OpenVAS, the New Open Source Vulnerability Scanner

Linux Security : OpenVAS, the New Open Source Vulnerability Scanner

Posted by Max on 2010/1/19 15:53:17 (1471 reads)

On December 18th, 2009, the OpenVAS developer team released OpenVAS 3.0.0. The release introduces new features and a new architecture which forms the basis for turning the vulnerability scanner into a vulnerability management solution.

The GPL-licensed Open Vulnerability Assessment System (OpenVAS) has become the Open Source Network Vulnerability Scanner. It is complemented with the largest open collection of vulnerability tests, the daily updated OpenVAS NVT Feed with over 15,500 Network Vulnerability Tests (NVTs).

Exactly 1 year after version 2.0.0 was released, the new 3.0 generation introduces:

    * A new internal architecture of the modules
    * NVT Meta Information that is free of arbitrary size limits
    * IPv6 support
    * WMI clients support
    * Supports upcoming optional extensions:
          o OpenVAS Manager for storing and organizing scans on a central server in a SQL database
          o OpenVAS Administrator for User-, Feed- and Settings-Management
          o Greenbone Security Assistent for a web-based Vulnerability Management

Compatibility:
The new OpenVAS Scanner remains compatible with the OpenVAS NVT Feed as well as with the Greenbone Security Feed. Also, it is possible to use the new OpenVAS Scanner with the OpenVAS-Client 2.0. OpenVAS Client 3.0 can connect to both OpenVAS Scanner 3.0 and OpenVAS Server 2.0 concurrently, and even to OpenVAS Manager via the new OpenVAS Management Protocol (OMP).

New Module Architecture:
OpenVAS 3.0 introduces a new architecture where openvas-libraries now includes openvas-libnasl as well as redundant code from openvas-client. The module openvas-server has been renamed to openvas-scanner and includes any platform-dependent elements of openvas-plugins. As a result of this, the total number of source code lines decreased, though new features were added. Also, for running just the core scanner only 2 modules are required (instead of 4 as is the case for OpenVAS 2.0).

Maintenance:
Version 3.0 will be maintained by the OpenVAS team for at least 2 years and the maintenance of Version 2.0 will continue for at least one year. Version 1.0 is being retired in January 2010.

Downloads:
All download links for OpenVAS 3.0.0 and additional information can be found on the OpenVAS website. OpenVAS 3.0.0 has been released initially as a source code package; binary packages for various distributions are expected to follow.

The OpenVAS team would like to thank everybody who has contributed to this release. We have worked hard to bring you a reliable network security scanner. If you have any questions or suggestions, please feel free to use the public mailing list and our online chat. Please use the OpenVAS bug tracker to report bugs.

Previous article - Next article

Other articles
2010/9/1 14:59:07 - New Acunetix Web Vulnerability Scanner 7 Released !
2010/8/26 4:31:23 - Latest Panda Security Survey
2010/8/25 17:11:47 - NEW August 2010 Symantec MessageLabs Intelligence Report
2010/8/25 17:04:12 - GFI VIPRE Antivirus Earns Gold Level OESIS OK Certification
2010/8/25 16:59:22 - NEW IBM X-Force H1 2010 Report On Global Security
2010/8/24 7:58:12 - Identity Finder Offers Free Identity Protection for College Students
2010/8/24 7:55:18 - ESET NOD32 Antivirus Confident on Southern Africa Security Market
2010/8/24 7:51:10 - Returnil Virtual System Receives Virus Bulletin's VB100 Award
2010/8/24 7:46:57 - SharperLending’s Appraisal Firewall Technology Keeps Appraisers Independent and Lenders Compliant
2010/8/19 11:01:51 - Avalanche Group Phishing Attacks Decrease in Q2 2010 in Favour of Malware Attacks

The comments are owned by the poster. We aren't responsible for their content.