The sendmail plugin (sendmail_header.nasl) only uses the sendmail header when you do a direct connection to the SMTP server. However, there might be an alternative way to determine which version of Sendmail you are running. Sample: 220 XXXXXX ESMTP Sendmail; Thu, 6 Mar 2003 10:30:40 +0100 ver 500 5.5.1 Command unrecognized: "ver" help 214-2.0.0 This is sendmail version YYYYYY 214-2.0.0 Topics: (...) Even if the header (220) does _not_ include the header at all the 'help' command does. I've seen this in some Sendmail versions. For those that do not have "hidden" the sendmail server version: (sample configuration from a standard Solaris 8 isntallation) $ telnet localhost 25 Trying 127.0.0.1... Connected to localhost. Escape character is '^]'. 220 XXXXXX ESMTP Sendmail 8.11.6+Sun/8.11.6; Thu, 6 Mar 2003 11:00:35 +0100 (MET) help 214-2.0.0 This is sendmail version 8.11.6+Sun 214-2.0.0 Topics: This might an alternative check for the sendmail-header check. It doesn't look very difficult to code ¿Opinions? Regards Javi
This archive was generated by hypermail 2b30 : Thu Mar 06 2003 - 02:22:58 PST