def inline(): """This is an inline mode of CuckooMX In this mode, CuckooMX will capture, extract and analyze mails are transferring on traffic. Please not that with this mode, CuckooMX maybe affect Mail service, so we recommend using SPAN port. NOTE: Please note that this mode is under development """ cfg = Config("cuckoomx") enabled = cfg.inline.get("enalbed") if enabled is False: return False while True: nothing_to_check = True for root, dirnames, filenames in os.walk(store): for filename in fnmatch.filter(filenames, '*.msg'): path = os.path.join(root, filename) mail = Mail(path) mail.parse() log.debug("Parsing mail %s at %s", mail.get_msg_id(), path) if mail.is_exist() is True: continue if mail.analyze() is False: continue # Okay, add it to database dbmx = DatabaseMX() dbmx.add_mail(mail) nothing_to_check = False log.debug("Add mail %s to database", mail.get_msg_id()) if nothing_to_check: time.sleep(1)
def offside(): """This is an offside mode of CuckooMX In this mode, CuckooMX will find and analyze mails are stored on hard disk (ext .msg). With this mode, CuckooMX will not affect Mail service. Please note that CuckooMX need permission to access storage folder of Mail service, it don't need write permission """ cfg = Config("cuckoomx") enabled = cfg.offside.get("enalbed") store = cfg.offside.get("store") if enabled is False: return False while True: nothing_to_check = True for root, dirnames, filenames in os.walk(store): for filename in fnmatch.filter(filenames, '*.msg'): path = os.path.join(root, filename) mail = Mail(path) mail.parse() log.debug("Parsing mail %s at %s", mail.get_msg_id(), path) if mail.is_exist() is True: continue if mail.analyze() is False: continue dbmx = DatabaseMX() dbmx.add_mail(mail) nothing_to_check = False log.debug("Add mail %s to database", mail.get_msg_id()) if nothing_to_check: time.sleep(1)
def inline(): """This is an inline mode of CuckooMX In this mode, CuckooMX will capture, extract and analyze mails are transferring on traffic. Please not that with this mode, CuckooMX maybe affect Mail service, so we recommend using SPAN port. NOTE: Please note that this mode is under development """ cfg = Config("cuckoomx") enabled = cfg.inline.get("enalbed") if enabled is False: return False while True: nothing_to_check = True for root, dirnames, filenames in os.walk(store): for filename in fnmatch.filter(filenames, "*.msg"): path = os.path.join(root, filename) mail = Mail(path) mail.parse() log.debug("Parsing mail %s at %s", mail.get_msg_id(), path) if mail.is_exist() is True: continue if mail.analyze() is False: continue # Okay, add it to database dbmx = DatabaseMX() dbmx.add_mail(mail) nothing_to_check = False log.debug("Add mail %s to database", mail.get_msg_id()) if nothing_to_check: time.sleep(1)