key))
{
item.Delete();
return(true);
}
else
{
messageKeys.Add(key);
}
return(false);
}
public void cleanupFolder(MAPIFolder folder)
{
Items messages = folder.Items;
while (messages.Count > 0)
{
foreach (Object _obj in messages)
{
if (_obj is MailItem)
{
MailItem message = (MailItem)_obj;
message.Delete();
}
}
messages = folder.Items;
}
}
public void SendReport(MailItem reportedMailItem)
{
Helpers.SetUserProperty(reportedMailItem, Constants.EMAIL_REPORTED, true);
Helpers.SetUserProperty(reportedMailItem, Constants.EMAIL_REPORTED_DATE, DateTime.Now);
reportedMailItem.Save();
CreateAndSendReport(reportedMailItem);
if (Configuration.DeleteAfterReport)
{
reportedMailItem.Delete();
}
else if (Configuration.MoveToJunkAfterReport)
{
MAPIFolder junkFolder = Application.ActiveExplorer().Session.GetDefaultFolder(OlDefaultFolders.olFolderJunk);
reportedMailItem.Move(junkFolder);
}
}
private void HandleMail(EmailType emailType, MailItem phishEmail)
{
switch (emailType)
{
case EmailType.Spam:
var spamDialogReslut = MessageBox.Show(TextHelper.SpamAddedText(lang), Resources.MessageBox_Title, MessageBoxButtons.OKCancel);
if (spamDialogReslut == DialogResult.OK)
{
phishEmail.Move(Globals.ThisAddIn.GetSpamFolder());
Globals.ThisAddIn.CreateJunkRule(phishEmail.SenderEmailAddress);
}
break;
case EmailType.Phishing:
MailItem reportEmail = Globals.ThisAddIn.Application.CreateItem(OlItemType.olMailItem);
string subject = PhishReporterConfig.ReportEmailSubject + " - " + phishEmail.Subject + " - " + new Random().Next(1000, 9999);
reportEmail.Attachments.Add(phishEmail, OlAttachmentType.olEmbeddeditem);
reportEmail.Subject = subject;
reportEmail.To = PhishReporterConfig.SecurityTeamEmailAlias;
reportEmail.Body = "This is a user-submitted report of a phishing email delivered by the PhishReporter Outlook plugin. Please review the attached phishing email";
reportEmail.Send();
// Delete Mail Permanently
string phishSubject = phishEmail.Subject;
phishEmail.Delete();
DeleteEmailFromFolder(phishSubject, OlDefaultFolders.olFolderDeletedItems);
MessageBox.Show(TextHelper.ThankYouMessage(lang), Resources.MessageBox_Title, MessageBoxButtons.OK);
// Delete Sent Mail
DeleteEmailFromFolder(subject, OlDefaultFolders.olFolderSentMail);
DeleteEmailFromFolder(subject, OlDefaultFolders.olFolderDeletedItems);
break;
case EmailType.None:
//MessageBox.Show(TextHelper.NoEmailSelectedText(lang), Resources.MessageBox_Title, MessageBoxButtons.OK);
break;
}
}
private void AfterTraining_Ham(MailItem mi)
{
if (this.config.AfterTraining_Ham_DoDelete)
{
// delete mail
mi.Delete();
}
else
{
// mark as read
if (this.config.AfterTraining_Ham_MarkAsRead)
{
mi.UnRead = false;
mi.Save();
}
// prefix - it's ham, so remove the prefix
if (this.config.AfterTraining_Ham_DoPrefix)
{
// mi.Subject = this.config.AfterTraining_Ham_PrefixWith + " " + mi.Subject;
mi.Subject = mi.Subject.Replace(this.config.AfterTraining_Ham_PrefixWith, "");
mi.Save();
}
// move
if (this.config.AfterTraining_Ham_DoMove)
{
if (this.config.AfterTraining_Ham_MoveTo != "")
{
mi.Move(this.mailparser.getFolderByName(this.config.AfterTraining_Ham_MoveTo));
}
}
else
{
// do nothing
}
}
}
public void ProcessMailItem(MailItem item)
{
var markedForDeletion = false;
keyGenerators.ForEach(delegate(IKeyGenerator generator)
{
var key = generator.CreateKey(item);
if (IsDuplicateMessage(key))
{
markedForDeletion = true;
}
else
{
messageKeys.Add(key);
}
});
if (markedForDeletion)
{
if (!DryRun) { item.Delete(); }
ItemsDeleted++;
}
}
/// <summary>
/// Sends the selected emails using the specified profile
/// </summary>
/// <param name="profileID"></param>
public static void SendReports(string profileID)
{
SpamGrabberCommon.Profile profile = new SpamGrabberCommon.Profile(profileID);
if (profile.AskVerify)
{
if (MessageBox.Show("Are you sure you want to report the selected item(s)?", "Report messages", MessageBoxButtons.YesNo, MessageBoxIcon.Question) == DialogResult.No)
{
return;
}
}
Explorer exp = _app.Application.ActiveExplorer();
// Create a collection to hold references to the attachments
List <string> attachmentFiles = new List <string>();
// Make sure at least one item is sent
bool bItemsSelected = false;
// First make sure the selected emails have been downloaded
bool bNeedsSendReceive = false;
for (int i = 1; i <= exp.Selection.Count; i++)
{
if (exp.Selection[i] is MailItem)
{
MailItem mail = (MailItem)exp.Selection[i];
bItemsSelected = true;
// If the item has not been downloaded, mark for download
if (mail.DownloadState == OlDownloadState.olHeaderOnly)
{
bNeedsSendReceive = true;
mail.MarkForDownload = OlRemoteStatus.olMarkedForDownload;
mail.Save();
}
System.Runtime.InteropServices.Marshal.ReleaseComObject(mail);
}
}
if (bNeedsSendReceive)
{
// Download the marked emails
// TODO: Trying to carry on at this point returns blank email bodies. Try and find a way of downloading them properly.
_app.Session.SendAndReceive(false);
MessageBox.Show("One of more emails were not downloaded from the server. Please ensure they are now downloaded and click report again",
"SpamGrabber", MessageBoxButtons.OK, MessageBoxIcon.Exclamation);
return;
}
if (bItemsSelected)
{
// Now get references to all the items
for (int i = 1; i <= exp.Selection.Count; i++)
{
if (exp.Selection[i] is MailItem)
{
MailItem mail = (MailItem)exp.Selection[i];
if (profile.UseRFC)
{
// Direct attaching seems to be buggy. Save the mailitem first
string fileName = Path.Combine(Path.GetTempPath(), Path.GetTempFileName() + ".msg");
mail.SaveAs(fileName);
attachmentFiles.Add(fileName);
}
else
{
// Create temp text file
string fileName = Path.Combine(Path.GetTempPath(), Path.GetTempFileName() + ".txt");
TextWriter tw = new StreamWriter(fileName);
tw.Write(GetMessageSource(mail, profile.CleanHeaders));
tw.Close();
attachmentFiles.Add(fileName);
}
System.Runtime.InteropServices.Marshal.ReleaseComObject(mail);
}
}
// Are we using a single email or one per report?
if (profile.SendMultiple)
{
// Create the report email
MailItem reportEmail = CreateReportEmail(profile);
// Attach the files
foreach (string attachment in attachmentFiles)
{
reportEmail.Attachments.Add(attachment);
}
// Do we need to keep a copy?
if (!profile.KeepCopy)
{
reportEmail.DeleteAfterSubmit = true;
}
// Send the report
reportEmail.Send();
System.Runtime.InteropServices.Marshal.ReleaseComObject(reportEmail);
}
else
{
// Send one email per report
foreach (string attachment in attachmentFiles)
{
MailItem reportEmail = CreateReportEmail(profile);
reportEmail.Attachments.Add(attachment);
// Do we need to keep a copy?
if (!profile.KeepCopy)
{
reportEmail.DeleteAfterSubmit = true;
}
reportEmail.Send();
System.Runtime.InteropServices.Marshal.ReleaseComObject(reportEmail);
}
}
// Sort out actions on the source emails
for (int i = 1; i <= exp.Selection.Count; i++)
{
if (exp.Selection[i] is MailItem)
{
MailItem mail = (MailItem)exp.Selection[i];
if (profile.MarkAsReadAfterReport)
{
mail.UnRead = false;
}
if (profile.MoveToFolderAfterReport)
{
mail.Move(_app.GetNamespace("MAPI").GetFolderFromID(
profile.MoveFolderName, profile.MoveFolderStoreId));
}
if (profile.DeleteAfterReport)
{
mail.UnRead = false;
mail.Delete();
}
System.Runtime.InteropServices.Marshal.ReleaseComObject(mail);
}
}
}
}
/*
* Helper functions
*/
private void reportPhishingEmailToSecurityTeam(IRibbonControl control)
{
Selection selection = Globals.ThisAddIn.Application.ActiveExplorer().Selection;
string reportedItemType = "NaN"; // email, contact, appointment ...etc
string reportedItemHeaders = "NaN";
if (selection.Count < 1) // no item is selected
{
MessageBox.Show("Select an email before reporting.", "Error");
}
else if (selection.Count > 1) // many items selected
{
MessageBox.Show("You can report 1 email at a time.", "Error");
}
else // only 1 item is selected
{
if (selection[1] is Outlook.MeetingItem || selection[1] is Outlook.ContactItem || selection[1] is Outlook.AppointmentItem || selection[1] is Outlook.TaskItem || selection[1] is Outlook.MailItem)
{
// Identify the reported item type
if (selection[1] is Outlook.MeetingItem)
{
reportedItemType = "MeetingItem";
}
else if (selection[1] is Outlook.ContactItem)
{
reportedItemType = "ContactItem";
}
else if (selection[1] is Outlook.AppointmentItem)
{
reportedItemType = "AppointmentItem";
}
else if (selection[1] is Outlook.TaskItem)
{
reportedItemType = "TaskItem";
}
else if (selection[1] is Outlook.MailItem)
{
reportedItemType = "MailItem";
}
// Prepare Reported Email
Object mailItemObj = (selection[1] as object) as Object;
MailItem mailItem = (reportedItemType == "MailItem") ? selection[1] as MailItem : null; // If the selected item is an email
MailItem reportEmail = (MailItem)Globals.ThisAddIn.Application.CreateItem(OlItemType.olMailItem);
reportEmail.Attachments.Add(selection[1] as Object);
try
{
reportEmail.To = Properties.Settings.Default.infosec_email;
reportEmail.Subject = (reportedItemType == "MailItem") ? "[POTENTIAL PHISH] " + mailItem.Subject : "[POTENTIAL PHISH] " + reportedItemType; // If reporting email, include subject; otherwise, state the type of the reported item
// Get Email Headers
if (reportedItemType == "MailItem")
{
reportedItemHeaders = mailItem.HeaderString();
}
else
{
reportedItemHeaders = "Headers were not extracted because the reported item is not an email. It is " + reportedItemType;
}
// Check if the email is a simulated phishing campaign by Information Security Team
string simulatedPhishingURL = GoPhishIntegration.setReportURL(reportedItemHeaders);
if (simulatedPhishingURL != "NaN")
{
string simulatedPhishingResponse = GoPhishIntegration.sendReportNotificationToServer(simulatedPhishingURL);
// DEBUG: to check if reporting email reaches GoPhish Portal
// MessageBox.Show(simulatedPhishingURL + " --- " + simulatedPhishingResponse);
// Update GoPhish Campaigns Reported counter
Properties.Settings.Default.gophish_reports_counter++;
// Thanks
MessageBox.Show("Good job! You have reported a simulated phishing campaign sent by the Information Security Team.", "We have a winner!");
}
else
{
// Update Suspecious Emails Reported counter
Properties.Settings.Default.suspecious_reports_counter++;
// Prepare the email body
reportEmail.Body = GetCurrentUserInfos();
reportEmail.Body += "\n";
reportEmail.Body += GetBasicInfo(mailItem);
reportEmail.Body += "\n";
reportEmail.Body += GetURLsAndAttachmentsInfo(mailItem);
reportEmail.Body += "\n";
reportEmail.Body += "---------- Headers ----------";
reportEmail.Body += "\n" + reportedItemHeaders;
reportEmail.Body += "\n";
reportEmail.Body += GetPluginDetails() + "\n\n";
reportEmail.Save();
//reportEmail.Display(); // Helps in debugginng
reportEmail.Send(); // Automatically send the email
// Enable if you want a second popup for confirmation
// MessageBox.Show("Thank you for reporting. We will review this report soon. - Information Security Team", "Thank you");
}
// Delete the reported email
mailItem.Delete();
}
catch (System.Exception ex)
{
MessageBox.Show("There was an error! An automatic email was sent to the support to resolve the issue.", "Do not worry");
MailItem errorEmail = (MailItem)Globals.ThisAddIn.Application.CreateItem(OlItemType.olMailItem);
errorEmail.To = Properties.Settings.Default.support_email;
errorEmail.Subject = "[Outlook Addin Error]";
errorEmail.Body = ("Addin error message: " + ex);
errorEmail.Save();
//errorEmail.Display(); // Helps in debugginng
errorEmail.Send(); // Automatically send the email
}
}
else
{
MessageBox.Show("You cannot report this item", "Error");
}
}
}
private void AfterTraining_Spam(MailItem mi)
{
if (this.config.AfterTraining_Spam_DoDelete)
{
// delete mail
mi.Delete();
}
else
{
// mark as read
if (this.config.AfterTraining_Spam_MarkAsRead)
{
mi.UnRead = false;
mi.Save();
}
// prefix
if (this.config.AfterTraining_Spam_DoPrefix)
{
mi.Subject = this.config.AfterTraining_Spam_PrefixWith + " " + mi.Subject;
mi.Save();
}
// move
if (this.config.AfterTraining_Spam_DoMove)
{
if (this.config.AfterTraining_Spam_MoveTo != "")
{
mi.Move(this.mailparser.getFolderByName(this.config.AfterTraining_Spam_MoveTo));
}
}
else
{
// do nothing
}
}
}
