Write a script to get around it. My PERL's a bit rusty, but in VB I'd do this:
sub RemoveDAVAttacks(sDir as string, sOut as string) dim sFile as string sFile = Dir$(sDir & "\*.*") while len(sFile) sFile=Dir$() open sDir & "\" & sFile for input as #1 open sOut & "\" & sFile for output as #2 while not eof (1) line input #1,sLine if instr(sLine, "\x02") = 0 then print #2, sLine wend close 1 close 2 wend end sub Should work in Access pretty easily as well. *********** REPLY SEPARATOR *********** On 08/04/2004 at 14:36 Octave Orgeron wrote: >Hi, > >I recently found that analog does not process logs that have entries >from a Windows DAV attack. Here is the output of running analog on such >a log with debugging turned on: > ># ./analog +C"HOSTURL http://test.com" +C"LOGFILE >/var/tmp/analog-5.32/access_log" +C"OUTFILE >/var/tmp/analog-5.32/test.html" +C"HOSTNAME test.com" >./analog: analog version 5.32/Unix >F: Closing configuration file /var/tmp/analog-5.32/analog.cfg >F: Opening /var/tmp/analog-5.32/lang/uk.lng as language file >F: Closing language file /var/tmp/analog-5.32/lang/uk.lng >F: Opening /var/tmp/analog-5.32/lang/ukdom.tab as domains file >F: Closing domains file /var/tmp/analog-5.32/lang/ukdom.tab >F: Opening /var/tmp/analog-5.32/lang/ukdesc.txt as report descriptions file >F: Closing report descriptions file /var/tmp/analog-5.32/lang/ukdesc.txt >F: Opening /var/tmp/analog-5.32/access_log as logfile >C: 65.60.150.234 - - [08/Apr/2004:01:05:46 -0600] "SEARCH >/\x90\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1 >C: * >./analog: Warning F: Can't auto-detect format of logfile > /var/tmp/analog-5.32/access_log: ignoring it > (For help on all errors and warnings, see docs/errors.html) >F: Closing logfile /var/tmp/analog-5.32/access_log >S: Successful requests: 0 >S: Redirected requests: 0 >S: Failed requests: 0 >S: Requests returning informational status code: 0 >S: Status code not given: 0 >S: Unwanted lines: 0 >S: Corrupt lines: 1 >F: Opening /var/tmp/analog-5.32/test.html as output file >./analog: Warning R: Turning off empty time reports >./analog: Warning R: Turning off empty Request Report >./analog: Warning R: Turning off empty File Type Report >./analog: Warning R: Turning off empty Directory Report >./analog: Warning R: Turning off empty Domain Report >./analog: Warning R: Turning off empty Organisation Report >./analog: Warning R: Turning off empty Search Word Report >./analog: Warning R: Turning off empty Operating System Report >./analog: Warning R: Turning off empty File Size Report >./analog: Warning R: Turning off empty Status Code Report >F: Closing /var/tmp/analog-5.32/test.html > >The corrupted line is very long. Is there a way around this kind of >problem? > >Octave > > >+------------------------------------------------------------------------ >| TO UNSUBSCRIBE from this list: >| http://lists.isite.net/listgate/analog-help/unsubscribe.html >| >| Digest version: http://lists.isite.net/listgate/analog-help-digest/ >| Usenet version: news://news.gmane.org/gmane.comp.web.analog.general >| List archives: http://www.analog.cx/docs/mailing.html#listarchives >+------------------------------------------------------------------------ +------------------------------------------------------------------------ | TO UNSUBSCRIBE from this list: | http://lists.isite.net/listgate/analog-help/unsubscribe.html | | Digest version: http://lists.isite.net/listgate/analog-help-digest/ | Usenet version: news://news.gmane.org/gmane.comp.web.analog.general | List archives: http://www.analog.cx/docs/mailing.html#listarchives +------------------------------------------------------------------------