OpenVAS Knowledge Base become smaller. At 23 January Jan Oliver Wagner, leader of OpenVAS project and Greenbone CEO, sent an email with a subject “Attic Cleanup”. In this message, he mentioned, that some NASL plugins will be excluded from the public NVT / Greenbone Community Feed (GCF) soon.
On the one hand it seems logical. These old plugins are not often used, but can slow down the scanner. But in fact there will be less plugins in public NVT feed. And the the commercial Greenbone Security Feed (GSF) will not change. Not good. 😉
“However, we will keep those NVTs in the Greenbone Security Feed (GSF) for the reasons of policy and of service level agreement.”
I took the archives downloaded within a few months after the letter and analyzed which plugins were added and removed:
- tar -xf community-nvt-feed-current.tar -C 230118/
- tar -jxf community-nvt-feed-current-2.tar.bz2 –directory 150218/
- tar -jxf community-nvt-feed-current-3.tar.bz2 –directory 230318/
The overall amount of plugins changed from 57502 to current 53383.
Year of removed plugins:
I took the date from folder name where the plugin were stored, In 2008 folder there were even more older plugin were, do not take it literally.
For which systems these plugins were:
It really looks like removing generated plugins for some older versions of Linux distributions. Such generated plugins you can get from Vulners. 😉
And still, I don’t think it’s a good idea to delete such plugins. I believe that if you find a host with old Operation System installed it makes sense not only to say that OS is no longer supported (and thus vulnerable), but also what exploitable vulnerabilities this host has. If these plugins make scan slower, it’s the problem of the scanner processes optimization, isn’t it?
Hi! My name is Alexander and I am a Vulnerability Management specialist. You can read more about me here. Currently, the best way to follow me is my Telegram channel @avleonovcom. I update it more often than this site. If you haven’t used Telegram yet, give it a try. It’s great. You can discuss my posts or ask questions at @avleonovchat.
А всех русскоязычных я приглашаю в ещё один телеграмм канал @avleonovrus, первым делом теперь пишу туда.