> 1. > Respekt settings of "report_paranoia". > We can do:
> ,--| > | if (report_paranoia < 2) exit(0);" > `--| > on such plugins. > 2. > Make a note in the report that this could be a false positive because > the vulnerability is only detected by checking the version from > banner. > Any other ideas? If not, i prefer option 2. :-) This is a better option, though it doesn't solve the actual problem. We had discussed this sometimes back about remote checks for the open source based packages since each Linux vendor will have their own version management. It was decided that we'll wait for each vendor to release the respective security advisory and develop only local checks based on that. However, for some important package vulnerabilities, we could go ahead and produce the check based on the open source package version and then add a note as suggested here. Thanks, Chandra. _______________________________________________ Openvas-discuss mailing list [email protected] http://lists.wald.intevation.org/mailman/listinfo/openvas-discuss
