def __init__(self):
"""Initialize info for Request"""
cfg = Config("cuckoomx")
self.machines = cfg.cuckoomx.get("machines")
self.api_url = cfg.cuckoo.get("api_url")
self.maximum_tasks_pending = cfg.cuckoomx.get("maximum_tasks_pending")
self.dbmx = DatabaseMX()
def cuckoomx_clean():
"""Remove database and log of CuckooMX"""
dbmx = DatabaseMX()
dbmx.drop_database()
# Delete log
path = os.path.join(CUCKOOMX_ROOT, "log", "cuckoomx.log")
try:
os.unlink(path)
except (IOError, OSError) as e:
log.warning("Error removing file %s: %s", path, e)
def inline():
"""This is an inline mode of CuckooMX
In this mode, CuckooMX will capture, extract and analyze mails are
transferring on traffic. Please not that with this mode, CuckooMX maybe
affect Mail service, so we recommend using SPAN port.
NOTE: Please note that this mode is under development
"""
cfg = Config("cuckoomx")
enabled = cfg.inline.get("enalbed")
if enabled is False:
return False
while True:
nothing_to_check = True
for root, dirnames, filenames in os.walk(store):
for filename in fnmatch.filter(filenames, '*.msg'):
path = os.path.join(root, filename)
mail = Mail(path)
mail.parse()
log.debug("Parsing mail %s at %s", mail.get_msg_id(), path)
if mail.is_exist() is True:
continue
if mail.analyze() is False:
continue
# Okay, add it to database
dbmx = DatabaseMX()
dbmx.add_mail(mail)
nothing_to_check = False
log.debug("Add mail %s to database", mail.get_msg_id())
if nothing_to_check:
time.sleep(1)
def offside():
"""This is an offside mode of CuckooMX
In this mode, CuckooMX will find and analyze mails are stored on hard
disk (ext .msg). With this mode, CuckooMX will not affect Mail service.
Please note that CuckooMX need permission to access storage folder of Mail
service, it don't need write permission
"""
cfg = Config("cuckoomx")
enabled = cfg.offside.get("enalbed")
store = cfg.offside.get("store")
if enabled is False:
return False
while True:
nothing_to_check = True
for root, dirnames, filenames in os.walk(store):
for filename in fnmatch.filter(filenames, '*.msg'):
path = os.path.join(root, filename)
mail = Mail(path)
mail.parse()
log.debug("Parsing mail %s at %s", mail.get_msg_id(), path)
if mail.is_exist() is True:
continue
if mail.analyze() is False:
continue
dbmx = DatabaseMX()
dbmx.add_mail(mail)
nothing_to_check = False
log.debug("Add mail %s to database", mail.get_msg_id())
if nothing_to_check:
time.sleep(1)
def __init__(self, path):
"""Initialize
@param path: path to a file mail.msg
"""
self.path = path
self.msg_id = None
self.msg_ori = None
self.date = None
self.sender = None
self.sender_ip = None
self.subject = None
self.receiver = []
self.cc = None
self.content = None
self.content_length = None
self.status = 0
self.urls = []
self.attachments = []
self.tasks = []
self.safebrowsing = None
self.dbmx = DatabaseMX()
def checking():
"""Thread checking() will check a result of Cuckoo"""
cfg = Config("cuckoomx")
critical_malscore = cfg.cuckoomx.get("critical_malscore", 6)
warning_malscore = cfg.cuckoomx.get("warning_malscore", 2)
dbmx = DatabaseMX()
# This is not fun for me, I can't find @para malscore in API so I have
# to use cuckoo database, sorry for the inconvenience
dbcuckoo = None
try:
host = cfg.mongodb.get("host", "127.0.0.1")
port = cfg.mongodb.get("port", 27017)
conn = MongoClient(host, port)
dbcuckoo = conn["cuckoo"]
except:
log.error("Cannot connect to database Mongodb")
while True:
for mail in dbmx.get_mails_not_done():
if mail["tasks"] is None:
# This mail don't have anything to check, it is okay.
# Update status = 1 and continue with a next mail
dbmx.set_mail_status(mail["id"], 1)
continue
# Keep calm and sleep 1s, we will check mail soon :)
log.debug("Checking mail %s with %s tasks", mail["id"],
len(mail["tasks"]))
time.sleep(1)
check_all_tasks = True
for task in mail["tasks"]:
if task["date_checked"] is not None:
continue
task_id = task["task_id"]
document = dbcuckoo.analysis.find_one(
{"info.id": int(task_id)})
if document is None:
# Ops, this task is not done yet, continue with a next task
check_all_tasks = False
continue
malscore = document["malscore"]
if malscore >= critical_malscore:
dbmx.inc_mails_have_malwares()
log.critical("Mail %s, task %s has malware", mail["id"],
task_id)
elif malscore >= warning_malscore:
log.critical("Mail %s, task %s have something wrong",
mail["id"], task_id)
dbmx.set_task_malscore(mail["id"],
task_id=task_id,
malscore=malscore)
if check_all_tasks:
dbmx.set_mail_ended(mail["id"])
def init_database():
"""Initialize Database CuckooMX"""
dbmx = DatabaseMX()
dbmx.create_database()
