From 296f85238ef3f37c22b5687cbb80ca9cebaafd7a Mon Sep 17 00:00:00 2001
From: eldy <>
Date: Sun, 30 Nov 2003 20:49:23 +0000
Subject: [PATCH] Added a Worms report.

---
 docs/awstats_changelog.txt         |  7 +++++-
 docs/awstats_config.html           |  8 ++++---
 docs/awstats_faq.html              |  4 +++-
 wwwroot/cgi-bin/awstats.model.conf |  7 +++---
 wwwroot/cgi-bin/awstats.pl         |  2 +-
 wwwroot/cgi-bin/lib/worms.pm       | 36 ++++++++++++++++++------------
 6 files changed, 41 insertions(+), 23 deletions(-)

diff --git a/docs/awstats_changelog.txt b/docs/awstats_changelog.txt
index 1499e16e..b4fd1653 100644
--- a/docs/awstats_changelog.txt
+++ b/docs/awstats_changelog.txt
@@ -31,7 +31,8 @@ Fixes:
 
 New features/improvements:
 - Increased speed by 10 to 20%.
-- Added a Worms report.
+- Added a Worms report (Added LevelForWormsDetection and
+  ShowWormsStats parameter).
 - Added report for "not viewed" traffic in Summary report.
 - Monthly history report have been taken out the Summary report.
 - Some changes to make AWStats to be XML compliant ready.
@@ -84,6 +85,10 @@ Note 1: When migrating to 6.x series, if you use the ExtraSections feature,
 
 Note 2: MaxLengthOfURL parameter has been renamed into MaxLengthOfShownURL
 
+Note 3: To enable the new worm detection, you must add parameter
+  LevelForWormsDetection=2
+
+
 
 5.9
 
diff --git a/docs/awstats_config.html b/docs/awstats_config.html
index aa07317f..368941fe 100644
--- a/docs/awstats_config.html
+++ b/docs/awstats_config.html
@@ -113,6 +113,7 @@ when reading it), follow the example:<br>
 <li><a href="#LevelFor">LevelForRobotsDetection</a>
 <li><a href="#LevelFor">LevelForSearchEnginesDetection</a>
 <li><a href="#LevelFor">LevelForFileTypesDetection</a>
+<li><a href="#LevelFor">LevelForWormsDetection</a>
 
 </ul>
 
@@ -1181,7 +1182,7 @@ AWStats 4.1+ supports both keywords AND keyphrases by default with no need of an
 <br>#  1 = Medium/Standard detection
 <br>#  2 = Full detection
 <br># Change : Effective for new updates only
-<br># Default: 2
+<br># Default: 2 (0 for LevelForWormsDetection)
 <br>#
 <br>LevelForBrowsersDetection=2			# 0 disables Browsers detection.
 <br>LevelForOSDetection=2				# 0 disables OS detection.
@@ -1189,6 +1190,7 @@ AWStats 4.1+ supports both keywords AND keyphrases by default with no need of an
 <br>LevelForRobotsDetection=2			# 0 disables Robots detection.
 <br>LevelForSearchEnginesDetection=2	# 0 disables Search engines detection.
 <br>LevelForFileTypesDetection=2		# 0 disables file types detection.
+<br>LevelForWormsDetection=0			# 0 disables Worms detection.
 
 <br><br><hr>
 
@@ -1329,8 +1331,8 @@ ShowOSStats,ShowOriginStats,ShowKeyphrasesStats,ShowKeywordsStats,ShowHTTPErrors
 <br># Default: HBL, Possible codes: HBL
 <br>ShowRobotsStats=HBL
 <br># Show worms chart
-<br># Default: HBL, Possible codes: HBL
-<br>ShowWormsStats=HBL
+<br># Default: 0 (See also LevelForWormsDetection if set), Possible codes: HBL
+<br>ShowWormsStats=0
 <br># Show email senders chart (For use when analyzing mail log files)
 <br># Default: 0, Possible codes: HBML
 <br>ShowEMailSenders=0
diff --git a/docs/awstats_faq.html b/docs/awstats_faq.html
index f3f62fd4..3e630408 100644
--- a/docs/awstats_faq.html
+++ b/docs/awstats_faq.html
@@ -1116,11 +1116,13 @@ This means your AWStats reference database files (operating systems, browsers, r
 First try to update to last version. Then check in your disk that you have only ONE of those files. They should be
 in '<b>lib</b>' directory ('db' with 4.0) where awstats.pl is installed:<br>
 <i>browsers.pm</i><br>
+<i>domains.pm</i><br>
 <i>operating_systems.pm</i><br>
 <i>robots.pm</i><br>
-<i>domains.pm</i><br>
 <i>search_engines.pm</i><br>
 <i>worms.pm</i><br>
+<i>status_http.pm</i><br>
+<i>status_smtp.pm</i><br>
 <br>
 
 <a name="COULDNOTOPEN"></a><br>
diff --git a/wwwroot/cgi-bin/awstats.model.conf b/wwwroot/cgi-bin/awstats.model.conf
index a400fe15..3d362713 100644
--- a/wwwroot/cgi-bin/awstats.model.conf
+++ b/wwwroot/cgi-bin/awstats.model.conf
@@ -773,7 +773,7 @@ MiscTrackerUrl="/js/awstats_misc_tracker.js"
 #  1 = Medium/Standard detection
 #  2 = Full detection
 # Change : Effective for new updates only
-# Default: 2
+# Default: 2 (0 for LevelForWormsDetection)
 #
 LevelForBrowsersDetection=2				# 0 disables Browsers detection.
 LevelForOSDetection=2					# 0 disables OS detection.
@@ -781,6 +781,7 @@ LevelForRefererAnalyze=2				# 0 disables Origin detection.
 LevelForRobotsDetection=2				# 0 disables Robots detection.
 LevelForSearchEnginesDetection=2		# 0 disables Search engines detection.
 LevelForFileTypesDetection=2			# 0 disables File types detection.
+LevelForWormsDetection=0				# 0 disables Worms detection.
 
 
 
@@ -894,8 +895,8 @@ ShowAuthenticatedUsers=0
 # Default: HBL, Possible codes: HBL
 ShowRobotsStats=HBL
 # Show worms chart
-# Default: HBL, Possible codes: HBL
-ShowWormsStats=HBL
+# Default: 0 (See also LevelForWormsDetection if set), Possible codes: HBL
+ShowWormsStats=0
 # Show email senders chart (For use when analyzing mail log files)
 # Default: 0, Possible codes: HBML
 ShowEMailSenders=0
diff --git a/wwwroot/cgi-bin/awstats.pl b/wwwroot/cgi-bin/awstats.pl
index c96114bb..d538f577 100644
--- a/wwwroot/cgi-bin/awstats.pl
+++ b/wwwroot/cgi-bin/awstats.pl
@@ -7017,7 +7017,7 @@ if (scalar keys %HTMLOutput) {
 				my $menuicon=0;
 				# Menu HTML
 				print "<table".($frame?" cellspacing=\"0\" cellpadding=\"0\" border=\"0\"":"").">\n";
-				if ($ShowMonthStats)		 { print ($frame?"<tr><td class=\"awsm\">":""); print "<a href=\"$linkanchor#TOP\"$targetpage>$Message[128]</a>"; print ($frame?"</td></tr>\n":" &nbsp; "); }
+				if ($FrameName eq 'mainleft' && $ShowMonthStats)		 { print ($frame?"<tr><td class=\"awsm\">":""); print "<a href=\"$linkanchor#TOP\"$targetpage>$Message[128]</a>"; print ($frame?"</td></tr>\n":" &nbsp; "); }
 				# When
 				$linetitle=&AtLeastOneNotNull($ShowMonthStats,$ShowDaysOfMonthStats,$ShowDaysOfWeekStats,$ShowHoursStats);
 				if ($linetitle) { print "<tr><td class=\"awsm\" width=\"$WIDTHMENU1\"".($frame?"":" valign=\"top\"").">".($menuicon?"<img src=\"$DirIcons/other/menu4.png\" />&nbsp;":"")."<b>$Message[93]:</b></td>\n"; }
diff --git a/wwwroot/cgi-bin/lib/worms.pm b/wwwroot/cgi-bin/lib/worms.pm
index c67e18c0..6891aaf2 100644
--- a/wwwroot/cgi-bin/lib/worms.pm
+++ b/wwwroot/cgi-bin/lib/worms.pm
@@ -16,34 +16,42 @@
 # to web server.
 #-------------------------------------------------------
 @WormsSearchIDOrder = (
-'/default.ida?',
-'exe?/c+dir',
-#'root.exe?/c',
-#'cmd.exe?/c',
+'\/default\.ida',
+'\/null\.idq',
+'exe\?\/c\+dir',
+'root\.exe',
+'Admin\.dll',
+'Admin\.dll',
+'\/winnt\/system32\/cmd\.exe',
+'\/_vti_inf\.html',
+'\/_vti_bin\/shtml\.exe\/_vti_rpc'
 );
 
-
 # WormsHashID
 # Each Worms search ID is associated to a string that is unique name of worm.
 #--------------------------------------------------------------------------
-%WormsHashID	= (
-'/default.ida?','code_red',
-'exe?/c+dir','nimba'
-#'root.exe?/c','nimba',
-#'cmd.exe?/c','nimba'
+%WormsHashID = (
+'\/default\.ida','code_red',
+'\/null\.idq','code_red',
+'exe\?\/c\+dir','nimba',
+'root\.exe','nimba',
+'Admin\.dll','nimba',
+'Admin\.dll','nimba',
+'\/winnt\/system32\/cmd\.exe','nimba',
+'\/_vti_inf\.html','unknown',
+'\/_vti_bin\/shtml\.exe\/_vti_rpc','unknown'
 #'/MSOffice/cltreq.asp'		# Not a worm, a check by IE to see if discussion bar is turned on
 #'/_vti_bin/owssrv.dll'		# Not a worm, a check by IE to see if discussion bar is turned on
 );
 
-
 # WormsHashLib
 # Worms name list ('worm unique id in lower case','worm clear text')
 # Each unique ID string is associated to a label
 #-------------------------------------------------------
-%WormsHashLib   = (
+%WormsHashLib = (
 'code_red','Code Red family worm',
-'nimba','Nimba family worm'
+'nimba','Nimba family worm',
+'unknown','Unknown worm'
 );
 
-
 1;
-- 
2.47.3