#!/usr/local/bin/perl
#
# Notify CodeRed infection to SecurityFocus
# Usage: codered_notify.pl [-f youraddress] < /path/to/access_log
#
# SEE ALSO: http://www.securityfocus.com/archive/1/201907
#

use strict;
use Config;
use Getopt::Std;
use Mail::Sendmail;

getopts('f:', \my %opt);

my $from = $opt{f} || $Config{cf_email};
my $to   = 'aris-report@securityfocus.com';

my %ip2date;
while (<>) {
    next unless m@GET /default\.ida\?[XN]+@;
    my($ip, $datetime) = /^(.*?) .*? .*? \[(.*?)\]/;
    next if $ip2date{$ip};
    $ip2date{$ip} = $datetime;
}

my $message = join '', map { "$_ $ip2date{$_}\n" } keys %ip2date;
sendmail(
    To      => $to,
    From    => $from,
    Message => $message,
    Subject => "CodeRed Infection Notification",
);