Hi, On 10.05.2018 16:24, Stelios Barberakis wrote: > Thank you for your help. I managed to resolve the issue back then, > cloning and modifying the scan config template. > Unfortunately after Monday update, I haven't been able to reproduce the > "printer detection" situation (default scan configs obviously). The > issue seems to have been resolved for me.
mhhh thats quite strange but the mis-identification could be caused by the following: > I am probably *getting off topic* here, but in case this helps in some way: > > Since then, the issue is that the scans take ages to complete(~20 hours > for default: full and very deep), while sometimes it remains at 1% > forever. High cpu usage (over 70% for every core during the scan ~ when > it passes over 1%). > > I was thinking that I may be getting blocked by host provider's firewall > and I tried with: > /Maximum concurrently executed NVTs per host: 1 > Maximum concurrently scanned hosts: 1 > /which didn't change anything, as far as I can tell. > > My server is a debian Managed VPS at a2hosting. > > I set log_whole_attack=yes, but it didn't give me any usefull info, > besides what I am attaching. this sounds to me like outdated components of the OpenVAS framework. The current releases of the OpenVAS 9 components available at: http://www.openvas.org/install-source.html have a fix included for exactly such an issue you're describing. Regards, > On 7 May 2018 at 17:17, Christian Fischer > <christian.fisc...@greenbone.net > <mailto:christian.fisc...@greenbone.net>> wrote: > > Hi, > > did you had a chance to re-scan your server with the updated feed to see > the extended output? > > Regards, > > On 30.04.2018 15:33, Stelios Barberakis wrote: > > thanks Christian > > > > On 28 April 2018 at 16:04, Christian Fischer < > > christian.fisc...@greenbone.net > <mailto:christian.fisc...@greenbone.net>> wrote: > > > >> Hi, > >> > >> On 28.04.2018 01:30, Stelios Barberakis wrote: > >>> I apologise if this is a double post, but I think the previous > one was > >>> not delivered. > >> > >> you can check the delivering status on your own if you browse the > >> mailing list archives available at: > >> > >> http://lists.wald.intevation.org/pipermail/openvas-discuss/ > <http://lists.wald.intevation.org/pipermail/openvas-discuss/> > >> > >> where you can see that your previous mail was delivered as well: > >> > >> http://lists.wald.intevation.org/pipermail/openvas-discuss/ > <http://lists.wald.intevation.org/pipermail/openvas-discuss/> > >> 2018-April/012012.html > >> > >>> Using the web UI, I can see the settings, including 'Exclude > printers > >>> from scan' (screenshot attached in the link). > >>> > >>> but I can't find out *how to change it*. The configuration files > doesn't > >>> include any such option: > >> > >> The openvassd.conf is the wrong place you're looking at. You > would need > >> to clone the "Full and Fast" scan configuration to be able to change > >> this setting. > >> > >> But instead of changing the scan configuration i'm quite > interested in > >> why your server is detected as a printer. Starting with the next feed > >> update (around Monday next week) the following NVTs will print > out the > >> reason why your system was detected as a printer: > >> > >> Do not scan printers > >> OID: 1.3.6.1.4.1.25623.1.0.11933 > >> > >> Do not print on AppSocket and socketAPI printers > >> OID: 1.3.6.1.4.1.25623.1.0.12241 > >> > >> It would be great if you could share the output of the NVTs either > >> privately or here at the mailing list. > >> > >> Thanks, _______________________________________________ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
