About

OpenVAS
Constitution
OpenVAS-Server
OpenVAS-Client
OpenVAS NVT Feed

Information/Howto's

Integrated tools
Security info sources
NVT creation process
Trusted NVTs
Local Security Checks
NVT Feed Services
OpenVAS Compendium (en)
OpenVAS Compendium (de)

Support

Mailinglist Discussion:
Archive | Subscribe
Mailinglist Announcements:
Archive | Subscribe

Online Chat

Professional Services

Developers Corner

Development Platform
Code quality
Change requests
Internal Architecture
Assigning OIDs for NVTS

Mailinglist Development:
Archive | Subscribe
Mailinglist Writing NVTs:
Archive | Subscribe
Mailinglist Packaging/Distributing:
Archive | Subscribe
Mailinglist Source Code Commits:
Archive | Subscribe

Download

Client:
OpenVAS-Client 1.0.4

Server components:
openvas-libraries 1.0.2
openvas-libnasl 1.0.1
openvas-server 1.0.2
openvas-plugins 1.0.4

Documentation:
OpenVAS Compendium 1.0-rc2
PDF (en)
PDF (de)

OpenVAS 2.0 BETA:
openvas-libraries 2.0-beta2
openvas-libnasl 2.0-beta2
openvas-server 2.0-beta2
openvas-client 2.0-beta2
openvas-plugins: Use openvas-plugins 1.0.4

NVT Lookup by OID

(replace 61039 by any other old-style ID)

OpenVAS Change Request #15: OpenVAS Server: Remove features for detached scans

Status: Voted +4. Implemented with SVN 1118 in openvas-server 1.1 series. Needs testing.

Purpose

To reduce and cleanup code base of OpenVAS Server.

To remove a broken design.

References

OpenVAS Change Request #12: Replace NTP with OTP: The present Change Request would add to #12, because additional changes to OTP are proposed.

Rationale

"Detached Scans" is a feature inherited from Nessus that offers to have the server manage scans without permanent connection to the client and to have server-side storage of results. It seems that no client supported this feature fully, at least the (half-implemented) support was removed/deprecated from the client already in the Nessus times.

The present version of OpenVAS Server appears to not write any results of a detached scan nor does it deliver any session IDs when asked. So, at least the current implementation is at least buggy anyway.

In fact, this idea of detached scans is regarded a broken design. The actual scan server should not care about caching results and implementing a complex protocol to manage things stored on server side.

This is rather to be implemented by a tier of its own as a manangement layer e.g. as a web application or even a more low level service. After all it should be a code base of its own and would act as a OpenVAS client running with less system rights (no root rights required). However, this change request is not about implementing the management unit, but about getting this feature out of the actual server.

Effects

Any client implementations that indeed uses this feature will not work anymore (none known so far).

The OpenVAS server itself will not allow for continous scans anymore.

The command line version of OpenVAS-Client will not anymore offer the respective commands line option for detached scans.

The changes will reduce the number of commands of the client-server protocol and need to be considered for the upcoming OTP 1.0 protocol.

Design and Implementation

This change would be integrated into the upcoming OTP 1.0 protocol and remove the commands DETACHED_SESSIONS_LIST and DETACHED_STOP and the preferences detached_scan, continuous_scan, delay_between_scan_loops, and detached_scan_email_address.

It does make sense to have this change only be applied to new major release series openvas-server 1.1.

Apart from the protocol changes, there are also many code cleanups to do (removal of the handling for detached scans) in both server and client, but not yet listed here in detail.

History