[Openvas-discuss] false positives and version detection

Stefan Schwarz Stefan.Schwarz at unibw.de
Thu Oct 6 16:13:05 CEST 2011


Am 06.10.2011 15:13, schrieb Michael Meyer:
> *** Thomas Reinke<lists at securityspace.com>  wrote:
>
>> 1) We disable the banner checks if a local security check was run.
>> 2) Use a more granular approach - "up" report the version of
>> 3) A even more granular approach of flagging that an LSC detecting
>
> 4) http://seclists.org/openvas/2010/q4/152
>
> Micha
>
As already discussed on this list, report paranoia isn't a solution to 
this problem as long as most of the relevant NVTs don't use this option.
My current counting shows that only 156 NVTs of more than 22K are using it.

In my example of having FPs with PHP on Debian nothing changed when 
switching to "avoid false alarms".

	Stefan

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 6299 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.wald.intevation.org/pipermail/openvas-discuss/attachments/20111006/dd51a68d/attachment.p7s>


More information about the Openvas-discuss mailing list