SpamScope (https://github.com/SpamScope/spamscope) is a fast and advanced tool for email analysis developed by Fedele Mantuano (@fedelemantuano). The analysis engine it’s based on Apache Storm and Streamparse.
Why use Apache Storm?
Apache Storm works with streams, and in this case we analyze a stream of email messages. Apache Storm allows you to start small and scale horizontally as you grow. Simply add more workers, that can be on different hosts.
An application is designed as a “topology” in the shape of a directed acyclic graph (DAG) with spouts and bolts acting as the graph vertices.
Today I received a spam email from “Sicherheits-Center” (“security center”) with subject “Vorsicht! Ihr Paypal-Konto wurde begrenzt!” (“Attention! Your paypal account has been restricted!”). Not only the subject but the whole message was in really bad German - I am sure everybody had the chance to delete similar spams and you know what they look like. The advertised link was already down and also already included in Google’s “Safe Browsing” list of malicious URLs.