Some food for thought - watching the development lately of the safe checks option and its usage, we've noted a problem with it. Namely, it is not possible to get a thorough scan of a host by scanning it only once.
Why? The problem is the mutual exclusivity of how the safe_checks flag is being used. In essence, the scripts are saying that if the flag is off (i.e. go for the throat and really test the vulnerability), then the script completely ignores reporting what it knows based on the banner. I'd like to propose for consideration that when safe_checks is disabled (ie. the go for the throat real test), that the nasl script STILL report the safe_check results _independently_, labelling it as such. Case in point: the recent Apache chunked encoding vulnerability. We all know that versions < 1.3.26 are vulnerable, yet it has been reported on this list that some versions are not being flagged as vulnerable. So while I can accept that a vulnerability assessment doesn't always catch everything, I'd really like it to give me ALL the possible information it can at one sitting. The way it stands right now, one would have to run through 2 complete passes to get all the information out of Nessus that it could report. Cheers, Thomas
