CN102655482A - HTTP (hyper text transport protocol) protocol analysis based web E-mail recovering method - Google Patents
HTTP (hyper text transport protocol) protocol analysis based web E-mail recovering method Download PDFInfo
- Publication number
- CN102655482A CN102655482A CN2011104438825A CN201110443882A CN102655482A CN 102655482 A CN102655482 A CN 102655482A CN 2011104438825 A CN2011104438825 A CN 2011104438825A CN 201110443882 A CN201110443882 A CN 201110443882A CN 102655482 A CN102655482 A CN 102655482A
- Authority
- CN
- China
- Prior art keywords
- http
- web
- information
- record
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Abstract
The invention relates to a HTTP (hyper text transport protocol) protocol analysis based web E-mail recovering method, which comprises the following steps: a, constructing an E-mail information feature database of HTTP based on web E-mails in a mailbox, and setting start and end features strings for each item of information; b, matching the start and end features strings, positioning the position of the information in an E-mail sending session, and placing the positioned information into an E-mail record data structure through taking an E-mail as a unit; c, carrying out restructuring and caching on the connection of E-mail sending, and carrying out marking on different E-mail types; d, to the restructured and cached E-mail session data, carrying out recovering on E-mails according to the type markers of the E-mails; e, carrying out regular processing on E-mail log files by a user-mode programs; and f: intuitively displaying E-mails in a log receipt library by a system foreground, and finally, completing the recovering of E-mails. The method can effectively carry out monitoring on web mailbox services, and has a small influence on the network performance.
Description
(1), technical field: the present invention relates to a kind of Email method of reducing, particularly relate to a kind of web mail method of reducing based on the http protocal analysis.
(2), background technology: Email is that Inernet occurs just beginning one of network application that occurs in early days, and along with the continuous development of Internet, it remains the indispensable service in the Internet, is that people use one of the most frequent Internet service.When E-mail service offers convenience to people, also brought great challenge to information security.The side effect such as divulge a secret of illegal mail, network brings direct economic loss to enterprise.The transmission approach of current email mainly contains two kinds: send and send through the SMTP mode through the web mode.Because the mail (being called for short the web mail) that sends through the web mode passes through browser operation, need not configuration, and is simple to operate, also need not to install additional software, becomes the main mode that people use Email gradually.Through analysis to the http agreement, according to various mail features to the web mail monitor in the Network Transmission stage, reduction, record, make the network supervision personnel can in time recognize the details of person under surveillance institute send Email intuitively.That existing mail method of reducing is realized is complicated, discovered easily, and the email type that can monitor is single, can not realize the effective monitoring to mail under the complex network service environment now.
(3), summary of the invention:
The technical problem that the present invention will solve is: overcomes the defective of prior art, provides a kind of and can effectively carry out the monitoring of web mailbox service, and to the little web mail method of reducing based on the http protocal analysis of network performance influence.
Technical scheme of the present invention:
A kind of web mail method of reducing based on the http protocal analysis, contain the following step:
Step a: respectively the mailbox of different E-mail service is analyzed; Make up in every kind of mailbox e-mail messages feature database based on the web mail of http; Information in the e-mail messages feature database contains sender, addressee, theme, content and annex; According to the length of every information, for every information setting begins feature string and finishes feature string, the beginning feature string matees with the end feature string each other;
The implementation method of present main email service provider but is not quite similar, and can not use identical method to extract the various information of mail, so it is particularly important that different web mails is carried out labor.
Step b: begin feature string and finish feature string through the bmh algorithmic match; Thereby location sender, addressee, theme, content and annex send the position in the session at mail, are that unit puts into the mail record data structure with the mail with the information that navigates to then;
Step c: registration netfilter Hook Function in the linux kernel module; To the connection of the sending buffer memory of recombinating, and carry out the e-mail messages feature database that the application protocol analysis sets up according to various mails different email types is carried out mark based on the web mail of http; For example: the mailbox mail of Sina is labeled as 1, and the mailbox mail of Netease is labeled as 2, and the mailbox mail of Yahoo is labeled as 3.
Steps d: create kernel thread; Mail session data to the reorganization buffer memory are followed according to the email type mark mail are reduced; The method of reduction is from step c reorganization data in buffer, to extract effective e-mail messages and be kept in the mail record data structure according to the described e-mail messages feature database of step a, then the mail in the mail record data structure is write the mail record file by the record format of an envelope mail delegation;
Step e: user's attitude program is carried out regular processing to the mail record file: read the mail record file and decode according to the different coding type, the coded system of the unified UTF-8 of use is inserted daily record receipt storehouse with decoded mail record file then;
Step f: the system foreground represents the mail in the daily record receipt storehouse intuitively, finally accomplishes the reduction of mail.
The mailbox of different E-mail service contains the mailbox of identical electronic mail service merchant's different editions among the step a.
Contain session id, addressee, sender in the mail record data structure among the step b, make a copy for, closely give, theme, content and annex.
Method of discrimination based on the web mail of http is: the transmission of mail connects that the POST method that is by http realizes; A host during connecting, each POST all can be arranged: row or referer: OK; Whether differentiate according to the content of these two row is the web mail based on http; Can avoid recording processing like this, improve system handles efficient other non-web mail POST data; Concrete determination methods is: the e-mail messages feature database that obtains according to step a is to getting access to the host of POST in connecting: row or referer: the row content is mated; Thereby confirm that whether this connection is that the web mail sends connection, and this sends the web mail protocol that connection is adopted.
What transmit the use of web mail is the http agreement, generally speaking, can use 2 to 3 http when sending mail through the web mode and connect, and connects and can whole Mail Contents be sent to server through these 2 to 3 http usually.Http connects and to contain the user and login the annex that connections, mail send under connection and the independent transmission mode of annex and upload connection.Mail sends to connect to transmit sends out people, addressee, theme, text etc., and annex is uploaded and connected filename and the file content that transmits annex.
The http connection that belongs to same session all has a same session sign (sid value), is used for the different e-mail messages of association so in http connects, mate " sid=" and take out its value preservation.
The method of reorganization buffer memory is among the step c: will belong to a mail and send the datagram buffer memory that connects, and judge that when the tcp that receives this connection finishes link information connecting buffer memory accomplishes, and will recombinate to data in buffer then; The method of reorganization is to the packet location of sorting according to the sequence number (seq) of data cached bag and length (length); The principle of ordering location is: the sequence number (seq) of next bag adds the length of the continuous bag of going forward for the sequence number (seq) of its preceding continuous bag.
The record format of every envelope mail is in the steps d: sender, addressee, make a copy for, closely give, mail matter topics, Mail Contents, source IP address, purpose IP address, session id, transmitting time.
The result of mail reduction is as shown in the table:
Beneficial effect of the present invention:
1, the present invention has favorable expansibility to the web mail monitoring based on http.Through to protocal analysis, can be easy to satisfy under the Internet technology high-speed development to the monitoring demand of new web mailbox service the potential safety hazard of effectively controlling inner mail and being brought based on the web mail of http.
2, main reduction of the present invention is handled and in linux kernel, is carried out, and message is not carried out comprehensive protocol assembly, in network environment at a high speed, has reduced the influence to network performance effectively.
(4), embodiment:
Web mail method of reducing based on the http protocal analysis contains the following step:
Step a: respectively the mailbox of different E-mail service is analyzed; Make up in every kind of mailbox e-mail messages feature database based on the web mail of http; Information in the e-mail messages feature database contains sender, addressee, theme, content and annex; According to the length of every information, for every information setting begins feature string and finishes feature string, the beginning feature string matees with the end feature string each other;
The implementation method of present main email service provider but is not quite similar, and can not use identical method to extract the various information of mail, so it is particularly important that different web mails is carried out labor.
Step b: begin feature string and finish feature string through the bmh algorithmic match; Thereby location sender, addressee, theme, content and annex send the position in the session at mail, are that unit puts into the mail record data structure with the mail with the information that navigates to then;
Step c: registration netfilter Hook Function in the linux kernel module; To the connection of the sending buffer memory of recombinating, and carry out the e-mail messages feature database that the application protocol analysis sets up according to various mails different email types is carried out mark based on the web mail of http; For example: the mailbox mail of Sina is labeled as 1, and the mailbox mail of Netease is labeled as 2, and the mailbox mail of Yahoo is labeled as 3.
Steps d: create kernel thread; Mail session data to the reorganization buffer memory are followed according to the email type mark mail are reduced; The method of reduction is from step c reorganization data in buffer, to extract effective e-mail messages and be kept in the mail record data structure according to the described e-mail messages feature database of step a, then the mail in the mail record data structure is write the mail record file by the record format of an envelope mail delegation;
Step e: user's attitude program is carried out regular processing to the mail record file: read the mail record file and decode according to the different coding type, the coded system of the unified UTF-8 of use is inserted daily record receipt storehouse with decoded mail record file then;
Step f: the system foreground represents the mail in the daily record receipt storehouse intuitively, finally accomplishes the reduction of mail.
The mailbox of different E-mail service contains the mailbox of identical electronic mail service merchant's different editions among the step a.
Contain session id, addressee, sender in the mail record data structure among the step b, make a copy for, closely give, theme, content and annex.
Method of discrimination based on the web mail of http is: the transmission of mail connects that the POST method that is by http realizes; A host during connecting, each POST all can be arranged: row or referer: OK; Whether differentiate according to the content of these two row is the web mail based on http; Can avoid recording processing like this, improve system handles efficient other non-web mail POST data; Concrete determination methods is: the e-mail messages feature database that obtains according to step a is to getting access to the host of POST in connecting: row or referer: the row content is mated; Thereby confirm that whether this connection is that the web mail sends connection, and this sends the web mail protocol that connection is adopted.
What transmit the use of web mail is the http agreement, generally speaking, can use 2 to 3 http when sending mail through the web mode and connect, and connects and can whole Mail Contents be sent to server through these 2 to 3 http usually.Http connects and to contain the user and login the annex that connections, mail send under connection and the independent transmission mode of annex and upload connection.Mail sends to connect to transmit sends out people, addressee, theme, text etc., and annex is uploaded and connected filename and the file content that transmits annex.
The http connection that belongs to same session all has a same session sign (sid value), is used for the different e-mail messages of association so in http connects, mate " sid=" and take out its value preservation.
The method of reorganization buffer memory is among the step c: will belong to a mail and send the datagram buffer memory that connects, and judge that when the tcp that receives this connection finishes link information connecting buffer memory accomplishes, and will recombinate to data in buffer then; The method of reorganization is to the packet location of sorting according to the sequence number (seq) of data cached bag and length (length); The principle of ordering location is: the sequence number (seq) of next bag adds the length of the continuous bag of going forward for the sequence number (seq) of its preceding continuous bag.
The record format of every envelope mail is in the steps d: sender, addressee, make a copy for, closely give, mail matter topics, Mail Contents, source IP address, purpose IP address, session id, transmitting time.
Netease's 163 mailboxes, 4.0 versions are analyzed, made up the mail features storehouse of this mailbox.To pass through an envelope of network gateway devices then uses 4.0 editions mails that send of Netease's 163 mailboxes to catch reduction.
1, following to the analysis result of Netease's 163 mailboxes, 4.0 versions:
Host:cg1a134.mail.163.com
The mark sign: beginning characteristic (sid=) end characteristic (r)
Annex name: beginning characteristic (Content-Disposition:form-data; Name=" file1 "; Filename=")
Finish characteristic (" r :)
Content: the beginning characteristic (r) the end characteristic (r)
Sender: beginning characteristic (%3Cstring%20name%3D%22account%22%3E)
Finish characteristic (%3C%2Fstring%3E)
Addressee: beginning characteristic (%3Carray%20name%3D%22to%22%3E%3Cstring%3E)
Finish characteristic (%3C%2Fstring%3E)
Make a copy for: beginning characteristic (%3Carray%20name%3D%22cc%22%3E%3Cstring%3E)
Finish characteristic (%3C%2Fstring%3E)
Close sending: beginning characteristic (%3Carray%20name%3D%22bcc%22%3E%3Cstring%3E)
Finish characteristic (%3C%2Fstring%3E)
Theme: beginning characteristic
(%3C%2Farray%3E%3Cstring%20name%3D%22subject%22%3E)
Finish characteristic (%3C%2Fstring%3E)
Content: beginning characteristic (%3Cstring%20name%3D%22content%22%3E)
Finish characteristic (%26gt%3B%3C%2Fstring%3E)
2, always listen to the POST method of http agreement at linux kernel, and at its Host: row matches " mail.163.com " character string.Then this session connection reorganization is preserved.The preservation data are following:
Mail sends and connects
POST
/js4/s?sid=zCyCfpVVqNwShaSRjwVVDaycbwvTPSvV&func=mbox:compose&l=compose&action=deliver?HTTP/1.1
Host:cg1a134.mail.163.comContent-Length:1717
var=%3C%3Fxml%20version%3D%221.0%22%3F%3E%3Cobject%3E%3Cstring%20name%3D%22id%22%3Ec%3A1311325276573%3C%2Fstring%3E%3Cobject%20name%3D%22attrs%22%3E%3Cstring%20name%3D%22account%22%3E%22erniusias%22%26lt%3Bximotechacg%40163.com%26gt%3B%3C%2Fstring%3E%3Cboolean%20name%3D%22showOneRcpt%22%3Efalse%3C%2Fboolean%3E%3Carray%20name%3D%22to%22%3E%3Cstring%3Eerniusias%40sina.com%3C%2Fstring%3E%3C%2Farray%3E%3Carray%20name%3D%22cc%22%20%2F%3E%3Carray%20name%3D%22bcc%22%20%2F%3E%3Cstring%20name%3D%22subject%22%3E163mailtestandfujian%3C%2Fstring%3E%3Cboolean%20name%3D%22isHtml%22%3Etrue%3C%2Fboolean%3E%3Cstring%20name%3D%22content%22%3E%26lt%3Bdiv%20style%3D′line-height%3A1.7%3Bcolor%3A%23000000%3Bfont-size%3A14px%3Bfont-family%3Aarial′%26gt%3B%26lt%3Bdiv%26gt%3B111111111111111111111111111111111111111%26lt%3B%2Fdiv%26gt%3B%26lt%3Bdiv%26gt%3B22222222222222222222222222222222222222222%26lt%3B%2Fdiv%26gt%3B%26lt%3Bdiv%26gt%3B3333333333333333333333333333333333333333%26lt%3B%2Fdiv%26gt%3B%26lt%3Bdiv%26gt%3B44444444444444444444444444444444444444444%26lt%3B%2Fdiv%26gt%3B%26lt%3Bdiv%26gt%3B5555555555555555555555555555555555555555%26lt%3B%2Fdiv%26gt%3B%26lt%3Bdiv%26gt%3C%2Fstring%3E%3Cboolean%20name%3D%22saveSentCopy%22%3Etrue%3C%2Fboolean%3E%3Cstring%20name%3D%22charset%22%3EGBK%3C%2Fstring%3E%3C%2Fobject%3E%3Cboolean%20name%3D%22returnInfo%22%3Efalse%3C%2Fboolean%3E%3Cstring%20name%3D%22action%22%3Edeliver%3C%2Fstring%3E%3Cint%20name%3D%22saveSentLimit%22%3E1%3C%2Fint%3E%3C%2Fobject%3E
3, send the connection data through mail and carry out feature string coupling taking-up effective information buffer memory:
Sender %22erniusias%22%26lt%3Bximotechacg%40163.com%26gt%3B
Addressee erniusias%40sina.com
Mail matter topics 163mailtestandfujian
Session id zCyCfpVVqNwShaSRjwVVDaycbwvTPSvV
Mail Contents
%3Cboolean%20name%3D%22isHtml%22%3Etrue%3C%2Fboolean%3E%3Cstring%20name%3D%22content%22%3E%26lt%3Bdiv%20style%3D′line-height%3A1.7%3Bcolor%3A%23000000%3Bfont-size%3A14px%3Bfont-family%3Aarial′%26gt%3B%26lt%3Bdiv%26gt%3B111111111111111111111111111111111111111%26lt%3B%2Fdiv%26gt%3B%26lt%3Bdiv%26gt%3B22222222222222222222222222222222222222222%26lt%3B%2Fdiv%26gt%3B%26lt%3Bdiv%26gt%3B3333333333333333333333333333333333333333%26lt%3B%2Fdiv%26gt%3B%26lt%3Bdiv%26gt%3B44444444444444444444444444444444444444444%26lt%3B%2Fdiv%26gt%3B%26lt%3Bdiv%26gt%3B5555555555555555555555555555555555555555%26lt%3B%2Fdiv%26gt%3B%26lt%3B%2Fdiv%26gt%3B%26lt%3Bdiv%26gt%3B%26amp%3Bnbsp%3B%26lt%3B%2Fdiv%26gt%3B%0A%26lt%3B%2Fdiv%26gt%3B
Source IP address 192.168.1.25
4, data are write file mail.log;
%22erniusias%22%26lt%3Bximotechacg%40163.com%26gt%3B`
erniusias%40sina.com`163mailtestandfujian`%3Cboolean%20name%3D%22isHtm1%22%3Etrue%3C%2Fboolean%3E%3Cstring%20name%3D%22content%22%3E%26lt%3Bdiv%20style%3D′line-height%3A1.7%3Bcolor%3A%23000000%3Bfont-size%3A14px%3Bfont-family%3Aarial′%26gt%3B%26lt%3Bdiv%26gt%3B111111111111111111111111111111111111111%26lt%3B%2Fdiv%26gt%3B%26lt%3Bdiv%26gt%3B22222222222222222222222222222222222222222%26lt%3B%2Fdiv%26gt%3B%26lt%3Bdiv%26gt%3B3333333333333333333333333333333333333333%26lt%3B%2Fdiv%26gt%3B%26lt%3Bdiv%26gt%3B44444444444444444444444444444444444444444%26lt%3B%2Fdiv%26gt%3B%26lt%3Bdiv%26gt%3B5555555555555555555555555555555555555555%26lt%3B%2Fdiv%26gt%3B%26lt%3Bdiv%26gt%3B%26amp%3Bnbsp%3B%26lt%3B%2Fdiv%26gt%3B%0A%26lt%3B%2Fdiv%26gt%3B`192.168.1.25`134.35.24.78`zCyCfpVVqNwShaSRjwVVDaycbwvTPSvV`1320455590
5, data processing in the file is carried out dissection process and deposit database in, and be illustrated in front page layout intuitively, shown in the following form:
Claims (6)
1. web mail method of reducing based on the http protocal analysis is characterized in that: contain the following step:
Step a: respectively the mailbox of different E-mail service is analyzed; Make up in every kind of mailbox e-mail messages feature database based on the web mail of http; Information in the e-mail messages feature database contains sender, addressee, theme, content and annex; According to the length of every information, for every information setting begins feature string and finishes feature string, the beginning feature string matees with the end feature string each other;
Step b: begin feature string and finish feature string through the bmh algorithmic match; Thereby location sender, addressee, theme, content and annex send the position in the session at mail, are that unit puts into the mail record data structure with the mail with the information that navigates to then;
Step c: registration netfilter Hook Function in the linux kernel module; To the connection of the sending buffer memory of recombinating, and carry out the e-mail messages feature database that the application protocol analysis sets up according to various mails different email types is carried out mark based on the web mail of http;
Steps d: create kernel thread; Mail session data to the reorganization buffer memory are followed according to the email type mark mail are reduced; The method of reduction is from step c reorganization data in buffer, to extract effective e-mail messages and be kept in the mail record data structure according to the described e-mail messages feature database of step a, then the mail in the mail record data structure is write the mail record file by the record format of an envelope mail delegation;
Step e: user's attitude program is carried out regular processing to the mail record file: read the mail record file and decode according to the different coding type, the coded system of the unified UTF-8 of use is inserted daily record receipt storehouse with decoded mail record file then;
Step f: the system foreground represents the mail in the daily record receipt storehouse intuitively, finally accomplishes the reduction of mail.
2. the web mail method of reducing based on the http protocal analysis according to claim 1, it is characterized in that: the mailbox of different E-mail service contains the mailbox of identical electronic mail service merchant's different editions among the said step a.
3. the web mail method of reducing based on the http protocal analysis according to claim 1 is characterized in that: contain session id, addressee, sender in the mail record data structure among the said step b, make a copy for, closely send, theme, content and annex.
4. the web mail method of reducing based on the http protocal analysis according to claim 1; It is characterized in that: the method for discrimination of said web mail based on http is: the transmission of mail connects that the POST method that is by http realizes; A host all can be arranged: row or referer during each POST connects: whether OK, differentiating according to the content of these two row is the web mail based on http; Concrete determination methods is: the e-mail messages feature database that obtains according to step a is to getting access to the host of POST in connecting: row or referer: the row content is mated; Thereby confirm that whether this connection is that the web mail sends connection, and this sends the web mail protocol that connection is adopted.
5. the web mail method of reducing based on the http protocal analysis according to claim 1; It is characterized in that: the method for reorganization buffer memory is among the said step c: will belong to a mail and send the datagram buffer memory that connects;, the tcp that receives this connection judges that connecting buffer memory accomplishes, and recombinates to data in buffer then when finishing link information; The method of reorganization is to the packet location of sorting according to the sequence number of data cached bag and length; The principle of ordering location is: the sequence number of next bag adds the length of the continuous bag of going forward for the sequence number of its preceding continuous bag.
6. the web mail method of reducing based on the http protocal analysis according to claim 1, it is characterized in that: the record format of every envelope mail is in the said steps d: sender, addressee, make a copy for, closely give, mail matter topics, Mail Contents, source IP address, purpose IP address, session id, transmitting time.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201110443882.5A CN102655482B (en) | 2011-12-26 | 2011-12-26 | HTTP (hyper text transport protocol) protocol analysis based web E-mail recovering method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201110443882.5A CN102655482B (en) | 2011-12-26 | 2011-12-26 | HTTP (hyper text transport protocol) protocol analysis based web E-mail recovering method |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN102655482A true CN102655482A (en) | 2012-09-05 |
| CN102655482B CN102655482B (en) | 2014-11-05 |
Family
ID=46731008
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201110443882.5A Expired - Fee Related CN102655482B (en) | 2011-12-26 | 2011-12-26 | HTTP (hyper text transport protocol) protocol analysis based web E-mail recovering method |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN102655482B (en) |
Cited By (14)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103152247A (en) * | 2013-03-20 | 2013-06-12 | 东莞宇龙通信科技有限公司 | Mail sending method and mail sending device |
| CN103580991A (en) * | 2013-01-05 | 2014-02-12 | 网易(杭州)网络有限公司 | Mail attachment uploading method and device |
| CN104202232A (en) * | 2014-08-07 | 2014-12-10 | 北京网康科技有限公司 | Internet email processing method and device |
| CN105490920A (en) * | 2015-11-25 | 2016-04-13 | 深圳市视维科技有限公司 | Electronic mail sending system and electronic mail monitoring method |
| CN106453249A (en) * | 2016-08-31 | 2017-02-22 | 杭州华途软件有限公司 | Monitoring method of network mail business |
| CN107204916A (en) * | 2017-06-21 | 2017-09-26 | 天津光电通信技术有限公司 | Mail restoring method based on Tilera multinuclear board network packets |
| CN107517152A (en) * | 2016-06-15 | 2017-12-26 | 李卓桓 | Mail treatment service system and method |
| CN107786419A (en) * | 2016-08-26 | 2018-03-09 | 西安交大捷普网络科技有限公司 | Realize the annex restoring method of webpage mailbox annex |
| CN109005105A (en) * | 2018-07-20 | 2018-12-14 | 密信技术(深圳)有限公司 | Record generation method, device and the storage medium of sender's location information mail |
| CN110380953A (en) * | 2019-06-27 | 2019-10-25 | 中国航空工业集团公司雷华电子技术研究所 | A kind of data structure and its sending, receiving method of mail |
| CN111010331A (en) * | 2019-10-18 | 2020-04-14 | 苏州浪潮智能科技有限公司 | E-mail monitoring and summarizing method, system, terminal and storage medium |
| CN112468389A (en) * | 2020-12-02 | 2021-03-09 | 天津光电通信技术有限公司 | Imap mail reduction method based on tcp recombination |
| CN113364772A (en) * | 2021-06-04 | 2021-09-07 | 中孚信息股份有限公司 | Automatic malicious IOC acquisition method |
| CN113434343A (en) * | 2021-07-21 | 2021-09-24 | 公安部第三研究所 | Windows-based WPS Mail data reduction method |
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101729542A (en) * | 2009-11-26 | 2010-06-09 | 上海大学 | Multi-protocol information resolving system based on network packet |
| CN101969411A (en) * | 2010-06-18 | 2011-02-09 | 中兴通讯股份有限公司 | Method and system for analyzing and restoring unencrypted WEB mail |
-
2011
- 2011-12-26 CN CN201110443882.5A patent/CN102655482B/en not_active Expired - Fee Related
Patent Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101729542A (en) * | 2009-11-26 | 2010-06-09 | 上海大学 | Multi-protocol information resolving system based on network packet |
| CN101969411A (en) * | 2010-06-18 | 2011-02-09 | 中兴通讯股份有限公司 | Method and system for analyzing and restoring unencrypted WEB mail |
Non-Patent Citations (2)
| Title |
|---|
| 吴勋等: "基于网络数据包的邮件还原技术研究", 《通信技术》, vol. 44, no. 232, 10 April 2011 (2011-04-10) * |
| 陈明建等: "电子邮件协议还原及分析系统的设计与实现", 《计算机应用研究》, no. 12, 1 December 2006 (2006-12-01) * |
Cited By (21)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103580991A (en) * | 2013-01-05 | 2014-02-12 | 网易(杭州)网络有限公司 | Mail attachment uploading method and device |
| CN103580991B (en) * | 2013-01-05 | 2017-06-06 | 网易(杭州)网络有限公司 | The method for uploading and equipment of a kind of Email attachment |
| CN103152247A (en) * | 2013-03-20 | 2013-06-12 | 东莞宇龙通信科技有限公司 | Mail sending method and mail sending device |
| CN104202232A (en) * | 2014-08-07 | 2014-12-10 | 北京网康科技有限公司 | Internet email processing method and device |
| CN105490920A (en) * | 2015-11-25 | 2016-04-13 | 深圳市视维科技有限公司 | Electronic mail sending system and electronic mail monitoring method |
| CN107517152A (en) * | 2016-06-15 | 2017-12-26 | 李卓桓 | Mail treatment service system and method |
| CN107786419B (en) * | 2016-08-26 | 2020-05-26 | 西安交大捷普网络科技有限公司 | Attachment restoring method for realizing attachment of webpage mailbox |
| CN107786419A (en) * | 2016-08-26 | 2018-03-09 | 西安交大捷普网络科技有限公司 | Realize the annex restoring method of webpage mailbox annex |
| CN106453249A (en) * | 2016-08-31 | 2017-02-22 | 杭州华途软件有限公司 | Monitoring method of network mail business |
| CN106453249B (en) * | 2016-08-31 | 2019-12-06 | 浙江华途信息安全技术股份有限公司 | network mail service monitoring method |
| CN107204916A (en) * | 2017-06-21 | 2017-09-26 | 天津光电通信技术有限公司 | Mail restoring method based on Tilera multinuclear board network packets |
| CN109005105A (en) * | 2018-07-20 | 2018-12-14 | 密信技术(深圳)有限公司 | Record generation method, device and the storage medium of sender's location information mail |
| CN109005105B (en) * | 2018-07-20 | 2021-12-14 | 沃通电子认证服务有限公司 | Method and device for generating mail with recorded sender position information and storage medium |
| CN110380953A (en) * | 2019-06-27 | 2019-10-25 | 中国航空工业集团公司雷华电子技术研究所 | A kind of data structure and its sending, receiving method of mail |
| CN110380953B (en) * | 2019-06-27 | 2021-10-22 | 中国航空工业集团公司雷华电子技术研究所 | Method for sending and receiving mail |
| CN111010331A (en) * | 2019-10-18 | 2020-04-14 | 苏州浪潮智能科技有限公司 | E-mail monitoring and summarizing method, system, terminal and storage medium |
| CN112468389A (en) * | 2020-12-02 | 2021-03-09 | 天津光电通信技术有限公司 | Imap mail reduction method based on tcp recombination |
| CN112468389B (en) * | 2020-12-02 | 2022-04-15 | 天津光电通信技术有限公司 | Imap mail reduction method based on tcp recombination |
| CN113364772A (en) * | 2021-06-04 | 2021-09-07 | 中孚信息股份有限公司 | Automatic malicious IOC acquisition method |
| CN113434343A (en) * | 2021-07-21 | 2021-09-24 | 公安部第三研究所 | Windows-based WPS Mail data reduction method |
| CN113434343B (en) * | 2021-07-21 | 2024-04-23 | 公安部第三研究所 | WPS Mail data restoration method based on Windows |
Also Published As
| Publication number | Publication date |
|---|---|
| CN102655482B (en) | 2014-11-05 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN102655482A (en) | HTTP (hyper text transport protocol) protocol analysis based web E-mail recovering method | |
| US9894020B2 (en) | Delivery of email messages with repetitive attachments | |
| TWI587660B (en) | Methods, devices and systems for publishing information to websites | |
| US20090077182A1 (en) | System and method for identifying email campaigns | |
| CN103532828B (en) | A kind of rich text format of the XMPP based on extension realizes system and method | |
| WO2009086765A1 (en) | Group information conversion device, method and group information interaction system | |
| CN101355529B (en) | Method, system and client terminal for transmitting e-mail to instant communication contact | |
| US20100241736A1 (en) | Method and apparatus for performing a peer-to-peer file transfer | |
| US11244285B2 (en) | Method and apparatus for displaying e-mail messages | |
| US20160112356A1 (en) | Network Device and Method for Processing Email Request | |
| CN103856394A (en) | Online chat room system | |
| EP2035939A1 (en) | Proxy server | |
| FI20085582L (en) | Messaging system, messaging server, method and computer program product | |
| CN104077363B (en) | Mail server and its method for carrying out mail full-text search | |
| JP4492447B2 (en) | E-mail system and registration method | |
| US8626840B2 (en) | Method and system for generating a referencing secondary electronic mail message from a primary electronic mail message | |
| CN105991665B (en) | A kind of document handling method and system and file handler | |
| WO2015196658A1 (en) | Method and device for acquiring delivery state of e-mail, and computer storage medium | |
| US20060069700A1 (en) | Generating relational structure for non-relational messages | |
| CN107689908A (en) | The acquisition methods and device of a kind of configuration information | |
| CN113762837A (en) | Method and device for processing logistics data | |
| CN102082709A (en) | Monitoring system for internal network video files based on message interception | |
| CN107948049A (en) | A kind of method linked up based on internet cooperation | |
| KR20140066526A (en) | System, method and computer readable recording medium for checking the receive receipt of a send mail on a mobile terminal | |
| Lu et al. | Design and implementation of email auditing system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| TR01 | Transfer of patent right |
Effective date of registration: 20200602 Address after: 518000 102-29, building a, phase II, science and technology building, 1057 Nanhai Avenue, Shekou, Yanshan community, Nanshan District, Shenzhen City, Guangdong Province Patentee after: Shenzhen XIME wanwang Technology Co.,Ltd. Address before: 201100 Shanghai city Jiading District Liu Xiang Road No. 3135 Building 1 room 319 Patentee before: Shanghai Simer Communication Technology Co.,Ltd. |
|
| TR01 | Transfer of patent right | ||
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20141105 Termination date: 20211226 |
|
| CF01 | Termination of patent right due to non-payment of annual fee |