def process(self, tup):
try:
sha256_rand, mail = self._make_mail(tup)
with_attachments = False
attachments = []
body = self.parser.body
# If filter network is enabled
is_filtered = False
if self.filter_network_enabled:
if mail["sender_ip"] in self._network_analyzed:
is_filtered = True
# Update databese mail analyzed
self._network_analyzed.append(mail["sender_ip"])
# If filter mails is enabled
is_filtered = False
if self.filter_mails_enabled:
if mail["sha1"] in self._mails_analyzed:
mail.pop("body", None)
body = six.text_type()
is_filtered = True
# Update databese mail analyzed
self._mails_analyzed.append(mail["sha1"])
# Emit only attachments
raw_attach = self.parser.attachments_list
if raw_attach:
with_attachments = True
attachments = MailAttachments.withhashes(raw_attach)
# If filter attachments is enabled
if self.filter_attachments_enabled:
hashes = attachments.filter(self._attachments_analyzed)
self._attachments_analyzed.extend(hashes)
except TypeError:
pass
except UnicodeDecodeError:
pass
else:
# Emit network
self.emit([sha256_rand, mail["sender_ip"], is_filtered],
stream="network")
# Emit mail
self.emit([sha256_rand, mail, is_filtered], stream="mail")
# Emit body
self.emit([sha256_rand, body, is_filtered], stream="body")
self.emit([sha256_rand, with_attachments,
list(attachments)],
stream="attachments")
def process(self, tup):
try:
sha256_rand, mail = self._make_mail(tup)
sha256 = sha256_rand.split("_")[0]
self.log("Processing started: {}".format(sha256))
with_attachments = False
attachments = []
body = self.parser.body
raw_mail = tup.values[0]
mail_type = tup.values[5]
# If filter network is enabled
is_filtered_net = False
if self.filter_network:
if mail["sender_ip"] in self.analyzed_network:
is_filtered_net = True
# Update database ip addresses analyzed
self.analyzed_network.append(mail["sender_ip"])
# If filter mails is enabled
is_filtered_mail = False
if self.filter_mails:
if mail["sha1"] in self.analyzed_mails:
mail.pop("body", None)
body = six.text_type()
raw_mail = six.text_type()
is_filtered_mail = True
# Update database mails analyzed
self.analyzed_mails.append(mail["sha1"])
if self.parser.attachments:
with_attachments = True
attachments = MailAttachments.withhashes(
self.parser.attachments)
# If filter attachments is enabled
if self.filter_attachments:
hashes = attachments.filter(self.analyzed_attachments)
self.analyzed_attachments.extend(hashes)
except TypeError, e:
self.raise_exception(e, tup)
def process(self, tup):
try:
sha256_rand, mail = self._make_mail(tup)
with_attachments = False
attachments = []
body = self.parser.body
# If filter network is enabled
is_filtered = False
if self.filter_network_enabled:
if mail["sender_ip"] in self._network_analyzed:
is_filtered = True
# Update databese mail analyzed
self._network_analyzed.append(mail["sender_ip"])
# If filter mails is enabled
is_filtered = False
if self.filter_mails_enabled:
if mail["sha1"] in self._mails_analyzed:
mail.pop("body", None)
body = six.text_type()
is_filtered = True
# Update databese mail analyzed
self._mails_analyzed.append(mail["sha1"])
# Emit only attachments
raw_attach = self.parser.attachments_list
if raw_attach:
with_attachments = True
attachments = MailAttachments.withhashes(raw_attach)
# If filter attachments is enabled
if self.filter_attachments_enabled:
hashes = attachments.filter(self._attachments_analyzed)
self._attachments_analyzed.extend(hashes)
except TypeError, e:
self.raise_exception(e, tup)