Workflow

Yara-mail

Latest version: v3.2.0

Safety actively analyzes 681866 Python packages for vulnerabilities to keep your Python projects secure.

Scan your dependencies

Page 6 of 8

2.0.5

Not secure
- Fix bug where lists from empty files returned `[""]` instead of `[]`
- Add `has_attachment` Boolean to the dictionary returned by `MailScanner.scan_email()` for easy troubleshooting of rules with `no_attachment = true` set

2.0.4

Not secure
- Fix `-b`/`--raw-body` CLI option
- Add `no_attachments` option for YARA rule meta sections

2.0.3

Not secure
- Add `-r`/`--raw-headers` and `-b`/`--raw-body` options to the CLI

2.0.2

Not secure
- The `include_sld_in_auth_check` parameter in `MailScanner.__init__()` is now `False` by default
- Added `-s/--sld` and `--max-zip-depth` options to the CLI
- Removed CLI and installation documentation from `README.md`

2.0.1

Not secure
- Remove CLI environment variables
- Add CLI options `-m` and `-o`
- Only honor `auth_optional` rule `meta` value if rule `meta` value `category` is `safe`
- Fix attachment rules not being used in the CLI

2.0.0

Not secure
- Major refactoring
- Many arguments added to `MailScanner.__init__()` or moved from `MailScanner.scan_email()` to `MailScanner.__init__()`
- `passwords`
- `max_zip_depth`
- `trusted_domains`
- `trusted_domains_yara_safe_required`
- `include_sld_in_auth_check`
- `allow_multiple_authentication_results`
- `use_authentication_results_original`
- Instead of returning a list of matches, `MailScanner.scan_email()` now returns a dictionary with the following keys
- `matches` - The list of YARA matches
- `categories` - A deduplicated list of categories from the `category` meta value in YARA rule matches
- `trusted_domain` - A boolean indicating if the authenticated from domain is in the `trusted_domains` list
- `trusted_domain_yara_safe_required` - A boolean indicating if the authenticated from domain is in the `trusted_domains_yara_safe_required` list
- `auth_optional` - A boolean indicating if the from domain authentication check is optional
- `verdict` a verdict based on the above
- Added new options to the CLI
- Pass `-` as the scan path to scan a single email from standard input (stdin)
- `--passwords` - A path to a list of passwords to use when brute-forcing password-protected attachments
- `--trusted-domains-yara` - A path to a list of from domains that also require a YARA safe match
- `-t` `--test` - Test rules based on verdicts matching the name of the folder a sample is in

Page 6 of 8

Links

Releases

Has known vulnerabilities

Previous Next

© 2024 Safety CLI Cybersecurity Inc. All Rights Reserved.