This script try to detect which smtp is running on host by studying the banner it receive from the server, and it warn about this information gives attacker additional information.
first, it try to match the banner with different common smtp server, and if no one match at the end it write the security_note with the banner got during test. my trouble is that it never test case of banner giving 'None information' To my mind, the following banner '220 example.com ESMTP\r\n' should not appear in security_note but should exit(0) as it give no information on the running smtp server -- | Sébastien AUCOUTURIER | Software Design Engineer Lead | | ITrust | 55 rue l'Occitane BP 67303 31673 LABEGE CEDEX | Email: [email protected] | Fixe Sdt. 05.67.34.67.80 | Fax. 09.80.08.37.23 | IT Security Services & SaaS Editor | _______________________________________________ Openvas-plugins mailing list [email protected] http://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-plugins
