[Plugins-writers] Plugin 14312: Lotus smency.nsf file check

Previous message: Nicolas Gregoire: "[Plugins-writers] False negatives due to localization in IIS plugins"
Next in thread: Renaud Deraison: "Re: [Plugins-writers] Plugin 14312: Lotus smency.nsf file check"
Reply: Renaud Deraison: "Re: [Plugins-writers] Plugin 14312: Lotus smency.nsf file check"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

erik@private

Greetings,

A colleague of mine has educated me that there are other sensitive 
files that might be exposed by a poorly configured ScanMail besides the 
smency.nsf file:

  ScanMail Configuration - smconf.nsf
  ScanMail Help - smhelp.nsf
  ScanMail File Types - smftypes.nsf
  ScanMail Messages - smmsg.nsf
  ScanMail Quarantine - smquar.nsf
  ScanMail Scheduler - smtime.nsf
  ScanMail Log - smvlog.nsf
  ScanMail Admin Add-in - smadmr5.nsf

I think those should be checked for also.  I'd like to submit a patch 
but want to ask a question first.  The description and plugin title 
refer to smency.nsf specifically.  Is it wise to generalize this 
commentary, regardless of which file was actually found to be readable? 
  I think it should be fine, but wanted to double-check first.

Best regards,
Erik Stephens                                                           
    www.edgeos.com
                                                 Managed Vulnerability 
Assessment Services

_______________________________________________
Plugins-writers mailing list
Plugins-writers@private
http://mail.nessus.org/mailman/listinfo/plugins-writers