OpenVAS release 2.0.0 available
OpenVAS stands for Open Vulnerability Assessment System and is a network security scanner with associated tools like a graphical user fontend. The core is a server component with a set of plugins to test various vulnerabilities in remote systems and applications.
The main changes
- Initial OVAL Support: OpenVAS 2.0.0 introduces preliminary support for OVAL, the Open Vulnerability and Assessment Language. OVAL is an international, information security, community standard to promote open, standardized and publicly available security content. The OpenVAS server can now execute OVAL files just like its own Network Vulnerability Tests (NVTs) using the OVAL definitions interpreter "ovaldi". While the plain ovaldi tool can only check local systems where it is installed, the combination with OpenVAS enables ovaldi to test any target system for which OpenVAS has collected information. OpenVAS 2.0.0 includes readily available support for Red Hat Enterprise Linux security announcements as published in OVAL format. OVAL support will expand to further platforms.
- OpenVAS Transfer Protocol (OTP): A comprehensive audit of the Nessus Transfer Protocol (NTP) resulted in numerous improvements and fixes and lead to the OpenVAS Transfer Protocol (OTP). Since NTP support was dropped entirely, the 1.0 and 2.0 series of OpenVAS Server and Client can not operate in mixed mode.
- Object Identifiers (OIDs): In order to make identifying individual NVTs easier, OpenVAS adopted an OID-based numbering scheme for NVTs. OIDs in OpenVAS will start with the prefix 18.104.22.168.4.1.25623, backward compatibility in server and client has been ensured.
- 64-bit Support: Intensive work on 64-bit cleanliness has been undertaken. OpenVAS 2.0.0 is expected be fully 64-bit compatible.
- Improved GUI Client: The OpenVAS-Client has seen a number of improvements and is now able to display NVT signature information in the GUI and in the various reports. Reporting has been improved as well as localization for various languages (best support in this order: German, Spanish/French, Swedish, Hebrew, Croatian).
- Bugfixes: Any spotted bugs have been fixed. Please refer to the CHANGES files supplied with the individual modules for details.
- Code Audit: A large amount of outdated or unused code has been identified and removed or replaced.