Doug,
I will checkout a copy of the SVN file and test the probe
in my environment on Monday.
doug_at_hcsw.org wrote:
>
> Thanks a lot for creating a probe! As you probably saw from the
> OfficeScan comment, I've noticed problems with this service too:
>
> # This is here for NULL probe cheat since several probes unpredictably trigger it -Doug
>
> I just checked in the following probe to SVN:
>
> Probe TCP OfficeScan q|GET /?CAVIT HTTP/1.1\r\n\r\n|
> rarity 9
> ports 12345
OfficeScan 6.x and 7.x listen on port 12345 so the probe should detect them.
OfficeScan 8.x uses a random port on the client. What are the benefits of
limiting the fingerprint to port 12345?
> match http m|^HTTP/1.0 \d\d\d .*\r\nServer: OfficeScan Client| p/Trend Micro OfficeScan Antivirus http config/
>
The match line is more flexible than the one I submitted and should
work fine.
> Does this work for you? I deleted the match line in the GetRequest
> probe but left it in the NULL probe in case we get it on a fallback.
Thanks much,
Tom
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org
Received on Dec 30 2007
Intro
