Hello! We had small discussion on IRC regarding OpenVAS plugin standardization report. There's lot of plugins which report on nothing found (like: Clamav not found or SSH login not possible) and ones which report only on vulnerability.
My suggestion is to have plugin report on vulnerability/notice only. Only if user selected verbose report, report would contain why some plugin failed/did not find vulnerability or some exception... Good example is clamav vulnerability which reports in general/ClamAV. I already moved such option in general/ClamAV few days ago on SVN. So, you can check - if normal level of report is selected, it will report on vulnerability. If verbose report is selected, then it will report the string "Clamav not found or SSH login is not possible" (which was reported by default in normal report before). I think it is important to be consistent especially if we're having contest (that we don't end up with unconsistent plugins). It is good to have good examples for future plugin writers as most of them are writting by example (including me). We can change the plugins as we agree on this mailing list. If we agree on this list, I'll take the tasks to: - to change "misbehaved" plugins how we agree on the list - to write NASL style guide in documentation I'll have some time over weekend to work on that, so let me know what you think about it. Kost _______________________________________________ Openvas-devel mailing list Openvas-devel@wald.intevation.org http://lists.wald.intevation.org/mailman/listinfo/openvas-devel
