Output from the banner grabber: Remote SMTP server banner : 220- hostname.com.com Sendmail 950413.SGI.8.6.12/950213.SGI.AUTOCF ready at Tue, 4 Mar 2003 12:54:30 -0600
220 ESMTP spoken here Running test manually: # /opt/nessus/bin/nasl -t hostname -s sendmail_header.nasl [25225] plug_set_key:send(0)['1 smtp/banner/25=220- hostname.com.com Sendmail 950413.SGI.8.6.12/950213.SGI.AUTOCF ready at Tue, 4 Mar 2003 13:05:20 -0600\r\n220 ESMTP spoken here\r\n; '](0 out of 153): Socket operation on non-socket [25225](sendmail_header.nasl) ereg() : regcomp() failed I'll leave the regex tweaking to the experts, but shouldn't that version be vulnerable? Maybe it's confused because there's an extra "\r\n" in there? Also, the default read timeout of 5 seconds missed several systems so I up-ed it to 15 and it seems to catch the rest. I think that was the old default. Versions: Nessus 2.0.1, plugins updated just now (~13:00 CST). Thanks, Owen
