I can't block this worm from being logged. I know it's something trying to get in through webdav, but since I don't have that right now all it does is clogging my access log.
I've searched the net for a solution how to block this in httpd.conf like I did to block code red and some other worms, but it just wont work. It's still getting logged and I'm starting to lean towards a bug in apache.
(and so on. 32797 bytes total being logged per request)
Since I'm already blocking Nimda and Code Red I tried to modify that to be able to block this new one.
I've tried this in httpd.conf:
SetEnvIfNoCase Request_URI "^search" DontLog
SetEnvIfNoCase Request_URI search DontLog
SetEnvIfNoCase Request_URI SEARCH DontLog
and every possible variant. More advanced regexp variants too, but nothing seems to help.