Raw (eml) Email Extraction Bro 2.4

Hi Everyone,

I would like to do full email extraction (eml) to file from STMP traffic; should this happen naturally with the new file extraction framework?

I found this exchange from a while back, but haven’t found anything more recent on the topic:

http://mailman.icsi.berkeley.edu/pipermail/bro/2014-July/007224.html

I’m currently using Bro 2.4 and a script pretty similar to this one for file extraction:
https://github.com/Security-Onion-Solutions/securityonion-bro-scripts/blob/master/file-extraction/extract.bro

It looks like I’m getting the message content and attachments, but apparently not the raw email.

Thanks very much!

– Vinnie