Write a script to get around it. My PERL's a bit rusty, but in VB I'd do this:
sub RemoveDAVAttacks(sDir as string, sOut as string)
dim sFile as string
sFile = Dir$(sDir & "\*.*")
while len(sFile)
sFile=Dir$()
open sDir & "\" & sFile for input as #1
open sOut & "\" & sFile for output as #2
while not eof (1)
line input #1,sLine
if instr(sLine, "\x02") = 0 then print #2, sLine
wend
close 1
close 2
wend
end sub
Should work in Access pretty easily as well.
*********** REPLY SEPARATOR ***********
On 08/04/2004 at 14:36 Octave Orgeron wrote:
>Hi,
>
>I recently found that analog does not process logs that have entries
>from a Windows DAV attack. Here is the output of running analog on such
>a log with debugging turned on:
>
># ./analog +C"HOSTURL http://test.com"; +C"LOGFILE
>/var/tmp/analog-5.32/access_log" +C"OUTFILE
>/var/tmp/analog-5.32/test.html" +C"HOSTNAME test.com"
>./analog: analog version 5.32/Unix
>F: Closing configuration file /var/tmp/analog-5.32/analog.cfg
>F: Opening /var/tmp/analog-5.32/lang/uk.lng as language file
>F: Closing language file /var/tmp/analog-5.32/lang/uk.lng
>F: Opening /var/tmp/analog-5.32/lang/ukdom.tab as domains file
>F: Closing domains file /var/tmp/analog-5.32/lang/ukdom.tab
>F: Opening /var/tmp/analog-5.32/lang/ukdesc.txt as report descriptions file
>F: Closing report descriptions file /var/tmp/analog-5.32/lang/ukdesc.txt
>F: Opening /var/tmp/analog-5.32/access_log as logfile
>C: 65.60.150.234 - - [08/Apr/2004:01:05:46 -0600] "SEARCH
>/\x90\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1
>C: *
>./analog: Warning F: Can't auto-detect format of logfile
> /var/tmp/analog-5.32/access_log: ignoring it
> (For help on all errors and warnings, see docs/errors.html)
>F: Closing logfile /var/tmp/analog-5.32/access_log
>S: Successful requests: 0
>S: Redirected requests: 0
>S: Failed requests: 0
>S: Requests returning informational status code: 0
>S: Status code not given: 0
>S: Unwanted lines: 0
>S: Corrupt lines: 1
>F: Opening /var/tmp/analog-5.32/test.html as output file
>./analog: Warning R: Turning off empty time reports
>./analog: Warning R: Turning off empty Request Report
>./analog: Warning R: Turning off empty File Type Report
>./analog: Warning R: Turning off empty Directory Report
>./analog: Warning R: Turning off empty Domain Report
>./analog: Warning R: Turning off empty Organisation Report
>./analog: Warning R: Turning off empty Search Word Report
>./analog: Warning R: Turning off empty Operating System Report
>./analog: Warning R: Turning off empty File Size Report
>./analog: Warning R: Turning off empty Status Code Report
>F: Closing /var/tmp/analog-5.32/test.html
>
>The corrupted line is very long. Is there a way around this kind of
>problem?
>
>Octave
>
>
>+------------------------------------------------------------------------
>| TO UNSUBSCRIBE from this list:
>| http://lists.isite.net/listgate/analog-help/unsubscribe.html
>|
>| Digest version: http://lists.isite.net/listgate/analog-help-digest/
>| Usenet version: news://news.gmane.org/gmane.comp.web.analog.general
>| List archives: http://www.analog.cx/docs/mailing.html#listarchives
>+------------------------------------------------------------------------
+------------------------------------------------------------------------
| TO UNSUBSCRIBE from this list:
| http://lists.isite.net/listgate/analog-help/unsubscribe.html
|
| Digest version: http://lists.isite.net/listgate/analog-help-digest/
| Usenet version: news://news.gmane.org/gmane.comp.web.analog.general
| List archives: http://www.analog.cx/docs/mailing.html#listarchives
+------------------------------------------------------------------------
