A button in outlook that will check an email attachments on virustotal
user sees a suspisious email in he's outlook
he marks the email and press a button
the mail is beeing moved to a public folder
a service that checks for new emails on the public folder (ms exchange)
the service parses all new mails into an sql server
while inserting it into the DB it calculates the hashes for all the attachments and save them too
another service takes the hashes and checks them against virustotal api and update the table holding the attachments
if the hash is clean then move the mail back to the user.
(by now 2 tables 1st - for the emails 2nd for saving the attachments (there might be several attachments for each mail))
a small managment console (web) that will show
(login based on active directory (one security group ))
1. a list of all emails entered into the system with the possibility to mark one or more and move them back to the user(even if it is infected).
2. a view for showing a count of similar emails
so what do we have?:
1. outlook button that moves mails into public folder.
2. service that extract emails from exchange into mssql
3. service that checks the attachments hashes against the [url removed, login to view] api
4. a managment interface with three pages
view all emails and a release button
email similarity view