WormWarner is a tool designed to warn hosts that are probably infected by worms and is written by Jeroen van Nieuwenhuizen. This is done by scanning the Apache log files and sending email to the host or the ISP when an worm or attack is detected. Wormwarner started in September 2002 as a small project written in Perl. However as I was getting feature requests it quickly growed towards the tool it has become.

Wormwarner has a simple pattern database which makes it easy to add new worm patterns as they appear. Another important feature is the build in rate and mail size control which avoids that wormwarner sends out to much email to an ISP. Wormwarner has also the option to excute external commands, which makes it easy to adapt i.e. firewalls based on the attacks and worms detected by wormwarner.

The goal of the wormwarner project is to provided users with a powerful and flexible, but benign tool to take action against worms and attacks on their webserver(s).

The wormwarner.pl manpage
The warnisp.pl manpage

Wormwarner 2.3
Wormwarner 2.2
Wormwarner 2.1
Wormwarner 2.0
Wormwarner 1.3
Wormwarner 1.2
Wormwarner 1.1
Wormwarner 1.0.10