Question - Attachments for Security Incidents? (Closed)

njaehnert · April 27, 2017, 8:12pm

Hello all,

I’m running into an issue when uploading attachments to an existing Security Incident. I’ve included two JPGs and two EML (email export files). I drag or select them for upload, but can’t do anything after that.

When I hover over them, I get differing errors for the different file types. Screenshots below:

JPG File:

Email Attachment:

Any ideas what the issue might be here?

Thanks,

-Noah

eramba · April 28, 2017, 2:53am

I tried uploading things and i did not have issues.

The EML format is not an allowed extension (we can permit that on the next release next week, also improve the error message). The Image, im not sure why you get that, a few questions:

Can you upload files (other formats, like a .txt) on the same place you cant upload that image?

Regards!

njaehnert · April 28, 2017, 1:13pm

Tried a .txt file, as well as .png image file and they worked just fine.

JPG and EML seem to not be working.

-Noah

eramba · April 28, 2017, 4:24pm

OK - what i suspected.

eramba checks two things on each attachment:

1/ mime type
2/ file extension

EML im sure is not allowed, we’ll do that part. The image is the part that confuses me, once in the past i had a JPG file that (for some strange reason) had a strange mimetype (non jpg).

http://mime.ritey.com/

This website if you upload the file will tell you the mime type , you can tell me the extension on the file. With that i can check what could be the problem , would you mind helping us with that?

My takeaways:

improve error message when upload is denied (this is quick)
allow EML
Create a settings config where users can do this stuff by themselves (this will take a little longer)

Thanks Noah!

njaehnert · April 28, 2017, 5:04pm

You nailed it - Using mime.ritey.com, the mime type of the JPG photo shows up as “application/octet-stream”

This was a photo taken with someone’s camera phone that was then embedded in an email in MS Outlook (for Mac). I right-clicked the picture and did a “Save as”. Apparently while it did save as a JPEG format, the mime type was not set correctly.

To verify, I opened the previous image in Mac OS X Preview and did an Export As, and selected JPEG. Now when I upload to mime.ritey.com, it shows up as image/jpeg.

Uploading to Eramba worked as expected/correctly with this new version of the file as well.

As a workaround for the .EML files, I opened the original source email in Outlook and printed to PDF, then uploaded the PDF to Eramba.

Thank you for your help clarifying this. I do believe that the steps you outlined above would help alleviate confusion in the future, especially providing more detailed/contextual error messages.

-Noah

eramba · April 29, 2017, 2:16am

Great !

https://github.com/kisero/eramba_v2/issues/590

for the stuff we owed you.