EML analyzer

April 11, 2026 · View on GitHub

EML analyzer is an application to analyze the EML file which can:

Analyze headers.
Analyze bodies.
- Extract IOCs (URLs, domains, IP addresses, emails) in bodies.
Analyze attachments.
- Identify whether attachments contain suspicious OLE files.

Installation

git clone https://github.com/ninoseki/eml_analyzer.git
cd eml_analyzer
docker build . -t eml_analyzer
docker run -i -d -p 8000:8000 eml_analyzer

The application is running at: http://localhost:8000/ in your browser.

git clone https://github.com/ninoseki/eml_analyzer.git
cd eml_analyzer
docker-compose up

Docker:
- Run Uvicorn and SpamAssassin in the same container. (The processes are managed by Circus)
Docker Compose:
- Run Gunicorn and SpamAssassin in each container.

Thus Docker Compose is suitable for the production use.

Configuration can be done via environment variables.

Alternatively you can set values through .env file. Values in .env file will be automatically loaded.

Key	Desc.	Default
`REDIS_EXPIRE`	Redis cache expiration time (in seconds)	3600
`REDIS_KEY_PREFIX`	Redis key prefix	`analysis`
`REDIS_URL`	Redis URL	-
`REDIS_CACHE_LIST_AVAILABLE`	Expose a list of cached keys	True
`SPAMASSASSIN_HOST`	SpamAssassin host	`127.0.0.1`
`SPAMASSASSIN_PORT`	SpamAssassin port	783
`SPAMASSASSIN_TIMEOUT`	SpamAssassin timeout (in seconds)	10
`URLSCAN_API_KEY`	urlscan.io API Key	-
`VIRUSTOTAL_API_KEY`	VirusTotal API Key	-
`ASYNC_MAX_AT_ONCE`	Max number of concurrently running lookup tasks	`None`
`ASYNC_MAX_PER_SECOND`	Max number of tasks spawned per second	`None`

# install dependencies
uv sync
# run test
uv run pytest

cd frontend
# install dependencies
npm install
# run test
npm run test:unit

# setup pre-commit hooks
lefthook install
# run hooks manually
lefthook run pre-commit --all-files