On Apr 15, 2005, at 9:50 AM, Michel Arboi wrote: > On Fri Apr 15 2005 at 16:39, MadHat wrote: > >> So, the better solution would be to fingerprint the port better, >> identifying OfficeScan as what is running > > Right > >> and not alert on it if it _is_ a valid app? > > trojan_horses.nasl already does this. Unfortunately, this does not > eliminate all false alerts. Right, if it is able to identify the port, it does not report it (unless I misread the nasl script). So find_service2 or one of the others need to identify it. nmap-service-probes file states that a "Trend Micro OfficeScan antivirus update client" responds to a GET request with a Server type of "OfficeScan Client" but I am not sure if that is this client or not, since I do not have access to it. > So this plugin is disabled if "avoid FP" is set. Understood _______________________________________________ Plugins-writers mailing list Plugins-writers@private http://mail.nessus.org/mailman/listinfo/plugins-writers
This archive was generated by hypermail 2.1.3 : Fri Apr 15 2005 - 07:59:58 PDT