Re: [Plugins-writers] Comment on NID:11157

From: Michel Arboi (mikhail@private)
Date: Fri Apr 15 2005 - 07:50:30 PDT

On Fri Apr 15 2005 at 16:39, MadHat wrote:

> So, the better solution would be to fingerprint the port better,
> identifying OfficeScan as what is running


> and not alert on it if it _is_ a valid app?

trojan_horses.nasl already does this. Unfortunately, this does not
eliminate all false alerts.
So this plugin is disabled if "avoid FP" is set.
Plugins-writers mailing list

This archive was generated by hypermail 2.1.3 : Fri Apr 15 2005 - 07:51:20 PDT