Hi, I'm struggling with Nessus false positives which - according to the plugin code - can never happen. Problem is that I scan web servers with the 'no404' configuration (i.e. they always return HTTP 200 with an error page in HTML).
Most web servers listen on both port 80 and port 443. I see random false positives for simple plugins like iis_bdir.nasl. Now here comes the question: does the dependencies guarantee that the scripts against the _same_ port finished or do they just test that at least one instance finished? Example: is the following sequence possible (against the same IP address): 1) no404 starts 2) no404 forks for port 80 and port 443 3) no404 for port 80 terminates 4) iis_bdir starts 5) iis_bdir forks for port 80 and port 443 6) iis_bdir for port 443 terminates with false positive 7) no404 for port 443 terminates 8) iis_bdir for port 80 terminates Help please, I'm lost! so long Norbert _______________________________________________ Nessus mailing list [EMAIL PROTECTED] http://mail.nessus.org/mailman/listinfo/nessus
