Hi all, I'm quite new to Nessus. I installed first the stable version, did a nessus-update-plugin, and start a scan with the nessus command line scanner. the rsult says that on my Lotus box all the logs database can be accessed anonymously: it's not true. I redirect all the http traffic trought a https autentication database. Wget infact, retirving the http://myserver.domain.it/log.nsf file doesn't give me the "page not found" error with code 404, but give the output of the login form I use to authenticate users. May be this is why hte plug-in think every is fine and the db can easyly be accessed. I think it will be enough to have the plugin check for the URL the server return, on top of the error code, so that it can detect the redirection. Hope someone can share with me his experience on Lotus & Nessus. Regards, Simone Chemelli System integration Serenissima Informatica S.p.a. Via Croce Rossa 5 - 35129 Padova - Italy Tel. +39 049 8291111 Fax +39 049 8291209
