@MASTERSTHESIS\{IMM2017-07036,
    author       = "D. T. Handler",
    title        = "A framework for malware analysis in a stand-alone email-server",
    year         = "2017",
    school       = "Technical University of Denmark, Department of Applied Mathematics and Computer Science",
    address      = "Richard Petersens Plads, Building 324, {DK-}2800 Kgs. Lyngby, Denmark, compute@compute.dtu.dk",
    type         = "",
    note         = "{DTU} supervisor: Christian D. Jensen, cdje@dtu.dk, {DTU} Compute",
    url          = "http://www.compute.dtu.dk/english",
    abstract     = "100,000,000,000 spam mails are sent and received every day. Even though most email clients are equipped with spam filters, the common user, still receives a severe amount of unwanted emails every day. The problem, to spam filters, is the fact that the user expects the filter to let every genuine email through. When spam filters lower the rate for false positives (genuine emails marked malicious) they increase the rate for false negatives (malicious emails marked genuine). This increases the need for user awareness, to ensure that he do not open any unwanted email.
This project proposes a solution, to which the user can forward an email marked genuine by the spam filter, but looks suspecious to the user. In return, the user receives an exhaustive analysis of the content of the email, whether the content is a link in the email or an attached file. The solution will be implemented as a framework written in Python on a stand-alone emailserver. The framework will include static and dynamic file analysis, passive and active link analysis."
}