#!/usr/local/bin/perl -w
# Name: ~/www/bin/nimbdafilter		Author: js-cgi@inwap.com 04-Nov-2001
# Purpose: Filters out Nimda requests from the access log

use strict;

my $Usage = "Usage: $0 file1 [file2.gz ...]\n";
die $Usage unless @ARGV;		# Must specify files on command line
foreach my $file (@ARGV) {
  my $tmp = "$file.tmp";
  my $mtime = (stat $file)[9];		# File modification time
  my ($in,$out) = ("<$file",">$tmp");	# If access_log is not gzip'd
  if ($file =~ /\.gz$/) {
    $in  = "zcat $in|";
    $out = "|gzip --best >$file.tmp";
  }
  if (open IN,$in) {
    open OUT,$out or (warn("Could not open '$out': $!\n"), next);
    print "Filtering: $in ... $out\n";
    my ($count_good,$count_bad) = (0,0);
    while(<IN>) {
      if (	# Add 'm%regular-expression% ||' for each patter to filter
	m%/scripts/%	||
	m%/MSADC/%	||
	m%/winnt/%	||
	m%/root\.exe%	||
	m%/cmd\.exe%	||
      0) {
	$count_bad++;
	next;
      } else {
	$count_good++;
	print OUT $_ or warn "Output error: $!\n";
      }
    }; close IN;
    close OUT or warn "Output error: $!\n";
    utime $mtime,$mtime,$tmp || 1;	# Set date/time on output file
    if ($count_bad) {
      print "$count_good good lines, $count_bad bad lines\n";
      rename $file,"$file.old" or warn "Rename to $file to .old failed: $!\n";
      rename $tmp,$file or warn "Rename of $tmp to $file failed: $!\n";
    } else {
      print "Read $count_good lines but did not find any filterable ones\n";
      unlink $tmp or warn "Could not delete temporary file $tmp: $!\n";
    }
  } else {
    warn "Could not open '$in': $!\n";
  }
}