Update analyze_email_main.py

analyze_email_main.py

@@ -4,13 +4,17 @@ from body_analyzer import analyze_body
 from url_analyzer import analyze_urls
 
 def analyze(file_path):
+    # --- Parse email ---
     headers, body, urls = parse_email(file_path)
 
+    # --- Analyze different components ---
     header_findings, header_score = analyze_headers(headers)
     body_findings, body_score, highlighted_body = analyze_body(body)
     url_findings, url_score = analyze_urls(urls)
 
-    total_score = header_score + body_score + url_score
+    # --- Weighted total score ---
+    # Give extra weight to URLs and phishing indicators
+    total_score = header_score + body_score + (url_score * 1.5)
     if total_score > 100:
         total_score = 100
 
@@ -24,7 +28,7 @@ def analyze(file_path):
     else:
         verdict = "✅ Safe"
 
-    # --- Attack Type ---
+    # --- Determine attack type ---
     body_lower = body.lower()
     if any(word in body_lower for word in ["invoice", "payment", "wire transfer", "bank details"]):
         attack_type = "Invoice/Payment Fraud (BEC)"
@@ -39,34 +43,35 @@ def analyze(file_path):
     else:
         attack_type = "General Phishing"
 
-    # --- Collect tags ---
+    # --- Collect tags for detailed analysis ---
     tags = []
     for finding in header_findings + body_findings + url_findings:
-        if "domain" in finding.lower():
+        f_lower = finding.lower()
+        if "domain" in f_lower:
             tags.append("Suspicious Sender Domain")
-        if "phishing" in finding.lower():
-            tags.append("Phishing URL")
-        if "urgent" in finding.lower() or "suspicious phrase" in finding.lower():
+        if "phishing" in f_lower or "malicious url" in f_lower:
+            tags.append("Phishing / Malicious URL")
+        if "urgent" in f_lower or "suspicious phrase" in f_lower:
             tags.append("Urgent Language")
-        if "spam" in finding.lower():
+        if "spam" in f_lower or "marketing" in f_lower:
             tags.append("Spam Tone")
 
-    # --- Build report ---
+    # --- Build final report ---
     report = [
         f"Attack Score: {total_score}",
         f"Attack Type: {attack_type}",
         f"Final Verdict: {verdict}",
         "---- Attack Analysis Tags ----",
-        ", ".join(set(tags)) if tags else "No special tags",
+        ", ".join(sorted(set(tags))) if tags else "No special tags",
         "---- Detailed Findings ----",
     ]
-
     report.extend(header_findings + body_findings + url_findings)
     report.append("---- Highlighted Body ----")
     report.append(highlighted_body)
 
     return report
 
+# --- For testing locally ---
 if __name__ == "__main__":
     file_path = "sample.eml"
     findings = analyze(file_path)