www.pudn.com > antinimda.zip > nimdafilter.cpp
// NIMDAFILTER.CPP - Implementation file for your Internet Server
// Nimda Virus Filter
#include "stdafx.h"
#include "nimdafilter.h"
///////////////////////////////////////////////////////////////////////
// The one and only CWinApp object
// NOTE: You may remove this object if you alter your project to no
// longer use MFC in a DLL.
CWinApp theApp;
///////////////////////////////////////////////////////////////////////
// The one and only CNimdaFilter object
CNimdaFilter theFilter;
///////////////////////////////////////////////////////////////////////
// CNimdaFilter implementation
CNimdaFilter::CNimdaFilter()
{
/* alloc and set default log filename */
char logfilename[1024];
DWORD szlogfilename=sizeof(logfilename);
DWORD type=REG_SZ;
strcpy(logfilename,"c:\\malformed_urls2.log");
/* try to load the log filename from the registry */
HKEY hkey;
if (RegOpenKey(HKEY_LOCAL_MACHINE,"SYSTEM\\CurrentControlSet\\Services\\W3SVC\\Parameters",&hkey)==ERROR_SUCCESS)
if (RegQueryValueEx(hkey,"NimdaFilterLog",0,&type,(LPBYTE)logfilename,&szlogfilename)==ERROR_SUCCESS) {
}
else if (RegQueryValueEx(hkey,"LogFileDirectory",0,&type,(LPBYTE)logfilename,&szlogfilename)==ERROR_SUCCESS) {
strcat(logfilename,"\\nimdafilter.log");
}
/* open the log file */
logfile.Open(logfilename,CFile::modeCreate | CFile::modeNoTruncate | CFile::modeWrite | CFile::shareDenyWrite);
if (logfile.m_hFile) {
logfile.SeekToEnd();
}
}
CNimdaFilter::~CNimdaFilter()
{
if (logfile.m_hFile)
logfile.Close();
}
BOOL CNimdaFilter::GetFilterVersion(PHTTP_FILTER_VERSION pVer)
{
// Call default implementation for initialization
CHttpFilter::GetFilterVersion(pVer);
// Clear the flags set by base class
pVer->dwFlags &= ~SF_NOTIFY_ORDER_MASK;
// Set the flags we are interested in
pVer->dwFlags |= SF_NOTIFY_ORDER_HIGH | SF_NOTIFY_SECURE_PORT | SF_NOTIFY_NONSECURE_PORT
/* | SF_NOTIFY_AUTHENTICATION | SF_NOTIFY_PREPROC_HEADERS */ | SF_NOTIFY_URL_MAP;
// Load description string
TCHAR sz[SF_MAX_FILTER_DESC_LEN+1];
ISAPIVERIFY(::LoadString(AfxGetResourceHandle(),
IDS_FILTER, sz, SF_MAX_FILTER_DESC_LEN));
_tcscpy(pVer->lpszFilterDesc, sz);
return TRUE;
}
CString GetServerVariable(CHttpFilterContext* pCtxt, LPCTSTR name)
{
char buffer[8096];
DWORD sz=sizeof(buffer);
pCtxt->GetServerVariable((char*)name,buffer,&sz);
return CString(buffer);
}
DWORD CNimdaFilter::OnPreprocHeaders(CHttpFilterContext* pCtxt,
PHTTP_FILTER_PREPROC_HEADERS pHeaderInfo)
{
return SF_STATUS_REQ_NEXT_NOTIFICATION;
}
DWORD CNimdaFilter::OnAuthentication(CHttpFilterContext* pCtxt,
PHTTP_FILTER_AUTHENT pAuthent)
{
return SF_STATUS_REQ_NEXT_NOTIFICATION;
}
DWORD CNimdaFilter::OnUrlMap(CHttpFilterContext* pfc,
PHTTP_FILTER_URL_MAP pUrlMap)
{
CString path(pUrlMap->pszPhysicalPath);
if (path.Find('%')!=-1) {
/* log malformed url to server */
try{
if (logfile.m_hFile) {
CString s;
s.Format("[%s : %s] %s\r\n", GetServerVariable(pfc, "REMOTE_ADDR"), CTime::GetCurrentTime().Format("%d:%m:%y %H:%M:%S"), pUrlMap->pszURL);
logfile.Write((LPCTSTR)s,s.GetLength());
}
} catch(...) {
TRACE("Failed to write to log file.\r\n");
}
/* malformed url : return error */
return SF_STATUS_REQ_ERROR;
}
else
return CHttpFilter::OnUrlMap(pfc, pUrlMap);
}
// Do not edit the following lines, which are needed by ClassWizard.
#if 0
BEGIN_MESSAGE_MAP(CNimdaFilter, CHttpFilter)
//{{AFX_MSG_MAP(CNimdaFilter)
//}}AFX_MSG_MAP
END_MESSAGE_MAP()
#endif // 0
///////////////////////////////////////////////////////////////////////
// If your extension will not use MFC, you'll need this code to make
// sure the extension objects can find the resource handle for the
// module. If you convert your extension to not be dependent on MFC,
// remove the comments arounn the following AfxGetResourceHandle()
// and DllMain() functions, as well as the g_hInstance global.
/****
static HINSTANCE g_hInstance;
HINSTANCE AFXISAPI AfxGetResourceHandle()
{
return g_hInstance;
}
BOOL WINAPI DllMain(HINSTANCE hInst, ULONG ulReason,
LPVOID lpReserved)
{
if (ulReason == DLL_PROCESS_ATTACH)
{
g_hInstance = hInst;
}
return TRUE;
}
****/