def _make_mail(self, tup): raw_mail = tup.values[0] mail_type = tup.values[5] rand = '_' + ''.join(random.choice('0123456789') for i in range(10)) self.parser = self.mailparser[mail_type](raw_mail) # get only the mains headers because this number can explode # Elastic can't manage all possible headers mail = self.parser.mail_partial mail["headers"] = self.parser.headers_json # Data mail sources mail["mail_server"] = tup.values[1] mail["mailbox"] = tup.values[2] mail["priority"] = tup.values[3] mail["sender_ip"] = self.parser.get_server_ipaddress(tup.values[4]) # Fingerprints of body mail (mail["md5"], mail["sha1"], mail["sha256"], mail["sha512"], mail["ssdeep"]) = fingerprints(self.parser.body.encode('utf-8')) sha256_rand = mail["sha256"] + rand if mail_type in (MAIL_PATH, MAIL_PATH_OUTLOOK): mail_string = raw_mail.split("/")[-1].replace(".processing", "") self.log("{}: {}".format(mail_string, mail["sha256"])) with open(raw_mail) as f: mail["size"] = len(f.read()) elif mail_type in (MAIL_STRING): mail["size"] = len(raw_mail) # Add path to result if mail_type == MAIL_PATH: mail["mail_file"] = raw_mail.split("/")[-1].replace( ".processing", "") # Dates if mail.get('date'): mail["date"] = mail.get('date').isoformat() else: mail["date"] = datetime.datetime.utcnow().isoformat() mail["analisys_date"] = datetime.datetime.utcnow().isoformat() # Adding custom headers for h in tup.values[6]: mail["custom_" + h] = get_header(self.parser.message, h) # Remove attachments mail.pop("attachments", None) return sha256_rand, mail
def _make_mail(self, tup): raw_mail = tup.values[0] mail_type = tup.values[5] rand = '_' + ''.join(random.choice('0123456789') for i in range(10)) self.parser = self.mailparser[mail_type](raw_mail) mail = self.parser.mail # Data mail sources mail["mail_server"] = tup.values[1] mail["mailbox"] = tup.values[2] mail["priority"] = tup.values[3] mail["sender_ip"] = self.parser.get_server_ipaddress(tup.values[4]) # Fingerprints of body mail (mail["md5"], mail["sha1"], mail["sha256"], mail["sha512"], mail["ssdeep"]) = fingerprints(self.parser.body.encode('utf-8')) sha256_rand = mail["sha256"] + rand # Add path to result if mail_type == MAIL_PATH: mail["path_mail"] = raw_mail # Dates if mail.get('date'): mail["date"] = mail.get('date').isoformat() else: mail["date"] = datetime.datetime.utcnow().isoformat() mail["analisys_date"] = datetime.datetime.utcnow().isoformat() # Adding custom headers for h in tup.values[6]: mail["custom_" + h] = get_header(self.parser.message, h) # Remove attachments mail.pop("attachments", None) return sha256_rand, mail
def test_get_header(self): mail = mailparser.parse_from_file(mail_test_1) h1 = get_header(mail.message, "from") self.assertIsInstance(h1, six.text_type)