Exemple #1
0
        public static IList <string> Headers(this MailItem mailItem, string name)
        {
            var headers = mailItem.Headers();

            if (headers.Contains(name))
            {
                return(headers[name].ToList());
            }

            return(new List <string>());
        }
Exemple #2
0
        private string GenerateReportBody(MailItem reportedMailItem)
        {
            var emailHeadersTable = new StringBuilder();

            foreach (var header in reportedMailItem.Headers())
            {
                foreach (var value in header)
                {
                    emailHeadersTable.AppendFormat(Resources.EmailHeaderTableRowHtml, header.Key, value);
                }
            }

            var body = Encoding.UTF8.GetString(Resources.email);

            body = body.Replace(String.Format("{0}{1}{0}", Constants.EMAIL_TOKEN_SEPERATOR, Constants.EMAIL_HEADERS_TOKEN), emailHeadersTable.ToString());

            return(body);
        }
Exemple #3
0
        private void CreateNewMailToSecurityTeam(IRibbonControl control)
        {
            Selection selection =
                Globals.ThisAddIn.Application.ActiveExplorer().Selection;

            if (selection.Count == 1)                 // Check that selection is not empty.
            {
                object   selectedItem = selection[1]; // Index is one-based.
                Object   mailItemObj  = selectedItem as Object;
                MailItem mailItem     = null;         // selectedItem as MailItem;
                if (selection[1] is Outlook.MailItem)
                {
                    mailItem = selectedItem as MailItem;
                }

                MailItem tosend = (MailItem)Globals.ThisAddIn.Application.CreateItem(OlItemType.olMailItem);
                tosend.Attachments.Add(mailItemObj);

                #region create mail from default
                try
                {
                    tosend.To      = Properties.Settings.Default.Security_Team_Mail;
                    tosend.Subject = "[User Alert] Suspicious mail";

                    tosend.CC  = Properties.Settings.Default.Security_Team_Mail_cc;
                    tosend.BCC = Properties.Settings.Default.Security_Team_Mail_bcc;

                    #region retrieving message header
                    string allHeaders = "";
                    if (selection[1] is Outlook.MailItem)
                    {
                        string[] preparedByArray = mailItem.Headers("X-PreparedBy");
                        string   preparedBy;
                        if (preparedByArray.Length == 1)
                        {
                            preparedBy = preparedByArray[0];
                        }
                        else
                        {
                            preparedBy = "";
                        }
                        allHeaders = mailItem.HeaderString();
                    }
                    else
                    {
                        string typeFound = "unknown";
                        typeFound = (selection[1] is Outlook.MailItem) ? "MailItem" : typeFound;

                        if (typeFound == "unknown")
                        {
                            typeFound = (selection[1] is Outlook.MeetingItem) ? "MeetingItem" : typeFound;
                        }

                        if (typeFound == "unknown")
                        {
                            typeFound = (selection[1] is Outlook.ContactItem) ? "ContactItem" : typeFound;
                        }

                        if (typeFound == "unknown")
                        {
                            typeFound = (selection[1] is Outlook.AppointmentItem) ? "AppointmentItem" : typeFound;
                        }

                        if (typeFound == "unknown")
                        {
                            typeFound = (selection[1] is Outlook.TaskItem) ? "TaskItem" : typeFound;
                        }

                        allHeaders = "Selected Outlook item was not a mail (" + typeFound + "), no header extracted";
                    }

                    #endregion

                    string SwordPhishURL = SwordphishObject.SetHeaderIDtoURL(allHeaders);

                    if (SwordPhishURL != SwordphishObject.NoHeaderFound)
                    {
                        string SwordPhishAnswer = SwordphishObject.SendNotification(SwordPhishURL);
                    }
                    else
                    {
                        tosend.Body  = "Hello, I received the attached email and I think it is suspicious";
                        tosend.Body += "\n";
                        tosend.Body += "I think this mail is malicious for the following reasons:";
                        tosend.Body += "\n";
                        tosend.Body += "Please analyze and provide some feedback.";
                        tosend.Body += "\n";
                        tosend.Body += "\n";

                        tosend.Body += GetCurrentUserInfos();

                        tosend.Body += "\n\nMessage headers: \n--------------\n" + allHeaders + "\n\n";

                        tosend.Save();
                        tosend.Display();
                    }
                }
                catch (System.Exception ex)
                {
                    MessageBox.Show("Using default template" + ex.Message);

                    MailItem mi = (MailItem)Globals.ThisAddIn.Application.CreateItem(OlItemType.olMailItem);
                    mi.To      = Properties.Settings.Default.Security_Team_Mail;
                    mi.Subject = "Security addin error";
                    String txt = ("An error occured, please notify your security contact and give him/her the following information: " + ex);
                    mi.Body = txt;
                    mi.Save();
                    mi.Display();
                }
            }
            else if (selection.Count < 1)   // Check that selection is not empty.
            {
                MessageBox.Show("Please select one mail.");
            }
            else if (selection.Count > 1)
            {
                MessageBox.Show("Please select only one mail to be raised to the security team.");
            }
            else
            {
                MessageBox.Show("Bad luck... this case has not been identified by the dev");
            }
        }
Exemple #4
0
        private void CreateNewMailToSecurityTeam(IRibbonControl control)
        {
            Selection selection =
                Globals.ThisAddIn.Application.ActiveExplorer().Selection;

            if (selection.Count == 1)                 // Check that selection is not empty.
            {
                object   selectedItem = selection[1]; // Index is one-based.
                Object   mailItemObj  = selectedItem as Object;
                MailItem mailItem     = null;         // selectedItem as MailItem;
                if (selection[1] is Outlook.MailItem)
                {
                    mailItem = selectedItem as MailItem;
                }

                MailItem tosend = (MailItem)Globals.ThisAddIn.Application.CreateItem(OlItemType.olMailItem);
                tosend.Attachments.Add(mailItemObj);

                #region create mail from default
                try
                {
                    tosend.To      = Properties.Settings.Default.Security_Team_Mail;
                    tosend.Subject = Resources.EmailSubject;

                    tosend.CC  = Properties.Settings.Default.Security_Team_Mail_cc;
                    tosend.BCC = Properties.Settings.Default.Security_Team_Mail_bcc;

                    #region retrieving message header
                    string allHeaders = "";
                    if (selection[1] is Outlook.MailItem)
                    {
                        string[] preparedByArray = mailItem.Headers("X-PreparedBy");
                        string   preparedBy;
                        if (preparedByArray.Length == 1)
                        {
                            preparedBy = preparedByArray[0];
                        }
                        else
                        {
                            preparedBy = "";
                        }
                        allHeaders = mailItem.HeaderString();
                    }
                    else
                    {
                        string typeFound = "unknown";
                        typeFound = (selection[1] is Outlook.MailItem) ? "MailItem" : typeFound;

                        if (typeFound == "unknown")
                        {
                            typeFound = (selection[1] is Outlook.MeetingItem) ? "MeetingItem" : typeFound;
                        }

                        if (typeFound == "unknown")
                        {
                            typeFound = (selection[1] is Outlook.ContactItem) ? "ContactItem" : typeFound;
                        }

                        if (typeFound == "unknown")
                        {
                            typeFound = (selection[1] is Outlook.AppointmentItem) ? "AppointmentItem" : typeFound;
                        }

                        if (typeFound == "unknown")
                        {
                            typeFound = (selection[1] is Outlook.TaskItem) ? "TaskItem" : typeFound;
                        }

                        allHeaders = Resources.ItemNotMail;
                    }

                    #endregion

                    string SwordPhishURL = SwordphishObject.SetHeaderIDtoURL(allHeaders);

                    if (SwordPhishURL != SwordphishObject.NoHeaderFound)
                    {
                        string SwordPhishAnswer = SwordphishObject.SendNotification(SwordPhishURL);
                    }
                    else
                    {
                        tosend.Body  = Resources.EmailBody_line1; //"Hello, I received the attached email and I think it is suspicious";
                        tosend.Body += "\n";
                        tosend.Body += Resources.EmailBody_line2; //"I think this mail is malicious for the following reasons:";
                        tosend.Body += "\n";
                        tosend.Body += Resources.EmailBody_YourReason;
                        tosend.Body += "\n";
                        tosend.Body += Resources.EmailBody_line3; //"Please analyze and provide some feedback.";
                        tosend.Body += "\n";
                        tosend.Body += "\n";

                        tosend.Body += GetCurrentUserInfos();

                        tosend.Body += "\n\n" + Resources.EmailBody_msgHeader + ": \n--------------\n" + allHeaders + "\n\n";

                        tosend.Save();
                        tosend.Display();
                    }
                }
                catch (System.Exception ex)
                {
                    MessageBox.Show(Resources.UsingDefaultTemplate + ex.Message, Resources.MsgBox_Title);

                    MailItem mi = (MailItem)Globals.ThisAddIn.Application.CreateItem(OlItemType.olMailItem);
                    mi.To      = Properties.Settings.Default.Security_Team_Mail;
                    mi.Subject = Resources.ErrorSubject;
                    String txt = (Resources.ErrorText + ex);
                    mi.Body = txt;
                    mi.Save();
                    mi.Display();
                }
            }
            else if (selection.Count < 1)   // Check that selection is not empty.
            {
                MessageBox.Show(Resources.MsgSelectOneMail, Resources.MsgBox_Title);
            }
            else if (selection.Count > 1)
            {
                MessageBox.Show(Resources.MsgSelectOnlyOneMail, Resources.MsgBox_Title);
            }
            else
            {
                MessageBox.Show(Resources.MsgBadLuck, Resources.MsgBox_Title);
            }
        }