Hi, > That forum convo says the Nessus one has reported considerable false > positives.
if you're referencing this post: https://discussions.nessus.org/message/25342#25342 then those false positives where caused by a local check. > If you are testing with 4 different scripts (openvas, nessus, > metasploit, and ssltest.py) and only nessus is saying it is vulnerable, > isn't that a 75% chance it is false positive? I have also tested the check-ssl-heartbleed.pl as posted in here: https://discussions.nessus.org/message/25365#25365 at the moment there are 4 "not vulnerables" (OpenVAS, Metasploit and the two scripts) against 1 "vulnerable" (Nessus). I didn't had the time today to do more testing / research but at the moment it seems that those are nessus false positives. > Do you believe it is vulnerable? Have you patched and nessus still > claims it is vuln? As this is a system of a customer where i don't have access to the infos about the patch level of this system i don't know if it's already patched. _______________________________________________ Openvas-discuss mailing list [email protected] https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
