Spamscope-Fast Advanced Spam Analysis Tool.

Overview

SpamScope is an advanced spam analysis tool that use Apache Storm with streamparse to process a stream of mails.
It's possible to analyze more than 5 milions of mails for day with a 4 cores server and 4 GB of RAM (without third party analysis).

Why should I use SpamScope

• It's very fast: the job is splitted in functionalities that work in parallel.
• It's flexible: you can choose what SpamScope has to do.
• It's distributed: SpamScope uses Apache Storm, free and open source distributed realtime computation system.
• It makes JSON output that you can save where you want.
• It's easy to setup: there are docker images and docker-compose ready for use.
• It's integrated with Apache Tika, VirusTotal, Thug, Shodan and SpamAssassin (for now).
• It's free and open source (for special functions you can contact me).
• It can analyze Outlook msg.

Distributed

SpamScope uses Apache Storm that allows you to start small and scale horizontally as you grow. Simply add more workers.

Flexibility

You can choose your mails input sources (with spouts) and your functionalities (with bolts).
SpamScope comes with the following bolts:

• tokenizer splits mail in token like headers, body, attachments and it can filter emails, attachments and ip addresses already seen
• phishing looks for your keywords in email and connects email to targets (bank, your customers, etc.)
• raw_mail is for all third party tools that analyze raw mails like SpamAssassin
• attachments analyzes all mail attachments and uses third party tools like VirusTotal
• network analyzes all sender ip addresses with third party tools like Shodan
• urls extracts all urls in email and attachments
• json_maker and outputs make the json report and save it

Store where you want

You can build your custom output bolts and store your data in Elasticsearch, MongoDB, filesystem, etc.

                                         Source and download