Enhancements to Strelka Email Scanner / Adding Broken Email Test

[phutelmyer]

Describe the change

This update includes several enhancements to the scan_email.py scanner. Changes include:

• Safer collection of fields in the event of a poorly parsed / incomplete observed Email.
• Slight reorganization and refactoring of scanner code
• Added a new fixture, test_broken.eml, for testing the scanner's ability to handle incomplete or corrupted email files.
• The accompanying test, test_scan_email.py, has been updated to include a scenario that simulates the handling of a broken / incomplete email file.

Describe testing procedures

The following tests were conducted:

• Tests: Updated unit tests for scan_email.py to include cases with the new test_broken.eml sample.

Sample output

{
        "elapsed": mock.ANY,
        "flags": [
            "ScanEmail: image_thumbnail_error: Could not generate thumbnail. No HTML found."
        ],
        "total": {"attachments": 0, "extracted": 0},
        "body": "Hi Placeholder,\n\nCan I have access?\n\nThanks,\nJohn\n\n\nFrom: Placeholder Smith  "
        "<[email protected]<m...m> shared a file or folder located in Acme Share with you. Delete visitor "
        "session<https://acme.com>\n",
        "domains": ["acme.com", "share.acme.com"],
        "subject": "",
        "to": [],
        "from": "",
        "date_utc": "1970-01-01T00:00:00.000Z",
        "message_id": "",
        "received_domain": [],
        "received_ip": [],
    }

Checklist

• My code follows the style guidelines of this project
• I have performed a self-review of and tested my code
• I have commented my code, particularly in hard-to-understand areas
• I have made corresponding changes to the documentation
• My changes generate no new warnings