From jan-oliver.wagner at intevation.de  Wed Sep  3 10:46:19 2008
From: jan-oliver.wagner at intevation.de (Jan-Oliver Wagner)
Date: Wed, 3 Sep 2008 10:46:19 +0200
Subject: [Openvas-announce] OpenVAS NVT Feed Change: Extended to Serve
	Maximum Available
Message-ID: <200809031046.22003.jan-oliver.wagner@intevation.de>

Dear OpenVAS users,

the OpenVAS team plans to extend the current OpenVAS Feed
quite drastically compared to the current coverage [1].
Anyone who configured a OpenVAS Server to use the OpenVAS
NVT Feed should read this announcement carefully.

Currently, the OpenVAS Feed is limited to 100% supported families.
In fact this is just the Debian Local Security Checks.

Thanks to various contributors, the base of NVTs has grown a lot
and is continously improved. Occasional updates of the module
"openvas-plugins" are not sufficient anymore to be reasonably
up-to-date.

Therefore, the OpenVAS Team will accordingly change the policy
of the OpenVAS NVT Feed on

   Wednesday, September 10th 2008

There is no change required on your installation.
After the change of the feed, your next synchronisation
will retrieve a lot of more new NASL and INC files than before.

Also, for each NASL and INC file, a signature file will be transfered.
This means, that now all of the NVTs managed in the OpenVAS
source code repository are accompanied with a signature for
transfer integrity, not just the Debian Local Security Check NVTs. 

In case you have configured OpenVAS server to only execute signed
NVTs, with the feed change any NVT which is available in the
OpenVAS source code repository will be executed.

Reminder: The applied signatures only guarantees an unmodified
transfer from the OpenVAS Feed service to your OpenVAS Server
installation. The signature does not express a quality measure of
any kind!

Please send your comments or questions to the OpenVAS discussion
mailing list[2].

Best regards

        Jan-Oliver Wagner

[1] http://www.openvas.org/openvas-nvt-feed.html
[2] http://lists.wald.intevation.org/mailman/listinfo/openvas-discuss


-- 
Dr. Jan-Oliver Wagner                        Intevation GmbH, Osnabr?ck
Amtsgericht Osnabr?ck, HR B 18998             http://www.intevation.de/
Gesch?ftsf?hrer: Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner

From jan-oliver.wagner at intevation.de  Wed Sep 17 16:41:41 2008
From: jan-oliver.wagner at intevation.de (Jan-Oliver Wagner)
Date: Wed, 17 Sep 2008 16:41:41 +0200
Subject: [Openvas-announce] openvas-plugins 1.0.3 released
Message-ID: <200809171641.44621.jan-oliver.wagner@intevation.de>

Hello,

the OpenVAS developers are happy to announce that
openvas-plugins 1.0.3 is released.

This is a maintenance release with a considerable number
of new (1000+) and improved NASL scripts.

It is recommended to update your installation
with this package because it also contains an
updated feed synchronisation script.

Main changes are:

* Full support for FreeBSD (local security checks)
* Many new vulnerability checks across several families for current
  security issues. Among this many Windows local security checks.
* Fixes for several NASL libraries (mostly .inc files) in order
  to re-enable proper functionality for large number of NASL scripts.
* Reimplementations for some NASL suport routines that were proprietary
  with Nessus.
* Reactivation of license-clarified NASL libraries, e.g. for
  SMB checks.
* Extension for RPM-based systems to allow for package signatures tests
  (this prepares support for OVAL-based checks)
* Many new Debian local security checks (complete and up-to-date)
* All tcp scanners have been reviewed and improved, support for ike,
  pnscan and portbunny is added.
* Improved Debian packaging files.
* Internal consolidation for Knowledge Base entries (especially package
  information for local security checks)
* Updated license auditing routine (internal use)
* Obsolete C plugin "tftp_grab_file" removed.

This release contains contributions by (thank you!):

 Chandrashekhar B
 Tim Brown
 Christian Eric Edjenguele
 Javier Fernandez-Sanguino
 Carsten Koch-Mauthe
 Vlatko Kosturjak
 Thomas Reinke
 Jan-Oliver Wagner
 Michael Wiegand


Best regards

        Jan-Oliver Wagner

-- 
Dr. Jan-Oliver Wagner                        Intevation GmbH, Osnabr?ck
Amtsgericht Osnabr?ck, HR B 18998             http://www.intevation.de/
Gesch?ftsf?hrer: Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner

From jan-oliver.wagner at intevation.de  Thu Sep 25 22:13:18 2008
From: jan-oliver.wagner at intevation.de (Jan-Oliver Wagner)
Date: Thu, 25 Sep 2008 22:13:18 +0200
Subject: [Openvas-announce] OpenVAS 2.0 BETA-Test phase started
Message-ID: <200809252213.21007.jan-oliver.wagner@intevation.de>

Hello,

the OpenVAS developers are proud to announce that
the test phase for the upcoming 2.0 series starts
with the 2.0-beta1 release.

If you like to be a beta-tester you are very welcome
and you should read this announcement very carefully.

Major new features are:

 * Internal change from the old ID scheme to the new
   OID scheme. Old IDs are mapped into the OID scheme.
 
 * OpenVAS Transfer Protocol (OTP) 1.0 replaces
   Nessus Transfer Protocol (NTP) 1.2.
   This includes numerous cleanups of the protocol
   and the transition to OIDs for identifying NVTs.

 * Support of OVAL: OpenVAS server can execute
   OVAL files just like NASL scripts. The "ovaldi" test programme
   is needed for this, but in combination with OpenVAS it
   does not need to run on the target system anymore. 
   The beta1 release offers a preliminary support for
   Redhat Enterprise Linux OVAL tests. 

Apart from this, various internal cleanups happened and
further will be done for the final 2.0.0 release.

The changes affect the modules openvas-libraries, openvas-libnasl,
openvas-server and of course OpenVAS-Client.

The openvas-plugins module remains compatible with both,
the 1.0 and 2.0 series of OpenVAS.
This also means, the OpenVAS NVT feed is compatible for
both release series.

However, if you like to try out the beta version of the upcoming
2.0 release, you should install it separately from your 1.0 stable
release.

The OpenVAS-Client packages offers a experimental converter tool
"openvas1_to_openvas2.sh" in the tools directory of the source code
package. It will convert all of your configuration files, reports and
plugin caches in your ($HOME)/.openvas direcory from old ID to new
OID scheme. This conversion allows to keep old files and this way
make your data compatible for both, OpenVAS-Client 1.0 and 2.0.
Keeping compatibility means doubled disk space consumption, though.
Be aware that the new OpenVAS-Client 2.0 will not create files
that are backward compatible with 1.0!
Try the option "--help" to learn more about the converter script.

The OpenVAS team very much appreciates reports on any experiences
with this first beta of the 2.0 series. Please report
on the OpenVAS mailing lists.

Download: All download links can be found on the OpenVAS homepage.

Of course, the OpenVAS 1.0 series will be further maintained by
the OpenVAS team.

Best regards (on behalf of the growing OpenVAS developer team that
made this new generation of OpenVAS possible)

	Jan-Oliver Wagner

-- 
Dr. Jan-Oliver Wagner                                   Intevation GmbH
Amtsgericht Osnabr?ck, HR B 18998             http://www.intevation.de/
Gesch?ftsf?hrer: Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner