FileAnalysis: integrate w/ SMTP analyzer.

More generally w/ MIME_Mail messages, which POP3 analyzer also uses.

scripts/base/protocols/smtp/__load__.bro

@@ -1,3 +1,4 @@
 @load ./main
 @load ./entities
-@load ./entities-excerpt
+@load ./entities-excerpt
+@load ./file-analysis

scripts/base/protocols/smtp/file-analysis.bro

@@ -0,0 +1,18 @@
+@load ./main
+@load ./entities
+@load base/utils/conn-ids
+@load base/frameworks/file-analysis/main
+
+module SMTP;
+
+function get_file_handle(c: connection, is_orig: bool): string
+	{
+	if ( ! c?$smtp ) return "";
+
+	return fmt("%s smtp(%s, %s)", c$start_time, c$smtp$trans_depth,
+	           c$smtp_state$mime_level);
+	}
+
+redef FileAnalysis::handle_callbacks += {
+	[ANALYZER_SMTP] = get_file_handle,
+};

src/MIME.cc

@@ -5,6 +5,7 @@
 #include "Event.h"
 #include "Reporter.h"
 #include "digest.h"
+#include "file_analysis/Manager.h"
 
 // Here are a few things to do:
 //
@@ -1019,6 +1020,8 @@ void MIME_Mail::Done()
 		}
 
 	MIME_Message::Done();
+
+	file_mgr->EndOfFile(analyzer->Conn());
 	}
 
 MIME_Mail::~MIME_Mail()
@@ -1122,6 +1125,9 @@ void MIME_Mail::SubmitData(int len, const char* buf)
 		analyzer->ConnectionEvent(mime_segment_data, vl);
 		}
 
+	file_mgr->DataIn(reinterpret_cast<const u_char*>(buf), len,
+	                 analyzer->Conn(), false);  // is_orig param N/A
+
 	buffer_start = (buf + len) - (char*)data_buffer->Bytes();
 	}