It’s possible to analyze more than 5 millions of mails (without attachments post processors) for the day with a 4 cores server and 4 GB of RAM.
Why should I use SpamScope
- It’s very fast: the job is splitted in functionalities that work in parallel.
- It’s flexible: you can choose what SpamScope has to do.
- It’s distributed: SpamScope uses Apache Storm, free and open source distributed real-time computation system.
- It makes JSON output that you can save where you want.
- It’s easy to setup: there are docker images and docker-compose ready for use.
- It’s integrated with Apache Tika, VirusTotal, and Thug (for now).
- It’s free (for special functions you can contact me).
It comes with the following bolts:
- tokenizer splits mail in token like headers, body, attachments and it can filter emails, attachments and ip addresses already seen
- phishing looks for your keywords in email and connects email to targets (bank, your customers, etc.)
- raw_mail is for all third-party tools that analyze raw mails like SpamAssassin
- attachments analyze all mail attachments and use third-party tools like VirusTotal
- network analyzes all sender ip addresses with third-party tools like Shodan
- urls extract all urls in email and attachments
- json_maker and outputs make the json report and save it
makefileto debug running topology
- Added more stable topologies with
iter-files-mails, the uses generator to send mails to topology. It’s memory safe and stable
- Fixed many bug to avoid topology restarts
- Added three new topologies that use new spout
Copyright 2016 Fedele Mantuano