waffle2k · January 12, 2011 20:03
diff --git a/index_files.pl b/index_files.pl
 #!/usr/bin/perl
 #
 # This script takes a series of ARF messages, and stores certain attributes
 # about these messages, so that other applications can easily look into
 # only the messages that they care about without having to go into lots
 # and lots of files.
 use strict;
 use Time::ParseDate;    # libtime-modules-perl
 use lib( '/abuse/AUP/lib' );
 use Email::ARF::Report;
 use MLDBM;
 use Fcntl;

 my %o;
 my $dbm = tie %o, 'MLDBM', '/abuse/AUP/bin/complaintdb', O_CREAT|O_RDWR, 0640 or die $!;

 REPORT:for my $filename ( <> ){
        chomp( $filename );

        my $fn_comp;
        if( $filename =~ /(\/data\/staff\/abuse\/fbl\/)(\S+)/ ){
                $fn_comp = $2;
        }
        if( defined $o{$fn_comp}){
                print "Skipping [$filename]\n";
                next REPORT;
        }

        print "opening [$filename]\n";
        open FD, "<$filename";
        my $text = do { local $/ ; <FD>; };
        close FD;

        my $report = Email::ARF::Report->new( $text ) or next REPORT;
        my $evidence = $report->original_email();

        my $auth;
        $auth = NAMEOFFUNCTIONTHATEXTRACTSACCOUNTNAME $_ for ( $evidence->header( "X-Session-Marker" ) );
        $auth = lc $auth;
        if( $auth =~ /^$/){
                $o{ $fn_comp } = { };
                print "Skipping forward [$filename]\n";
                next REPORT;
        }

        my $epoch;

        RECEIVED:for my $received ( $evidence->header( "Received" ) ) {
                if( $received =~ /by omf\d+\.(?:(?:a|b)\.)?hostedemail\.com/ ){
                        $epoch = parsedate( $1 ) if $received =~ /;(.+)/;
                        last RECEIVED;
                }
        }

        my ($subject, $from, $replyto );
        $subject = $_ for ( $evidence->header( "Subject" ) );
        $from = $_ for ( $evidence->header( "From" ) );
        $replyto = $_ for ( $evidence->header( "Reply-To" ) );

        my @ips = join( " ", $evidence->header( "Received" ) ) =~ /(\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})/g;

        print "Account: $auth\n\t";
        print "Subject: $subject\n\t";
        print join( "\n\t", @ips ) . "\n";

        $o{ $fn_comp } = { auth => $auth, ips => \@ips, subject => $subject, from => $from, replyto => $replyto, epoch => $epoch } or next REPORT;
 }
	#!/usr/bin/perl
	#
	# This script takes a series of ARF messages, and stores certain attributes
	# about these messages, so that other applications can easily look into
	# only the messages that they care about without having to go into lots
	# and lots of files.
	use strict;
	use Time::ParseDate; # libtime-modules-perl
	use lib( '/abuse/AUP/lib' );
	use Email::ARF::Report;
	use MLDBM;
	use Fcntl;

	my %o;
	my $dbm = tie %o, 'MLDBM', '/abuse/AUP/bin/complaintdb', O_CREAT\|O_RDWR, 0640 or die $!;

	REPORT:for my $filename ( <> ){
	chomp( $filename );

	my $fn_comp;
	if( $filename =~ /(\/data\/staff\/abuse\/fbl\/)(\S+)/ ){
	$fn_comp = $2;
	}
	if( defined $o{$fn_comp}){
	print "Skipping [$filename]\n";
	next REPORT;
	}

	print "opening [$filename]\n";
	open FD, "<$filename";
	my $text = do { local $/ ; <FD>; };
	close FD;

	my $report = Email::ARF::Report->new( $text ) or next REPORT;
	my $evidence = $report->original_email();

	my $auth;
	$auth = NAMEOFFUNCTIONTHATEXTRACTSACCOUNTNAME $_ for ( $evidence->header( "X-Session-Marker" ) );
	$auth = lc $auth;
	if( $auth =~ /^$/){
	$o{ $fn_comp } = { };
	print "Skipping forward [$filename]\n";
	next REPORT;
	}

	my $epoch;

	RECEIVED:for my $received ( $evidence->header( "Received" ) ) {
	if( $received =~ /by omf\d+\.(?:(?:a\|b)\.)?hostedemail\.com/ ){
	$epoch = parsedate( $1 ) if $received =~ /;(.+)/;
	last RECEIVED;
	}
	}

	my ($subject, $from, $replyto );
	$subject = $_ for ( $evidence->header( "Subject" ) );
	$from = $_ for ( $evidence->header( "From" ) );
	$replyto = $_ for ( $evidence->header( "Reply-To" ) );

	my @ips = join( " ", $evidence->header( "Received" ) ) =~ /(\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})/g;

	print "Account: $auth\n\t";
	print "Subject: $subject\n\t";
	print join( "\n\t", @ips ) . "\n";

	$o{ $fn_comp } = { auth => $auth, ips => \@ips, subject => $subject, from => $from, replyto => $replyto, epoch => $epoch } or next REPORT;
	}