def _make_mail(self, tup):
raw_mail = tup.values[0]
mail_type = tup.values[5]
rand = '_' + ''.join(random.choice('0123456789') for i in range(10))
self.parser = self.mailparser[mail_type](raw_mail)
# get only the mains headers because this number can explode
# Elastic can't manage all possible headers
mail = self.parser.mail_partial
mail["headers"] = self.parser.headers_json
# Data mail sources
mail["mail_server"] = tup.values[1]
mail["mailbox"] = tup.values[2]
mail["priority"] = tup.values[3]
mail["sender_ip"] = self.parser.get_server_ipaddress(tup.values[4])
# Fingerprints of body mail
(mail["md5"], mail["sha1"], mail["sha256"], mail["sha512"],
mail["ssdeep"]) = fingerprints(self.parser.body.encode('utf-8'))
sha256_rand = mail["sha256"] + rand
if mail_type in (MAIL_PATH, MAIL_PATH_OUTLOOK):
mail_string = raw_mail.split("/")[-1].replace(".processing", "")
self.log("{}: {}".format(mail_string, mail["sha256"]))
with open(raw_mail) as f:
mail["size"] = len(f.read())
elif mail_type in (MAIL_STRING):
mail["size"] = len(raw_mail)
# Add path to result
if mail_type == MAIL_PATH:
mail["mail_file"] = raw_mail.split("/")[-1].replace(
".processing", "")
# Dates
if mail.get('date'):
mail["date"] = mail.get('date').isoformat()
else:
mail["date"] = datetime.datetime.utcnow().isoformat()
mail["analisys_date"] = datetime.datetime.utcnow().isoformat()
# Adding custom headers
for h in tup.values[6]:
mail["custom_" + h] = get_header(self.parser.message, h)
# Remove attachments
mail.pop("attachments", None)
return sha256_rand, mail
def _make_mail(self, tup):
raw_mail = tup.values[0]
mail_type = tup.values[5]
rand = '_' + ''.join(random.choice('0123456789') for i in range(10))
self.parser = self.mailparser[mail_type](raw_mail)
mail = self.parser.mail
# Data mail sources
mail["mail_server"] = tup.values[1]
mail["mailbox"] = tup.values[2]
mail["priority"] = tup.values[3]
mail["sender_ip"] = self.parser.get_server_ipaddress(tup.values[4])
# Fingerprints of body mail
(mail["md5"], mail["sha1"], mail["sha256"], mail["sha512"],
mail["ssdeep"]) = fingerprints(self.parser.body.encode('utf-8'))
sha256_rand = mail["sha256"] + rand
# Add path to result
if mail_type == MAIL_PATH:
mail["path_mail"] = raw_mail
# Dates
if mail.get('date'):
mail["date"] = mail.get('date').isoformat()
else:
mail["date"] = datetime.datetime.utcnow().isoformat()
mail["analisys_date"] = datetime.datetime.utcnow().isoformat()
# Adding custom headers
for h in tup.values[6]:
mail["custom_" + h] = get_header(self.parser.message, h)
# Remove attachments
mail.pop("attachments", None)
return sha256_rand, mail
def test_get_header(self):
mail = mailparser.parse_from_file(mail_test_1)
h1 = get_header(mail.message, "from")
self.assertIsInstance(h1, six.text_type)