SYNTAX

ripMIME -i <mime file> -d <directory>

[-p prefix] [-e [headerfile]]

[-v] [-q] [--verbose-contenttype] [--verbose-oldstyle] [--verbose-defects] [--stdout] [--stderr] [--syslog]

[--paranoid]

[--name-by-type] [--no-nameless] [--overwrite] [--no_nameless]

[--unique_names[--prefix|--postfix|--infix]] [--mailbox]

[--no-quotedprintable] [--no-uudecode] [--no-ole] [--no-doublecr] [--no-mht]

[--disable-qmail-bounce] [--recursion-max <level>]

[--no-multiple-filenames]

[--exteded-errors] [--debug] [--version|-V] [--buildcodes] [-h]

DESCRIPTION

ripMIME is a command line tool used to aid in the extraction of email borne attachments to files which can be processed using other UNIX tools. ripMIME supports both the RFC MIME standards as well as being able to behave according to various MUA 'features' which are often used as exploitation holes.

OPTIONS

-i

Input MIME encoded file (use '-' to input from STDIN)

-d

Output directory

-p

Specify prefix filename to be used on files without a filename (default 'text')

-e [headers file name]

Dump headers from mailpack (default '_headers_')

-v

Turn on verbosity

-q

Run quietly, do not report non-fatal errors

--verbose-contenttype

Turn on verbosity of file content type

--verbose-oldstyle

Uses the v1.2.x style or filename reporting

--verbose-defects

Report MIME header/body defects located in the mailpack

--stdout

All reporting goes to stdout (Default)

--stderr

All reporting goes to stderr

--syslog

All reporting goes to syslog

--no-paranoid

[ Deprecated ] Turns off strict ascii-alnum filenaming

--paranoid

Converts all filenames to strict 7-bit compliance

--name-by-type

Saves a given attachment by its content-type if it has no other name

--no-nameless

Do not save nameless attachments

--overwrite

Overwrite files if they have the same name on extraction

--unique-names

Dont overwrite existing files (This is the default behaviour)

--prefix

rename by putting unique code at the front of the filename

--postfix

rename by putting unique code at the end of the filename

--infix

rename by putting unique code in the middle of the filename

--recursion-max <maximum level>

Set the maximum recursion level into a mailpack. Often emails are forwarded copies of an existing email, each time this is done a new recursion level is required. Malicious emails can be constructed with many hundereds of recursion levels to induce stack faults in decoding programs. ripMIME is hard coded with a default of 20 levels, this may be overidden using this parameter.

--mailbox

Process mailbox file

--extended-errors

Returns error codes for non-fatal decoding situations

--debug

Produces detailed information about the whole decoding process

Attachment type decoding switches

--no-ole

Turn off OLE decoding

--no-uudecode

Turns off the facility of detecting UUencoded attachments in emails

--no-quotedprintable

Turns off the facility of decoding QuotedPrintable data

--no-doublecr

Turns off saving of double-CR embedded data

--no-mht

Turns off MHT (a Microsoft mailpack attachment format ) decoding

--disable-qmailbounce

Turns off ripMIME's look-ahead searching for RFC822 headers within a body of text. Normally the look-ahead is useful for decoding embedded emails which have been bounced back by systems like qmail, but have been included in such a way that they are not meant to be decoded, unfortunately some MUA (Outlook for one) still decode it, hence we need to by default check for attachments in such forwarded bodies.

--no-multiple-filenames

Turns off the behaviour of handling multiple filename occurances in a single MIME header. Normally ripMIME will generate a hard link for each additional filename beyond the original attachment filename detected.

Note that this Debian version does not include the --no-tnef switch. The tnef package may be useful as an alternative.

Auxillary parameters

--buildcodes

Displays the information obtained by the Makefile script when ripMIME was built. This includes the Unix timestamp, human readable version of the timestamp and the output from 'uname -a'.

-V --version

Give version information

-h

Terse information on how to use ripMIME.

FILES

None

ENVIRONMENT VARIABLES

None

EXAMPLES

To unpack an email in a file 'mailpack' to the directory /tmp with verbose output of the files unpacked;

ripmime -i mailpack -v -d /tmp

AUTHORS

Paul L Daniels

ripMIME WWW site http://www.pldaniels.com/ripmime

ripMIME mailing list <[email protected]>

For mailpacks which do not appear to decode correctly - please email to <[email protected]>

RELATED TO ripmime…

altermime(1), inflex(1), ripole(1), opentnef(1), tnef(1)