public DomainElementSigner(DomainElement domain, MimeKit.Cryptography.DkimSigner signerInstance) { DomainElement = domain; Signer = signerInstance; }
/// <summary> /// Method used to provide recursive processing /// </summary> /// <param name="session"></param> /// <param name="message"></param> /// <param name="multipart"></param> /// <param name="outputDir"></param> /// <param name="dir"></param> private void ProcessMultipart(Session session, MimeKit.MimeMessage message, MimeKit.Multipart multipart, string dir) { foreach (var subpart in multipart) { if (subpart is MimeKit.Multipart) { var temp = (Multipart)subpart; ProcessMultipart(session, message, temp, dir); continue; } if (subpart is MimeKit.MessagePart) { var temp = (MimeKit.MessagePart)subpart; ProcessMessage(session, temp.Message, dir); continue; } ProcessAttachment(session, message, subpart, dir); } }
/// <summary> /// /// </summary> /// <param name="session"></param> /// <param name="message"></param> /// <param name="mimeEntity"></param> /// <param name="outputDir"></param> /// <param name="dir"></param> private void ProcessAttachment(Session session, MimeKit.MimeMessage message, MimeKit.MimeEntity mimeEntity, string dir) { var part = (MimePart)mimeEntity; if (part.IsAttachment == false) { return; } string path = string.Empty; string fileName = string.Empty; try { // It appears that it is possible for filenames to have new line characters in them! path = woanware.Path.ReplaceIllegalPathChars(part.FileName + ".safe"); path = path.Replace("\n", string.Empty); path = path.Replace("\r", string.Empty); path = System.IO.Path.Combine(this.outputDirectory, dir, path); fileName = part.FileName.Replace("\n", string.Empty); fileName = part.FileName.Replace("\r", string.Empty); fileName += ".safe"; if (System.IO.Directory.Exists(System.IO.Path.Combine(this.outputDirectory, dir)) == false) { IO.CreateDirectory(System.IO.Path.Combine(this.outputDirectory, dir)); } if (File.Exists(path) == true) { fileName = Guid.NewGuid().ToString() + fileName; path = System.IO.Path.Combine(this.outputDirectory, dir, fileName); } using (var stream = File.Create(path)) { part.ContentObject.DecodeTo(stream); } } catch (Exception ex) { this.Log().Error(ex.ToString()); } // Check that the file didn't get quaratined by AV if (File.Exists(path) == false) { return; } PerformArchiveDecompression(path, fileName, System.IO.Path.Combine(this.outputDirectory, dir)); }
/// <summary> /// Method used to provide recursive processing /// </summary> /// <param name="session"></param> /// <param name="message"></param> /// <param name="outputDir"></param> /// <param name="dir"></param> private void ProcessMessage(Session session, MimeKit.MimeMessage message, string dir) { if (message.Body is MimeKit.MessagePart) { var temp = (MimeKit.MessagePart)message.Body; ProcessMessage(session, temp.Message, dir); } else if (message.Body is MimeKit.Multipart) { var multipart = (Multipart)message.Body; ProcessMultipart(session, message, multipart, dir); } else { var part = (MimePart)message.Body; ProcessAttachment(session, message, part, dir); } }
/// <summary> /// /// </summary> /// <param name="session"></param> /// <param name="message"></param> /// <param name="outputDir"></param> private void HashFiles(Session session, MimeKit.MimeMessage message, string parentDir, string outputDir) { if (System.IO.Directory.Exists(outputDir) == false) { return; } string mailFrom = GetSmtpMailFrom(System.IO.Path.Combine(this.dataDirectory, session.Guid.Substring(0, 2), session.Guid + ".bin")); string from = string.Empty; if (message.From != null) { List<string> temp = new List<string>(); Regex regex = new Regex("<(.*?)>", RegexOptions.IgnoreCase); for(int index = 0; index < message.From.Count; index++) { Match match = regex.Match(message.From[index].ToString()); if (match.Success == true) { temp.Add(match.Groups[1].Value); } else { temp.Add(message.From[index].ToString()); } } from = string.Join(",", temp); } string to = string.Empty; if (message.To != null) { List<string> temp = new List<string>(); Regex regex = new Regex("<(.*?)>", RegexOptions.IgnoreCase); for (int index = 0; index < message.From.Count; index++) { Match match = regex.Match(message.To[index].ToString()); if (match.Success == true) { temp.Add(match.Groups[1].Value); } else { temp.Add(message.To[index].ToString()); } } to = string.Join(",", temp); } string sender = string.Empty; if (message.Sender != null) { sender = message.Sender.Address; } MessageDetails messageDetails = new MessageDetails(); messageDetails.SrcIp = session.SrcIpText; messageDetails.SrcPort = session.SourcePort; messageDetails.DstIp = session.DstIpText; messageDetails.DstPort = session.DestinationPort; messageDetails.From = from; messageDetails.To = to; messageDetails.MailFrom = mailFrom; messageDetails.Sender = sender; messageDetails.Subject = message.Subject; messageDetails.Date = message.Date.ToString("o"); // Now MD5 the files foreach (string file in System.IO.Directory.EnumerateFiles(outputDir, "*.*", SearchOption.AllDirectories)) { if (System.IO.Path.GetFileName(file) == "Message.Info.txt") { continue; } try { // Not sure if BufferedStream should be wrapped in using block using (var stream = new BufferedStream(File.OpenRead(file), 1200000)) { MD5 md5 = new MD5CryptoServiceProvider(); byte[] hashMd5 = md5.ComputeHash(stream); AttachmentDetails attachmentDetails = new AttachmentDetails(); attachmentDetails.File = file; attachmentDetails.Md5 = woanware.Text.ConvertByteArrayToHexString(hashMd5); messageDetails.Attachments.Add(attachmentDetails); } } catch (Exception) { } } messageDetails.Save(System.IO.Path.Combine(outputDir, "Message.Details." + message.MessageId + ".xml")); }