Topic: Corrupt Log Files using version 6.0.1

[psycho]

I am using SME Server 6.0.1 and I am getting corrupt log files.

It has some of the file intact but there is the following text mixed up in the file:

\x90\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1

I do not think that I am getting a complete log file.  I did not have this problem with SME Server version 5.6 and I want to know if anyone knows what is causing this and how I can fix it.

Any help is appreciated.

dave@tcon.net

[NickR]

It's not a corruption, it's a script kiddie trying to exploit a buffer overflow bug in the MS WebDAV component of IIS 5.  The line is over 32Kb long. You should be seeing this in your Apache access logs.  You can get the gory details here http://www.microsoft.com/technet/security/bulletin/MS03-007.mspx

There is a bug in tai64unix which locks the process when it is trying to read a file with lines this long.  The only way is to use the 'download' option & read the file in a text editor which can handle the line lengths.

As to stopping it, you can't really - I've been seeing this stuff regularly for over a year now.  File under the "annoying but harmless" catagory.

[psycho]

Will this affect Version 5.6?

[NickR]

Will this affect Version 5.6?

Probably - I wouldn't use 5.6 as a public-facing machine though.