Correct -- my install is for research purposes, the scan was performed by a 3rd party vendor using an unknown (and apparently out of date) version of nessus.
So: if the plugin was removed at the author's request, my next question is: If I had installed Nessus in '04, and regularly updated plugins since then, would the plugin at some point have been removed by the update process? I know 3.0 has a "purge" option on the windows version -- is the answer dependent on the use of purge? i.e.: User never purges, therefore, retracted plugins stay on the system, and the update merges/adds new plugins, but doesn't remove old ones, so dcshop would still exist... Any explanation to help clarify that process is appreciated so I can fully understand the processes which might allow the vendor to be using a plugin pulled 2 years ago.... Thx, Mike Vasquez "George A. Theall" <[EMAIL PROTECTED]> Sent by: [EMAIL PROTECTED] 03/16/2007 10:03 AM To [email protected] cc Subject Re: DCShop Plugin On 03/16/07 12:13, [EMAIL PROTECTED] wrote: > I'm trying to track down some information regarding a DCShop > vulnerability to attempt to resolve the source of a false positive I'm > seeing. > > A 3rd party scan returned this result: ... > I have a Nessus 3.0 install on a windows server. By third-party, you mean this wasn't from your Nessus 3 install? > Googling found: > http://mail.nessus.org/pipermail/nessus-cvs/2003-April/msg00131.html - > "dcshop_information_disclosure.nasl" ... > So, is this an older / retired / bad plugin? It was removed back in 2005 at the author's request. If this was done by a third-party, you may want to check with them to ensure they were using an up-to-date set of plugins and Nessus install. George -- [EMAIL PROTECTED] _______________________________________________ Nessus mailing list [email protected] http://mail.nessus.org/mailman/listinfo/nessus
_______________________________________________ Nessus mailing list [email protected] http://mail.nessus.org/mailman/listinfo/nessus
