/// <summary>
///
/// </summary>
/// <param name="session"></param>
/// <param name="message"></param>
/// <param name="outputDir"></param>
private void HashFiles(Session session,
MimeKit.MimeMessage message,
string parentDir,
string outputDir)
{
if (System.IO.Directory.Exists(outputDir) == false)
{
return;
}
string mailFrom = GetSmtpMailFrom(System.IO.Path.Combine(this.dataDirectory,
session.Guid.Substring(0, 2),
session.Guid + ".bin"));
string from = string.Empty;
if (message.From != null)
{
List<string> temp = new List<string>();
Regex regex = new Regex("<(.*?)>", RegexOptions.IgnoreCase);
for(int index = 0; index < message.From.Count; index++)
{
Match match = regex.Match(message.From[index].ToString());
if (match.Success == true)
{
temp.Add(match.Groups[1].Value);
}
else
{
temp.Add(message.From[index].ToString());
}
}
from = string.Join(",", temp);
}
string to = string.Empty;
if (message.To != null)
{
List<string> temp = new List<string>();
Regex regex = new Regex("<(.*?)>", RegexOptions.IgnoreCase);
for (int index = 0; index < message.From.Count; index++)
{
Match match = regex.Match(message.To[index].ToString());
if (match.Success == true)
{
temp.Add(match.Groups[1].Value);
}
else
{
temp.Add(message.To[index].ToString());
}
}
to = string.Join(",", temp);
}
string sender = string.Empty;
if (message.Sender != null)
{
sender = message.Sender.Address;
}
MessageDetails messageDetails = new MessageDetails();
messageDetails.SrcIp = session.SrcIpText;
messageDetails.SrcPort = session.SourcePort;
messageDetails.DstIp = session.DstIpText;
messageDetails.DstPort = session.DestinationPort;
messageDetails.From = from;
messageDetails.To = to;
messageDetails.MailFrom = mailFrom;
messageDetails.Sender = sender;
messageDetails.Subject = message.Subject;
messageDetails.Date = message.Date.ToString("o");
// Now MD5 the files
foreach (string file in System.IO.Directory.EnumerateFiles(outputDir,
"*.*",
SearchOption.AllDirectories))
{
if (System.IO.Path.GetFileName(file) == "Message.Info.txt")
{
continue;
}
try
{
// Not sure if BufferedStream should be wrapped in using block
using (var stream = new BufferedStream(File.OpenRead(file), 1200000))
{
MD5 md5 = new MD5CryptoServiceProvider();
byte[] hashMd5 = md5.ComputeHash(stream);
AttachmentDetails attachmentDetails = new AttachmentDetails();
attachmentDetails.File = file;
attachmentDetails.Md5 = woanware.Text.ConvertByteArrayToHexString(hashMd5);
messageDetails.Attachments.Add(attachmentDetails);
}
}
catch (Exception) { }
}
messageDetails.Save(System.IO.Path.Combine(outputDir, "Message.Details." + message.MessageId + ".xml"));
}
/// <summary>
///
/// </summary>
/// <param name="dataDirectory"></param>
/// <param name="outputDirectory"></param>
public void PostProcess(string dataDirectory,
string outputDirectory)
{
CsvConfiguration csvConfiguration = new CsvConfiguration();
csvConfiguration.QuoteAllFields = true;
using (FileStream fileStream = new FileStream(System.IO.Path.Combine(outputDirectory, "Attachment.Hashes.csv"), FileMode.Append, FileAccess.Write, FileShare.Read))
using (StreamWriter streamWriter = new StreamWriter(fileStream))
using (CsvHelper.CsvWriter csvWriter = new CsvHelper.CsvWriter(streamWriter, csvConfiguration))
{
// Now MD5 the files
foreach (string file in System.IO.Directory.EnumerateFiles(outputDirectory,
"*.xml",
SearchOption.AllDirectories))
{
string fileName = System.IO.Path.GetFileName(file);
if (fileName.StartsWith("Message.Details.") == false)
{
continue;
}
MessageDetails messageDetails = new MessageDetails();
string ret = messageDetails.Load(file);
if (ret.Length == 0)
{
foreach (AttachmentDetails attachment in messageDetails.Attachments)
{
csvWriter.WriteField(attachment.Md5);
csvWriter.WriteField(attachment.File);
csvWriter.WriteField(messageDetails.SrcIp);
csvWriter.WriteField(messageDetails.SrcPort);
csvWriter.WriteField(messageDetails.DstIp);
csvWriter.WriteField(messageDetails.DstPort);
csvWriter.WriteField(messageDetails.To);
csvWriter.WriteField(messageDetails.From);
csvWriter.WriteField(messageDetails.MailFrom);
csvWriter.WriteField(messageDetails.Sender);
csvWriter.WriteField(messageDetails.Subject);
csvWriter.WriteField(messageDetails.Date);
csvWriter.NextRecord();
}
}
}
}
ProcessAttachmentHashes(outputDirectory);
}