OpenVAS Knowledge Base become smaller

At 23 January Jan Oliver Wagner, leader of OpenVAS project and Greenbone CEO, sent an email with a subject “Attic Cleanup”. In this message, he mentioned, that some NASL plugins will be excluded from the public NVT / Greenbone Community Feed (GCF) soon.

On the one hand it seems logical. These old plugins are not often used, but can slow down the scanner. But in fact there will be less plugins in public NVT feed. And the the commercial Greenbone Security Feed (GSF) will not change. Not good. 😉

“However, we will keep those NVTs in the Greenbone Security Feed (GSF) for the reasons of policy and of service level agreement.”

I took the archives downloaded within a few months after the letter and analyzed which plugins were added and removed:

  • tar -xf community-nvt-feed-current.tar -C 230118/
  • tar -jxf community-nvt-feed-current-2.tar.bz2 –directory 150218/
  • tar -jxf community-nvt-feed-current-3.tar.bz2 –directory 230318/

OpenVAS Plugins Deleted from community feed

The overall amount of plugins changed from 57502 to current 53383.

Year of removed plugins:

Years of Deleted OpenVAS Plugins

I took the date from folder name where the plugin were stored, In 2008 folder there were even more older plugin were, do not take it literally.

For which systems these plugins were:

Types of Deleted OpenVAS

It really looks like removing generated plugins for some older versions of Linux distributions. Such generated plugins you can get from Vulners. 😉

And still, I don’t think it’s a good idea to delete such plugins. I believe that if you find a host with old Operation System installed it makes sense not only to say that OS is no longer supported (and thus vulnerable), but also what exploitable vulnerabilities this host has. If these plugins make scan slower, it’s the problem of the scanner processes optimization, isn’t it?

Leave a Reply

Your email address will not be published. Required fields are marked *