recog 0.01

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (75) hide show
  1. data/.gitignore +3 -0
  2. data/.rspec +2 -0
  3. data/Gemfile +9 -0
  4. data/Gemfile.lock +42 -0
  5. data/LICENSE +23 -0
  6. data/README.md +63 -0
  7. data/bin/recog_export.rb +81 -0
  8. data/bin/recog_match.rb +51 -0
  9. data/bin/recog_verify.rb +45 -0
  10. data/features/match.feature +16 -0
  11. data/features/support/env.rb +5 -0
  12. data/features/verify.feature +31 -0
  13. data/features/xml/banners.xml +2 -0
  14. data/features/xml/failing_banners_fingerprints.xml +20 -0
  15. data/features/xml/matching_banners_fingerprints.xml +22 -0
  16. data/features/xml/no_tests.xml +53 -0
  17. data/features/xml/successful_tests.xml +33 -0
  18. data/features/xml/tests_with_failures.xml +10 -0
  19. data/features/xml/tests_with_warnings.xml +10 -0
  20. data/lib/recog.rb +3 -0
  21. data/lib/recog/db.rb +38 -0
  22. data/lib/recog/db_manager.rb +27 -0
  23. data/lib/recog/fingerprint.rb +60 -0
  24. data/lib/recog/formatter.rb +51 -0
  25. data/lib/recog/match_reporter.rb +77 -0
  26. data/lib/recog/matcher.rb +60 -0
  27. data/lib/recog/matcher_factory.rb +14 -0
  28. data/lib/recog/nizer.rb +263 -0
  29. data/lib/recog/verifier.rb +46 -0
  30. data/lib/recog/verifier_factory.rb +13 -0
  31. data/lib/recog/verify_reporter.rb +85 -0
  32. data/lib/recog/version.rb +3 -0
  33. data/recog.gemspec +34 -0
  34. data/spec/data/best_os_match_1.yml +17 -0
  35. data/spec/data/best_os_match_2.yml +17 -0
  36. data/spec/data/best_service_match_1.yml +17 -0
  37. data/spec/data/smb_native_os.txt +31 -0
  38. data/spec/data/test_fingerprints.xml +24 -0
  39. data/spec/lib/db_spec.rb +89 -0
  40. data/spec/lib/formatter_spec.rb +69 -0
  41. data/spec/lib/match_reporter_spec.rb +90 -0
  42. data/spec/lib/nizer_spec.rb +124 -0
  43. data/spec/lib/verify_reporter_spec.rb +112 -0
  44. data/xml/apache_os.xml +295 -0
  45. data/xml/architecture.xml +45 -0
  46. data/xml/ftp_banners.xml +808 -0
  47. data/xml/h323_callresp.xml +701 -0
  48. data/xml/hp_pjl_id.xml +435 -0
  49. data/xml/http_cookies.xml +379 -0
  50. data/xml/http_servers.xml +3326 -0
  51. data/xml/http_wwwauth.xml +412 -0
  52. data/xml/imap_banners.xml +267 -0
  53. data/xml/nntp_banners.xml +51 -0
  54. data/xml/ntp_banners.xml +538 -0
  55. data/xml/pop_banners.xml +452 -0
  56. data/xml/rsh_resp.xml +90 -0
  57. data/xml/sip_banners.xml +14 -0
  58. data/xml/smb_native_os.xml +385 -0
  59. data/xml/smtp_banners.xml +1738 -0
  60. data/xml/smtp_debug.xml +45 -0
  61. data/xml/smtp_ehlo.xml +53 -0
  62. data/xml/smtp_expn.xml +95 -0
  63. data/xml/smtp_help.xml +212 -0
  64. data/xml/smtp_mailfrom.xml +24 -0
  65. data/xml/smtp_noop.xml +45 -0
  66. data/xml/smtp_quit.xml +31 -0
  67. data/xml/smtp_rcptto.xml +33 -0
  68. data/xml/smtp_rset.xml +23 -0
  69. data/xml/smtp_turn.xml +23 -0
  70. data/xml/smtp_vrfy.xml +109 -0
  71. data/xml/snmp_sysdescr.xml +8008 -0
  72. data/xml/snmp_sysobjid.xml +284 -0
  73. data/xml/ssh_banners.xml +790 -0
  74. data/xml/upnp_banners.xml +590 -0
  75. metadata +190 -0
@@ -0,0 +1,14 @@
1
+ <?xml version="1.0"?>
2
+ <!--
3
+ SIP Server header values are matched against these patterns to fingerprint SIP devices.
4
+ -->
5
+
6
+ <fingerprint matches="sip_header.server">
7
+ <fingerprint pattern="^Cisco-SIPGateway/IOS-([\d\.x]+)$">
8
+ <description>Cisco SIPGateway</description>
9
+ <example>Cisco-SIPGateway/IOS-12.x</example>
10
+ <param pos="0" name="os.vendor" value="Cisco"/>
11
+ <param pos="0" name="os.product" value="IOS"/>
12
+ <param pos="1" name="os.version"/>
13
+ </fingerprint>
14
+ </fingerprints>
@@ -0,0 +1,385 @@
1
+ <?xml version="1.0"?>
2
+
3
+ <!--
4
+ SMB Native OS Fingerprints
5
+ -->
6
+
7
+ <fingerprints matches="smb.native_os">
8
+
9
+ <fingerprint pattern="^(Windows NT \d\.\d+)$">
10
+ <description>Windows NT</description>
11
+ <example>Windows NT 4.0</example>
12
+ <param pos="0" name="os.certainty" value="1.0"/>
13
+ <param pos="0" name="os.vendor" value="Microsoft"/>
14
+ <param pos="1" name="os.product"/>
15
+ </fingerprint>
16
+
17
+ <fingerprint pattern="^(Windows (95|98|ME))$">
18
+ <description>Windows 95/98/ME</description>
19
+ <example>Windows 95</example>
20
+ <example>Windows 98</example>
21
+ <param pos="0" name="os.certainty" value="1.0"/>
22
+ <param pos="0" name="os.vendor" value="Microsoft"/>
23
+ <param pos="1" name="os.product"/>
24
+ </fingerprint>
25
+
26
+ <fingerprint pattern="^Windows 5\.0$">
27
+ <description>Windows 2000</description>
28
+ <example>Windows 5.0</example>
29
+ <param pos="0" name="os.certainty" value="1.0"/>
30
+ <param pos="0" name="os.vendor" value="Microsoft"/>
31
+ <param pos="0" name="os.product" value="Windows 2000"/>
32
+ </fingerprint>
33
+
34
+ <fingerprint pattern="^Windows 5\.1$">
35
+ <description>Windows XP</description>
36
+ <example>Windows 5.1</example>
37
+ <param pos="0" name="os.certainty" value="1.0"/>
38
+ <param pos="0" name="os.vendor" value="Microsoft"/>
39
+ <param pos="0" name="os.product" value="Windows XP"/>
40
+ </fingerprint>
41
+
42
+ <fingerprint pattern="^Windows XP (\d+) (Service Pack \d+)$">
43
+ <description>Windows XP</description>
44
+ <example>Windows XP 2600 Service Pack 1</example>
45
+ <param pos="0" name="os.certainty" value="1.0"/>
46
+ <param pos="0" name="os.vendor" value="Microsoft"/>
47
+ <param pos="0" name="os.product" value="Windows XP"/>
48
+ <param pos="1" name="os.build"/>
49
+ <param pos="2" name="os.version"/>
50
+ </fingerprint>
51
+
52
+ <fingerprint pattern="^Windows XP (\d+)$">
53
+ <description>Windows XP</description>
54
+ <example>Windows XP 2600</example>
55
+ <param pos="0" name="os.certainty" value="1.0"/>
56
+ <param pos="0" name="os.vendor" value="Microsoft"/>
57
+ <param pos="0" name="os.product" value="Windows XP"/>
58
+ <param pos="1" name="os.build"/>
59
+ </fingerprint>
60
+
61
+ <fingerprint pattern="^Windows \.NET">
62
+ <description>Windows Server 2003 Beta</description>
63
+ <param pos="0" name="os.certainty" value="1.0"/>
64
+ <param pos="0" name="os.vendor" value="Microsoft"/>
65
+ <param pos="0" name="os.product" value="Windows Server 2003"/>
66
+ <param pos="0" name="os.version" value="Beta"/>
67
+ </fingerprint>
68
+
69
+ <fingerprint pattern="^Windows Server 2003 R2 (\d+)$">
70
+ <description>Windows Server 2003 R2</description>
71
+ <param pos="0" name="os.certainty" value="1.0"/>
72
+ <param pos="0" name="os.vendor" value="Microsoft"/>
73
+ <param pos="0" name="os.product" value="Windows Server 2003 R2"/>
74
+ <param pos="1" name="os.build"/>
75
+ </fingerprint>
76
+
77
+ <fingerprint pattern="^Windows Server 2003 R2 (\d+) (Service Pack \d+)$">
78
+ <description>Windows Server 2003 R2 (SP)</description>
79
+ <example>Windows Server 2003 R2 3790 Service Pack 2</example>
80
+ <param pos="0" name="os.certainty" value="1.0"/>
81
+ <param pos="0" name="os.vendor" value="Microsoft"/>
82
+ <param pos="0" name="os.product" value="Windows Server 2003 R2"/>
83
+ <param pos="1" name="os.build"/>
84
+ <param pos="2" name="os.version"/>
85
+ </fingerprint>
86
+
87
+ <fingerprint pattern="^Windows Server 2003 (\d+)$">
88
+ <description>Windows Server 2003</description>
89
+ <example>Windows Server 2003 3790</example>
90
+ <param pos="0" name="os.certainty" value="1.0"/>
91
+ <param pos="0" name="os.vendor" value="Microsoft"/>
92
+ <param pos="0" name="os.product" value="Windows Server 2003"/>
93
+ <param pos="1" name="os.build"/>
94
+ </fingerprint>
95
+
96
+ <fingerprint pattern="^Windows Server 2003 (\d+) (Service Pack \d+)$">
97
+ <description>Windows Server 2003 (SP)</description>
98
+ <example>Windows Server 2003 3790 Service Pack 1</example>
99
+ <example>Windows Server 2003 3790 Service Pack 2</example>
100
+ <param pos="0" name="os.certainty" value="1.0"/>
101
+ <param pos="0" name="os.vendor" value="Microsoft"/>
102
+ <param pos="0" name="os.product" value="Windows Server 2003"/>
103
+ <param pos="1" name="os.build"/>
104
+ <param pos="2" name="os.version"/>
105
+ </fingerprint>
106
+
107
+ <!-- Note that 2008 SP1 is technically "2008 Gold" according to Microsoft -->
108
+ <fingerprint pattern="^Windows Server \(R\) 2008 (\w+|\w+ \w+|\w+ \w+ \w+)(?: (?:with|without) Hyper-V|) (\d+) (Service Pack \d+)$">
109
+ <description>Windows Server 2008</description>
110
+ <example>Windows Server (R) 2008 Enterprise without Hyper-V 6001 Service Pack 1</example>
111
+ <example>Windows Server (R) 2008 Enterprise 6002 Service Pack 2</example>
112
+ <param pos="0" name="os.certainty" value="1.0"/>
113
+ <param pos="0" name="os.vendor" value="Microsoft"/>
114
+ <param pos="0" name="os.product" value="Windows Server 2008"/>
115
+ <param pos="1" name="os.edition"/>
116
+ <param pos="2" name="os.build"/>
117
+ <param pos="3" name="os.version"/>
118
+ </fingerprint>
119
+
120
+ <fingerprint pattern="^Windows \(R\) Web Server 2008 (\d+) (Service Pack \d+)$">
121
+ <description>Windows Web Server 2008 (SP)</description>
122
+ <example>Windows (R) Web Server 2008 6002 Service Pack 2</example>
123
+ <param pos="0" name="os.certainty" value="1.0"/>
124
+ <param pos="0" name="os.vendor" value="Microsoft"/>
125
+ <param pos="0" name="os.product" value="Windows Server 2008"/>
126
+ <param pos="0" name="os.edition" value="Web"/>
127
+ <param pos="1" name="os.build"/>
128
+ <param pos="2" name="os.version"/>
129
+ </fingerprint>
130
+
131
+ <fingerprint pattern="^Windows \(R\) Web Server 2008 (\d+)$">
132
+ <description>Windows Web Server 2008</description>
133
+ <example>Windows (R) Web Server 2008 6002</example>
134
+ <param pos="0" name="os.certainty" value="1.0"/>
135
+ <param pos="0" name="os.vendor" value="Microsoft"/>
136
+ <param pos="0" name="os.product" value="Windows Server 2008"/>
137
+ <param pos="0" name="os.edition" value="Web"/>
138
+ <param pos="1" name="os.build"/>
139
+ </fingerprint>
140
+
141
+ <!-- TODO: Need an example string -->
142
+ <fingerprint pattern="^Windows \(R\) Storage Server 2008 (\w+|\w+ \w+|\w+ \w+ \w+) (\d+) (Service Pack \d+)$">
143
+ <description>Windows Server 2008 Storage (SP)</description>
144
+ <param pos="0" name="os.certainty" value="1.0"/>
145
+ <param pos="0" name="os.vendor" value="Microsoft"/>
146
+ <param pos="0" name="os.product" value="Windows Server 2008"/>
147
+ <param pos="0" name="os.edition" value="Storage"/>
148
+ <param pos="3" name="os.build"/>
149
+ <param pos="4" name="os.version"/>
150
+ </fingerprint>
151
+
152
+ <!-- TODO: Need an example string -->
153
+ <fingerprint pattern="^Windows \(R\) Storage Server 2008 (\w+|\w+ \w+|\w+ \w+ \w+) (\d+)$">
154
+ <description>Windows Web Server 2008 Storage</description>
155
+ <param pos="0" name="os.certainty" value="1.0"/>
156
+ <param pos="0" name="os.vendor" value="Microsoft"/>
157
+ <param pos="0" name="os.product" value="Windows Server 2008"/>
158
+ <param pos="0" name="os.edition" value="Storage"/>
159
+ <param pos="3" name="os.build"/>
160
+ </fingerprint>
161
+
162
+ <fingerprint pattern="^Windows Server 2008 HPC Edition (\d+) (Service Pack \d+)$">
163
+ <description>Windows Server 2008 HPC</description>
164
+ <example>Windows Server 2008 HPC Edition 7601 Service Pack 1</example>
165
+ <param pos="0" name="os.certainty" value="1.0"/>
166
+ <param pos="0" name="os.vendor" value="Microsoft"/>
167
+ <param pos="0" name="os.product" value="Windows Server 2008"/>
168
+ <param pos="0" name="os.edition" value="HPC"/>
169
+ <param pos="1" name="os.build"/>
170
+ <param pos="2" name="os.version"/>
171
+ </fingerprint>
172
+
173
+ <!-- TODO: Need an example string -->
174
+ <fingerprint pattern="^Windows Server 2008 HPC Edition (\d+)$">
175
+ <description>Windows Web Server 2008 HPC</description>
176
+ <example>Windows Server 2008 HPC Edition 7600</example>
177
+ <param pos="0" name="os.certainty" value="1.0"/>
178
+ <param pos="0" name="os.vendor" value="Microsoft"/>
179
+ <param pos="0" name="os.product" value="Windows Server 2008"/>
180
+ <param pos="0" name="os.edition" value="HPC"/>
181
+ <param pos="1" name="os.build"/>
182
+ </fingerprint>
183
+
184
+ <!-- 2008 R2 -->
185
+
186
+ <fingerprint pattern="^Windows Server 2008 R2 (\w+|\w+ \w+|\w+ \w+ \w+) (\d+) (Service Pack \d+)$">
187
+ <description>Windows Server 2008</description>
188
+ <example>Windows Server 2008 R2 Enterprise 7601 Service Pack 1</example>
189
+ <example>Windows Server 2008 R2 Standard 7601 Service Pack 1</example>
190
+ <param pos="0" name="os.certainty" value="1.0"/>
191
+ <param pos="0" name="os.vendor" value="Microsoft"/>
192
+ <param pos="0" name="os.product" value="Windows Server 2008 R2"/>
193
+ <param pos="1" name="os.edition"/>
194
+ <param pos="2" name="os.build"/>
195
+ <param pos="3" name="os.version"/>
196
+ </fingerprint>
197
+
198
+ <fingerprint pattern="^Windows Server 2008 R2 (\w+|\w+ \w+|\w+ \w+ \w+) (\d+)$">
199
+ <description>Windows Server 2008 R2</description>
200
+ <example>Windows Server 2008 R2 Enterprise 7600</example>
201
+ <example>Windows Server 2008 R2 Standard 7600</example>
202
+ <example>Windows Server 2008 R2 Datacenter 7600</example>
203
+ <param pos="0" name="os.certainty" value="1.0"/>
204
+ <param pos="0" name="os.vendor" value="Microsoft"/>
205
+ <param pos="0" name="os.product" value="Windows Server 2008 R2"/>
206
+ <param pos="1" name="os.edition"/>
207
+ <param pos="2" name="os.build"/>
208
+ </fingerprint>
209
+
210
+ <fingerprint pattern="^Windows Web Server 2008 R2 (\d+) (Service Pack \d+)$">
211
+ <description>Windows Server 2008 R2 Web</description>
212
+ <example>Windows Web Server 2008 R2 7601 Service Pack 1</example>
213
+ <param pos="0" name="os.certainty" value="1.0"/>
214
+ <param pos="0" name="os.vendor" value="Microsoft"/>
215
+ <param pos="0" name="os.product" value="Windows Server 2008 R2"/>
216
+ <param pos="0" name="os.edition" value="Web"/>
217
+ <param pos="1" name="os.build"/>
218
+ <param pos="2" name="os.version"/>
219
+ </fingerprint>
220
+
221
+ <fingerprint pattern="^Windows Web Server 2008 R2 (\d+)$">
222
+ <description>Windows Web Server 2008 R2 Web</description>
223
+ <example>Windows Web Server 2008 R2 7600</example>
224
+ <param pos="0" name="os.certainty" value="1.0"/>
225
+ <param pos="0" name="os.vendor" value="Microsoft"/>
226
+ <param pos="0" name="os.product" value="Windows Server 2008 R2"/>
227
+ <param pos="0" name="os.edition" value="Web"/>
228
+ <param pos="1" name="os.build"/>
229
+ </fingerprint>
230
+
231
+ <fingerprint pattern="^Windows Vista \(TM\) (\w+|\w+ \w+|\w+ \w+ \w+) (\d+) (Service Pack \d+)$">
232
+ <description>Windows Vista (SP)</description>
233
+ <example>Windows Vista (TM) Home Premium 6002 Service Pack 2</example>
234
+ <param pos="0" name="os.certainty" value="1.0"/>
235
+ <param pos="0" name="os.vendor" value="Microsoft"/>
236
+ <param pos="0" name="os.product" value="Windows Vista"/>
237
+ <param pos="1" name="os.edition"/>
238
+ <param pos="2" name="os.build"/>
239
+ <param pos="3" name="os.version"/>
240
+ </fingerprint>
241
+
242
+ <fingerprint pattern="^Windows Vista \(TM\) (\w+|\w+ \w+|\w+ \w+ \w+) (\d+)$">
243
+ <description>Windows Vista</description>
244
+ <example>Windows Vista (TM) Home Premium 6000</example>
245
+ <param pos="0" name="os.certainty" value="1.0"/>
246
+ <param pos="0" name="os.vendor" value="Microsoft"/>
247
+ <param pos="0" name="os.product" value="Windows Vista"/>
248
+ <param pos="1" name="os.edition"/>
249
+ <param pos="2" name="os.build"/>
250
+ </fingerprint>
251
+
252
+
253
+ <fingerprint pattern="^(Windows (?:7|8|8\.1)(?:| RT)) (\w+|\w+ \w+|\w+ \w+ \w+) (\d+) (Service Pack \d+)$">
254
+ <description>Windows 7/8 (SP + Edition)</description>
255
+ <example>Windows 7 Enterprise 7601 Service Pack 1</example>
256
+ <example>Windows 7 Starter 7601 Service Pack 1</example>
257
+ <param pos="0" name="os.certainty" value="1.0"/>
258
+ <param pos="0" name="os.vendor" value="Microsoft"/>
259
+ <param pos="1" name="os.product"/>
260
+ <param pos="2" name="os.edition"/>
261
+ <param pos="3" name="os.build"/>
262
+ <param pos="4" name="os.version"/>
263
+ </fingerprint>
264
+
265
+ <fingerprint pattern="^(Windows (?:7|8|8\.1)(?:| RT)) (\w+|\w+ \w+|\w+ \w+ \w+) (\d+)$">
266
+ <description>Windows 7/8 (Edition)</description>
267
+ <example>Windows 7 Enterprise 7600</example>
268
+ <example>Windows 8.1 Enterprise 9600</example>
269
+ <example>Windows 8 Enterprise 9200</example>
270
+ <param pos="0" name="os.certainty" value="1.0"/>
271
+ <param pos="0" name="os.vendor" value="Microsoft"/>
272
+ <param pos="1" name="os.product"/>
273
+ <param pos="2" name="os.edition"/>
274
+ <param pos="3" name="os.build"/>
275
+ </fingerprint>
276
+
277
+ <fingerprint pattern="^(Windows (?:7|8|8\.1)(?:| RT)) (\d+) (Service Pack \d+)$">
278
+ <description>Windows 7/8 (SP)</description>
279
+ <example>Windows 7 7601 Service Pack 1</example>
280
+ <param pos="0" name="os.certainty" value="1.0"/>
281
+ <param pos="0" name="os.vendor" value="Microsoft"/>
282
+ <param pos="1" name="os.product"/>
283
+ <param pos="2" name="os.build"/>
284
+ <param pos="3" name="os.version"/>
285
+ </fingerprint>
286
+
287
+ <fingerprint pattern="^(Windows (?:7|8|8\.1)(?:| RT)) (\d+)$">
288
+ <description>Windows 7/8</description>
289
+ <example>Windows 8 9200</example>
290
+ <param pos="0" name="os.certainty" value="1.0"/>
291
+ <param pos="0" name="os.vendor" value="Microsoft"/>
292
+ <param pos="1" name="os.product"/>
293
+ <param pos="2" name="os.build"/>
294
+ </fingerprint>
295
+
296
+ <!-- Windows 2012 R2 matches go first to simplify the regular expressions -->
297
+
298
+ <!-- TODO: Need an example string -->
299
+ <fingerprint pattern="^Windows Server 2012 R2 (\w+|\w+ \w+|\w+ \w+ \w+) (\d+) (Service Pack \d+)$">
300
+ <description>Windows Server 2012 R2 (SP)</description>
301
+ <param pos="0" name="os.certainty" value="1.0"/>
302
+ <param pos="0" name="os.vendor" value="Microsoft"/>
303
+ <param pos="0" name="os.product" value="Windows Server 2012 R2"/>
304
+ <param pos="1" name="os.edition"/>
305
+ <param pos="2" name="os.build"/>
306
+ <param pos="3" name="os.version"/>
307
+ </fingerprint>
308
+
309
+ <fingerprint pattern="^Windows Server 2012 R2 (\w+|\w+ \w+|\w+ \w+ \w+) (\d+)$">
310
+ <description>Windows Server 2012 R2</description>
311
+ <example>Windows Server 2012 R2 Standard 9600</example>
312
+ <param pos="0" name="os.certainty" value="1.0"/>
313
+ <param pos="0" name="os.vendor" value="Microsoft"/>
314
+ <param pos="0" name="os.product" value="Windows Server 2012 R2"/>
315
+ <param pos="1" name="os.edition"/>
316
+ <param pos="2" name="os.build"/>
317
+ </fingerprint>
318
+
319
+ <!-- TODO: Need an example string -->
320
+ <fingerprint pattern="^Windows Server 2012 (\w+|\w+ \w+|\w+ \w+ \w+) (\d+) (Service Pack \d+)$">
321
+ <description>Windows Server 2012 (SP)</description>
322
+ <param pos="0" name="os.certainty" value="1.0"/>
323
+ <param pos="0" name="os.vendor" value="Microsoft"/>
324
+ <param pos="0" name="os.product" value="Windows Server 2012"/>
325
+ <param pos="1" name="os.edition"/>
326
+ <param pos="2" name="os.build"/>
327
+ <param pos="3" name="os.version"/>
328
+ </fingerprint>
329
+
330
+ <fingerprint pattern="^Windows Server 2012 (\w+|\w+ \w+|\w+ \w+ \w+) (\d+)$">
331
+ <description>Windows Server 2012</description>
332
+ <example>Windows Server 2012 Standard 9200</example>
333
+ <param pos="0" name="os.certainty" value="1.0"/>
334
+ <param pos="0" name="os.vendor" value="Microsoft"/>
335
+ <param pos="0" name="os.product" value="Windows Server 2012"/>
336
+ <param pos="1" name="os.edition"/>
337
+ <param pos="2" name="os.build"/>
338
+ </fingerprint>
339
+
340
+ <fingerprint pattern="^Windows MultiPoint Server 2012 (\w+|\w+ \w+|\w+ \w+ \w+) (\d+) (Service Pack \d+)$">
341
+ <description>Windows MultiPoint Server 2012 (SP)</description>
342
+ <example>Windows MultiPoint Server 2012 Premium 9201 Service Pack 1</example>
343
+ <param pos="0" name="os.certainty" value="1.0"/>
344
+ <param pos="0" name="os.vendor" value="Microsoft"/>
345
+ <param pos="0" name="os.product" value="Windows Server 2012"/>
346
+ <param pos="0" name="os.edition" value="MultiPoint"/>
347
+ <param pos="2" name="os.build"/>
348
+ <param pos="3" name="os.version"/>
349
+ </fingerprint>
350
+
351
+ <fingerprint pattern="^Windows MultiPoint Server 2012 (\w+|\w+ \w+|\w+ \w+ \w+) (\d+)$">
352
+ <description>Windows MultiPoint Server 2012</description>
353
+ <example>Windows MultiPoint Server 2012 Premium 9200</example>
354
+ <param pos="0" name="os.certainty" value="1.0"/>
355
+ <param pos="0" name="os.vendor" value="Microsoft"/>
356
+ <param pos="0" name="os.product" value="Windows Server 2012"/>
357
+ <param pos="0" name="os.edition" value="MultiPoint"/>
358
+ <param pos="2" name="os.build"/>
359
+ </fingerprint>
360
+
361
+ <!-- TODO: Detect vendor, distribution, and package versions -->
362
+ <fingerprint pattern="^Samba (\d\.\d+.\d+\w*)">
363
+ <description>Samba</description>
364
+ <example>Samba 3.0.24</example>
365
+ <example>Samba 3.0.28a</example>
366
+ <example>Samba 3.0.32-0.2-2210-SUSE-SL10.3</example>
367
+ <example>Samba 3.6.3</example>
368
+ <example>Samba 3.6.6</example>
369
+ <example>Samba 3.6.9-151.el6_4.1</example>
370
+ <param pos="0" name="service.vendor" value="Samba"/>
371
+ <param pos="0" name="service.product" value="Samba"/>
372
+ <param pos="1" name="service.version" />
373
+ </fingerprint>
374
+
375
+ <fingerprint pattern="^VxWorks">
376
+ <description>VxWorks</description>
377
+ <example>VxWorks</example>
378
+ <param pos="0" name="os.certainty" value="0.5"/>
379
+ <param pos="0" name="os.vendor" value="Wind River"/>
380
+ <param pos="0" name="os.product" value="VxWorks"/>
381
+ <param pos="0" name="service.vendor" value="Wind River"/>
382
+ <param pos="0" name="service.product" value="VxWorks CIFS"/>
383
+ </fingerprint>
384
+
385
+ </fingerprints>
@@ -0,0 +1,1738 @@
1
+ <?xml version="1.0"?>
2
+ <!--
3
+ SMTP greeting lines (part of the banner after the response code) are matched
4
+ against these patterns (1 line at a time) to fingerprint SMTP servers.
5
+
6
+ This is always done in addition to the patterns in other smtp_*.xml files.
7
+ These XML files are used in this order:
8
+ smtp_banners.xml
9
+ smtp_ehlo.xml
10
+ smtp_help.xml
11
+ smtp_noop.xml
12
+ smtp_expn.xml
13
+ smtp_vrfy.xml
14
+ smtp_debug.xml
15
+ smtp_turn.xml
16
+ smtp_rset.xml
17
+ smtp_quit.xml
18
+
19
+ The system or service fingerprint with the highest certainty overwrites the others.
20
+ -->
21
+
22
+ <fingerprints matches="smtp.banner">
23
+ <fingerprint pattern="^X1 NT-ESMTP Server ([^ ]+) \(IMail (\d+\.[^ ]+) EVAL \d+-\d+\)$">
24
+ <description>IMail EVAL version</description>
25
+ <param pos="0" name="service.vendor" value="Ipswitch"/>
26
+ <param pos="0" name="service.family" value="IMail Server"/>
27
+ <param pos="0" name="service.product" value="IMail Server"/>
28
+ <param pos="2" name="service.version"/>
29
+ <param pos="1" name="host.name"/>
30
+ <param pos="0" name="imail.eval" value="yes"/>
31
+ </fingerprint>
32
+
33
+ <fingerprint pattern="^X1 NT-ESMTP Server ([^ ]+) \(IMail (\d+\.[^ ]+) \d+-\d+\)$">
34
+ <!-- 220 X1 NT-ESMTP Server foo.bar (IMail 6.06 4342-1) -->
35
+ <description>IMail non-EVAL version</description>
36
+ <param pos="0" name="service.vendor" value="Ipswitch"/>
37
+ <param pos="0" name="service.family" value="IMail Server"/>
38
+ <param pos="0" name="service.product" value="IMail Server"/>
39
+ <param pos="2" name="service.version"/>
40
+ <param pos="1" name="host.name"/>
41
+ </fingerprint>
42
+
43
+ <fingerprint pattern="^([^ ]+) \(IMail (\d+\.[^ ]+) \d+-\d+\) NT-ESMTP Server X1$">
44
+ <!-- 220 foo.bar (IMail 8.05 113547-7) NT-ESMTP Server X1 -->
45
+ <description>IMail non-EVAL version</description>
46
+ <param pos="0" name="service.vendor" value="Ipswitch"/>
47
+ <param pos="0" name="service.family" value="IMail Server"/>
48
+ <param pos="0" name="service.product" value="IMail Server"/>
49
+ <param pos="2" name="service.version"/>
50
+ <param pos="1" name="host.name"/>
51
+ </fingerprint>
52
+
53
+ <fingerprint pattern="^([^ ]+) SMTP AnalogX Proxy ([^ ]+\.[^ ]+) \(Release\) ready *$">
54
+ <description>
55
+ AnalogX proxy
56
+ http://www.analogx.com/contents/download/network/proxy.htm
57
+ </description>
58
+ <param pos="0" name="service.vendor" value="AnalogX"/>
59
+ <param pos="0" name="service.family" value="Proxy"/>
60
+ <param pos="0" name="service.product" value="Proxy"/>
61
+ <param pos="1" name="service.version"/>
62
+ </fingerprint>
63
+
64
+ <fingerprint pattern="^ArGoSoft Mail Server, Version [^ ]+ \(([^ ]+\.[^ ]+\.[^ ]+\.[^ ]+)\) *$">
65
+ <description>
66
+ ArGoSoft Mail Server is fully functional STMP/POP3/Finger server for Windows 95/98/NT/2000.
67
+ http://www.argosoft.com/applications/mailserver/
68
+ Example: 220 ArGoSoft Mail Server, Version 1.4 (1.4.0.3)
69
+ </description>
70
+ <param pos="0" name="service.vendor" value="ArGoSoft"/>
71
+ <param pos="0" name="service.family" value="Mail Server"/>
72
+ <param pos="0" name="service.product" value="Mail Server"/>
73
+ <param pos="1" name="service.version"/>
74
+ </fingerprint>
75
+
76
+ <fingerprint pattern="^ArGoSoft Mail Server Pro for WinNT/2000, Version [^ ]+ \(([^ ]+\.[^ ]+\.[^ ]+\.[^ ]+)\) *$">
77
+ <description>
78
+ Example: 220 ArGoSoft Mail Server Pro for WinNT/2000, Version 1.61 (1.6.1.8)
79
+ </description>
80
+ <param pos="0" name="service.vendor" value="ArGoSoft"/>
81
+ <param pos="0" name="service.family" value="Mail Server"/>
82
+ <param pos="0" name="service.product" value="Mail Server"/>
83
+ <param pos="1" name="service.version"/>
84
+ </fingerprint>
85
+
86
+ <fingerprint pattern="^([^ ]+) +AppleShare IP Mail Server ([^ ]+\.[^ ]+\.[^ ]+) SMTP Server Ready *$">
87
+ <description>
88
+ AppleShare IP Mail Server (3 version numbers)
89
+ </description>
90
+ <param pos="0" name="service.vendor" value="Apple"/>
91
+ <param pos="0" name="service.family" value="AppleShare IP Mail Server"/>
92
+ <param pos="0" name="service.product" value="AppleShare IP Mail Server"/>
93
+ <param pos="1" name="host.name"/>
94
+ <param pos="2" name="service.version"/>
95
+ </fingerprint>
96
+
97
+ <fingerprint pattern="^([^ ]+) +AppleShare IP Mail Server ([^ ]+\.[^ ]+) SMTP Server Ready *$">
98
+ <description>
99
+ AppleShare IP Mail Server (2 version numbers)
100
+ </description>
101
+ <param pos="0" name="service.vendor" value="Apple"/>
102
+ <param pos="0" name="service.family" value="AppleShare IP Mail Server"/>
103
+ <param pos="0" name="service.product" value="AppleShare IP Mail Server"/>
104
+ <param pos="1" name="host.name"/>
105
+ <param pos="2" name="service.version"/>
106
+ </fingerprint>
107
+
108
+ <fingerprint pattern="^CheckPoint FireWall-1 secure SMTP server *$">
109
+ <description>
110
+ CheckPoint FireWall-1
111
+ </description>
112
+ <param pos="0" name="service.vendor" value="Check Point"/>
113
+ <param pos="0" name="service.family" value="Check Point"/>
114
+ <param pos="0" name="service.product" value="Firewall-1"/>
115
+ </fingerprint>
116
+
117
+ <fingerprint pattern="^SMTP/cmap ready_+$">
118
+ <description>
119
+ Cisco Pix v4.x
120
+ </description>
121
+ <param pos="0" name="service.vendor" value="Cisco"/>
122
+ <param pos="0" name="service.family" value="PIX"/>
123
+ <param pos="0" name="service.product" value="PIX"/>
124
+ <param pos="0" name="service.version" value="4"/>
125
+ </fingerprint>
126
+
127
+ <fingerprint pattern="^([\*20 ]+)$">
128
+ <description>
129
+ Cisco PIX firewall: PIX sits between an internal SMTP server and the rest of the world.
130
+
131
+ Its MailGuard feature strips all information out of the 220 header except for the ' ' (space), '2' (digit two),
132
+ and '0' (digit zero) characters, replacing them with asterisks. While this effectively
133
+ hides the back-end SMTP server, it does tell us that they are running Cisco PIX firewall
134
+ (at least for SMTP, and possibly other services as well).
135
+
136
+ Search Cisco's documentation for "fixup protocol SMTP" for more information.
137
+ </description>
138
+ <param pos="0" name="service.vendor" value="Cisco"/>
139
+ <param pos="0" name="service.family" value="PIX"/>
140
+ <param pos="0" name="service.product" value="PIX"/>
141
+ </fingerprint>
142
+
143
+ <fingerprint pattern="^([^ ]+) +ESMTP CPMTA-([^ ]+)_([^ ]+)_([^ ]+)_([^ ]+) - NO UCE *$">
144
+ <description>
145
+ Critical Path (aka InScribe) Messaging Server
146
+ http://www.cp.net/products/inscr_messagingserv_overview.html
147
+ Runs on Windows NT4/2k, Solaris 2.6, 2.7, and 2.8 Sparc/Intel, SGI IRIX 6.5.3 or later, and AIX
148
+ </description>
149
+ <param pos="0" name="service.vendor" value="Critical Path"/>
150
+ <param pos="0" name="service.family" value="Messaging Server"/>
151
+ <param pos="0" name="service.product" value="Messaging Server"/>
152
+ <param pos="1" name="host.name"/>
153
+ <param pos="2" name="service.version"/>
154
+ <param pos="3" name="service.version.version"/>
155
+ <param pos="4" name="service.version.version.version"/>
156
+ <param pos="5" name="service.version.version.version.version"/>
157
+ </fingerprint>
158
+
159
+ <fingerprint pattern="^CSM Internet Mail Scanner SMTP-Gateway ready?\. *$">
160
+ <description>
161
+ CSM Internet Mail Scanner SMTP proxy
162
+ see http://www.csm-usa.com/product/ims/release.htm
163
+ TODO: Some versions return a typo "read." instead of "ready." - use this to fingerprint
164
+ example: 220 CSM Internet Mail Scanner SMTP-Gateway ready.
165
+ example: 220 CSM Internet Mail Scanner SMTP-Gateway read.
166
+ </description>
167
+ <param pos="0" name="service.vendor" value="CSM"/>
168
+ <param pos="0" name="service.family" value="Internet Mail Scanner"/>
169
+ <param pos="0" name="service.product" value="Internet Mail Scanner"/>
170
+ </fingerprint>
171
+
172
+ <fingerprint pattern="^([^ ]+) +IMS SMTP Receiver Version ([^ ]+\.[^ ]+) Ready *$">
173
+ <description>
174
+ EMWAC Internet Mail Services http://emwac.ed.ac.uk/html/internet_toolchest/ims/ims.htm
175
+ example: 220 gabriela.networld.com.ar IMS SMTP Receiver Version 0.83 Ready
176
+ </description>
177
+ <param pos="0" name="service.vendor" value="EMWAC"/>
178
+ <param pos="0" name="service.family" value="Internet Mail Services"/>
179
+ <param pos="0" name="service.product" value="Internet Mail Services"/>
180
+ <param pos="1" name="host.name"/>
181
+ <param pos="2" name="service.version"/>
182
+ </fingerprint>
183
+
184
+ <fingerprint pattern="^([^ ]+) running Eudora Internet Mail Server ([^ ]+\.[^ ]+\.[^ ]+) *$">
185
+ <description>
186
+ Eudora Internet Mail Server (3 version numbers)
187
+ example: 220 interlink.com.ar running Eudora Internet Mail Server 3.0.2
188
+ example: 220 mail.gis.at running Eudora Internet Mail Server 2.2
189
+ </description>
190
+ <param pos="0" name="service.vendor" value="Eudora"/>
191
+ <param pos="0" name="service.family" value="Internet Mail Server"/>
192
+ <param pos="0" name="service.product" value="Internet Mail Server"/>
193
+ <param pos="0" name="os.vendor" value="Apple"/>
194
+ <param pos="0" name="os.family" value="Mac OS"/>
195
+ <param pos="0" name="os.device" value="General"/>
196
+ <param pos="0" name="os.product" value="Mac OS"/>
197
+ <param pos="1" name="host.name"/>
198
+ <param pos="2" name="service.version"/>
199
+ </fingerprint>
200
+
201
+ <fingerprint pattern="^([^ ]+) running Eudora Internet Mail Server ([^ ]+\.[^ ]+) *$">
202
+ <description>
203
+ Eudora Internet Mail Server (2 version numbers)
204
+ 220 mail.gis.at running Eudora Internet Mail Server 2.2
205
+ </description>
206
+ <param pos="0" name="service.vendor" value="Eudora"/>
207
+ <param pos="0" name="service.family" value="Internet Mail Server"/>
208
+ <param pos="0" name="service.product" value="Internet Mail Server"/>
209
+ <param pos="0" name="os.vendor" value="Apple"/>
210
+ <param pos="0" name="os.family" value="Mac OS"/>
211
+ <param pos="0" name="os.device" value="General"/>
212
+ <param pos="0" name="os.product" value="Mac OS"/>
213
+ <param pos="1" name="host.name"/>
214
+ <param pos="2" name="service.version"/>
215
+ </fingerprint>
216
+
217
+ <fingerprint pattern="^([^ ]+) +ESMTP Server \(Microsoft Exchange Internet Mail Service (\d+\.\d+\.\d+\.\d+)\) ready *$">
218
+ <!-- your.smtp.server ESMTP Server (Microsoft Exchange Internet Mail Service 5.5.2448.0) ready -->
219
+ <description>
220
+ Microsoft Exchange Server 5.5 and above
221
+ (for sure, can't be confused with the IIS builtin SMTP service)
222
+ </description>
223
+ <param pos="0" name="service.vendor" value="Microsoft"/>
224
+ <param pos="0" name="service.family" value="Exchange Server"/>
225
+ <param pos="0" name="service.product" value="Exchange Server"/>
226
+ <param pos="2" name="service.version"/>
227
+ <param pos="1" name="host.name"/>
228
+ <param pos="0" name="os.vendor" value="Microsoft"/>
229
+ <param pos="0" name="os.family" value="Windows"/>
230
+ <param pos="0" name="os.device" value="General"/>
231
+ <param pos="0" name="os.product" value="Windows"/>
232
+ </fingerprint>
233
+
234
+ <fingerprint pattern="^([^ ]+) Microsoft Exchange Internet Mail Service (\d+\.\d+\.\d+\.\d+) ready *$">
235
+ <!-- your.smtp.server Microsoft Exchange Internet Mail Service 5.0.1460.8 ready -->
236
+ <description>
237
+ Microsoft Exchange Server 5.0
238
+ (for sure, can't be confused with the IIS builtin SMTP service)
239
+ </description>
240
+ <param pos="0" name="service.vendor" value="Microsoft"/>
241
+ <param pos="0" name="service.family" value="Exchange Server"/>
242
+ <param pos="0" name="service.product" value="Exchange Server"/>
243
+ <param pos="2" name="service.version"/>
244
+ <param pos="1" name="host.name"/>
245
+ <param pos="0" name="os.vendor" value="Microsoft"/>
246
+ <param pos="0" name="os.family" value="Windows"/>
247
+ <param pos="0" name="os.device" value="General"/>
248
+ <param pos="0" name="os.product" value="Windows"/>
249
+ </fingerprint>
250
+
251
+ <fingerprint pattern="^([^ ]+) Microsoft ESMTP MAIL Service ready at .*$">
252
+ <description>
253
+ Microsoft Exchange 2007/2010
254
+ (for sure, can't be confused with the IIS builtin SMTP service)
255
+ </description>
256
+ <example>foo Microsoft ESMTP MAIL Service ready at Wed, 21 Jul 2010 19:04:24 -0700</example>
257
+ <param pos="0" name="service.vendor" value="Microsoft"/>
258
+ <param pos="0" name="service.family" value="Exchange Server"/>
259
+ <param pos="0" name="service.product" value="Exchange Server"/>
260
+ <param pos="1" name="host.name"/>
261
+ <param pos="0" name="os.vendor" value="Microsoft"/>
262
+ <param pos="0" name="os.family" value="Windows"/>
263
+ <param pos="0" name="os.device" value="General"/>
264
+ <param pos="0" name="os.product" value="Windows"/>
265
+ </fingerprint>
266
+
267
+ <fingerprint pattern="^([^ ]+) Microsoft SMTP MAIL ready at (.+) Version: +(\d+\.\d+\.\d+\.\d+\.\d+) *$">
268
+ <!-- smtp.foo.bar Microsoft SMTP MAIL ready at Tue, 6 Feb 2001 18:28:07 +0100 Version: 5.5.1877.197.19 -->
269
+ <description>
270
+ Microsoft IIS builtin SMTP service, or Microsoft Exchange Server
271
+ (they are differentiated from each other in smtp-iis.clp)
272
+ </description>
273
+ <param pos="0" name="service.vendor" value="Microsoft"/>
274
+ <param pos="0" name="service.family" value="IIS"/>
275
+ <param pos="0" name="service.product" value="IIS"/>
276
+ <param pos="3" name="service.version"/>
277
+ <param pos="1" name="host.name"/>
278
+ <param pos="2" name="system.time"/>
279
+ <param pos="0" name="system.time.format" value="EEE, dd MMM yyyy HH:mm:ss zzz"/>
280
+ <param pos="0" name="os.vendor" value="Microsoft"/>
281
+ <param pos="0" name="os.family" value="Windows"/>
282
+ <param pos="0" name="os.device" value="General"/>
283
+ <param pos="0" name="os.product" value="Windows"/>
284
+ </fingerprint>
285
+
286
+ <fingerprint pattern="^([^ ]+) +Microsoft ESMTP MAIL Service, Version: +(\d+\.\d+\.\d+\.\d+) +ready at +(.+)$">
287
+ <!-- foo.bar.com Microsoft ESMTP MAIL Service, Version: 5.0.2195.1600 ready at Wed, 31 Jan 2001 00:10:50 -0400 -->
288
+ <description>
289
+ Microsoft IIS builtin SMTP service, or Microsoft Exchange Server
290
+ (they are differentiated from each other in smtp-iis.clp)
291
+ </description>
292
+ <param pos="0" name="service.vendor" value="Microsoft"/>
293
+ <param pos="0" name="service.family" value="IIS"/>
294
+ <param pos="0" name="service.product" value="IIS"/>
295
+ <param pos="2" name="service.version"/>
296
+ <param pos="1" name="host.name"/>
297
+ <param pos="3" name="system.time"/>
298
+ <param pos="0" name="system.time.format" value="EEE, dd MMM yyyy HH:mm:ss zzz"/>
299
+ <param pos="0" name="os.vendor" value="Microsoft"/>
300
+ <param pos="0" name="os.family" value="Windows"/>
301
+ <param pos="0" name="os.device" value="General"/>
302
+ <param pos="0" name="os.product" value="Windows"/>
303
+ </fingerprint>
304
+
305
+
306
+ <fingerprint pattern="^([^ ]+) ESMTP Exim ([^ ]+\.[^ ]+) (.+)$">
307
+ <description>
308
+ Exim (3 version numbers)
309
+ example: 220 foo.bar.com ESMTP Exim 3.12 #1 Wed, 31 Jan 2001 15:47:23 +1100
310
+ example: 220 foo.bar.com ESMTP Exim 3.22 1 Mon, 30 Jul 2001 23:16:12 +0100 [NO UCE, NO SPAM]
311
+ </description>
312
+ <param pos="0" name="service.vendor" value="exim"/>
313
+ <param pos="0" name="service.family" value="exim"/>
314
+ <param pos="0" name="service.product" value="exim"/>
315
+ <param pos="0" name="system.time.format" value="EEE, dd MMM yyyy HH:mm:ss zzz"/>
316
+ <param pos="1" name="host.name"/>
317
+ <param pos="2" name="service.version"/>
318
+ <param pos="3" name="system.time"/>
319
+ </fingerprint>
320
+
321
+ <fingerprint pattern="^([^ ]+) FTGate server ready .*$">
322
+ <description>
323
+ FTGate mail server, runs on Windows 9x/NT/2k
324
+ http://www.ftgate.com
325
+ Example: 220 stoddardhoney.com FTGate server ready -attitude [C.o.r.E]
326
+ </description>
327
+ <param pos="0" name="service.vendor" value="Floosietek"/>
328
+ <param pos="0" name="service.family" value="FTGate"/>
329
+ <param pos="0" name="service.product" value="FTGate"/>
330
+ <param pos="1" name="host.name"/>
331
+ </fingerprint>
332
+
333
+ <fingerprint pattern="^([^ ]+) +SMTP/smap Ready\.$">
334
+ <description>
335
+ TIS FWTK and derivatives
336
+ http://www.tis.com/research/software/
337
+ This fingerprint may be ambiguous because other firewalls (like
338
+ Gauntlet) are derived from TIS
339
+ </description>
340
+ <param pos="0" name="service.vendor" value="TIS"/>
341
+ <param pos="0" name="service.family" value="FWTK"/>
342
+ <param pos="0" name="service.product" value="FWTK"/>
343
+ </fingerprint>
344
+
345
+ <fingerprint pattern="^([^ ]+) GroupWise Internet Agent ([^ ]+\.[^ ]+\.[^ ]+) Ready \(C\).* Novell, Inc\. *$">
346
+ <description>
347
+ Novell GroupWise Internet Agent versions 5 and higher, 3 version numbers
348
+ example: 220 coleharbourplace.com GroupWise Internet Agent 5.5.1 Ready (C)1993, 1998 Novell, Inc.
349
+ </description>
350
+ <param pos="0" name="service.vendor" value="Novell"/>
351
+ <param pos="0" name="service.family" value="GroupWise"/>
352
+ <param pos="0" name="service.product" value="GroupWise"/>
353
+ <param pos="1" name="host.name"/>
354
+ <param pos="2" name="service.version"/>
355
+ </fingerprint>
356
+
357
+ <fingerprint pattern="^([^ ]+) GroupWise Internet Agent ([^ ]+\.[^ ]+) Ready \(C\).* Novell, Inc\. *$">
358
+ <description>
359
+ Novell GroupWise Internet Agent versions 5 and higher, 2 version numbers
360
+ </description>
361
+ <param pos="0" name="service.vendor" value="Novell"/>
362
+ <param pos="0" name="service.family" value="GroupWise"/>
363
+ <param pos="0" name="service.product" value="GroupWise"/>
364
+ <param pos="1" name="host.name"/>
365
+ <param pos="2" name="service.version"/>
366
+ </fingerprint>
367
+
368
+ <fingerprint pattern="^([^ ]+) GroupWise SMTP/MIME Daemon ([^ ]+\.[^ ]+) v([^ ]+) Ready \(C\).* Novell, Inc\. *$">
369
+ <description>
370
+ Novell GroupWise versions below 5
371
+ example: 220 bates.at GroupWise SMTP/MIME Daemon 4.1 v3 Ready (C)1993, 1996 Novell, Inc.
372
+ </description>
373
+ <param pos="0" name="service.vendor" value="Novell"/>
374
+ <param pos="0" name="service.family" value="GroupWise"/>
375
+ <param pos="0" name="service.product" value="GroupWise"/>
376
+ <param pos="1" name="host.name"/>
377
+ <param pos="2" name="service.version"/>
378
+ <param pos="3" name="service.version.version"/>
379
+ </fingerprint>
380
+
381
+ <fingerprint pattern="^([^ ]+) running IBM VM SMTP (.+) on (.+) *$">
382
+ <description>
383
+ IBM SMTP server for VM/ESA on IBM S/390 and IBM eserver z/Series 900.
384
+ http://www.vm.ibm.com
385
+ http://www-1.ibm.com/servers/eserver/zseries/
386
+ http://mitvma.mit.edu/system/vm.html
387
+ example: 220 mail.foo.bar running IBM VM SMTP Level 3A0 on Mon, 10 Sep 2001 07:21:54 EDT
388
+ example: 220 mail.foo.bar running IBM VM SMTP V2R4 on Mon, 10 Sep 2001 12:23:47 +0100
389
+ </description>
390
+ <param pos="0" name="service.vendor" value="IBM"/>
391
+ <param pos="0" name="service.family" value="VM"/>
392
+ <param pos="0" name="service.product" value="VM"/>
393
+ <param pos="0" name="system.time.format" value="EEE, dd MMM yyyy HH:mm:ss zzz"/>
394
+ <param pos="1" name="host.name"/>
395
+ <param pos="2" name="service.version"/>
396
+ <param pos="3" name="system.time"/>
397
+ </fingerprint>
398
+
399
+ <fingerprint pattern="^([^ ]+) running IBM VM SMTP (.+); (.+) *$">
400
+ <description>
401
+ IBM SMTP server for VM/ESA on IBM S/390 and IBM eserver z/Series 900.
402
+ http://www.vm.ibm.com
403
+ http://www-1.ibm.com/servers/eserver/zseries/
404
+ http://mitvma.mit.edu/system/vm.html
405
+ example: 220 mail.foo.bar ESMTP running IBM VM SMTP V2R4; Mon, 10 Sep 2001 07:24:35 -0400 (EDT)
406
+ </description>
407
+ <param pos="0" name="service.vendor" value="IBM"/>
408
+ <param pos="0" name="service.family" value="VM"/>
409
+ <param pos="0" name="service.product" value="VM"/>
410
+ <param pos="0" name="system.time.format" value="EEE, dd MMM yyyy HH:mm:ss zzz"/>
411
+ <param pos="1" name="host.name"/>
412
+ <param pos="2" name="service.version"/>
413
+ <param pos="3" name="system.time"/>
414
+ </fingerprint>
415
+
416
+ <fingerprint pattern="^([^ ]+) \(IntraStore TurboSendmail\) ESMTP Service ready *$">
417
+ <description>
418
+ Syntegra/CDC IntraStore TurboSendmail, part of the IntraStore server which runs on
419
+ the following platforms ONLY: Linux, HP-UX, Solaris, AIX, and Windows NT/2000
420
+ see http://www.cdc.com for more information
421
+ example: 220 tigger.disneyonline.com (IntraStore TurboSendmail) ESMTP Service ready
422
+ </description>
423
+ <param pos="0" name="service.vendor" value="BT"/>
424
+ <param pos="0" name="service.family" value="IntraStore"/>
425
+ <param pos="0" name="service.product" value="IntraStore"/>
426
+ </fingerprint>
427
+
428
+ <fingerprint pattern="^([^ ]+) \(Mail-Max Version (\d+\.\d+\.\d+\.\d+), (.+, .+)\) ESMTP Mail Server Ready. *$">
429
+ <description>
430
+ Mail Max (4 version numbers)
431
+ example: 220 MAIL3 (Mail-Max Version 4.2.4.7, Wed, 31 Jan 2001 03:44:35 +0100 WST) ESMTP Mail Server Ready.
432
+ </description>
433
+ <param pos="0" name="service.vendor" value="Mail-Max"/>
434
+ <param pos="0" name="service.family" value="Mail-Max"/>
435
+ <param pos="0" name="service.product" value="Mail-Max"/>
436
+ <param pos="0" name="system.time.format" value="EEE, dd MMM yyyy HH:mm:ss zzz"/>
437
+ <param pos="1" name="host.name"/>
438
+ <param pos="2" name="service.version"/>
439
+ <param pos="3" name="system.time"/>
440
+ </fingerprint>
441
+
442
+ <fingerprint pattern="^([^ ]+) \(Mail-Max Version (\d+\.\d+), (.+, .+)\) ESMTP Mail Server Ready. *$">
443
+ <description>
444
+ Mail Max (2 version numbers)
445
+ example: 220 WEBB (Mail-Max Version 3.065, Wed, 31 Jan 2001 03:46:11 +0100 WST) ESMTP Mail Server Ready.
446
+ </description>
447
+ <param pos="0" name="service.vendor" value="Mail-Max"/>
448
+ <param pos="0" name="service.family" value="Mail-Max"/>
449
+ <param pos="0" name="service.product" value="Mail-Max"/>
450
+ <param pos="0" name="system.time.format" value="EEE, dd MMM yyyy HH:mm:ss zzz"/>
451
+ <param pos="1" name="host.name"/>
452
+ <param pos="2" name="service.version"/>
453
+ <param pos="3" name="system.time"/>
454
+ </fingerprint>
455
+
456
+ <fingerprint pattern="^([^ ]+) +MailSite ESMTP Receiver Version ([^ ]+\.[^ ]+\.[^ ]+\.[^ ]+) Ready *$">
457
+ <description>
458
+ Rockliffe MailSite http://www.rockliffe.com
459
+ example: 220 bas.com.ar MailSite ESMTP Receiver Version 3.4.6.0 Ready
460
+ </description>
461
+ <param pos="0" name="service.vendor" value="Rockliffe"/>
462
+ <param pos="0" name="service.family" value="MailSite"/>
463
+ <param pos="0" name="service.product" value="MailSite"/>
464
+ <param pos="1" name="host.name"/>
465
+ <param pos="2" name="service.version"/>
466
+ </fingerprint>
467
+
468
+ <fingerprint pattern="^([^ ]+) +MailSite ESMTP Receiver Version ([^ ]+\.[^ ]+\.[^ ]+) Ready *$">
469
+ <description>
470
+ Rockliffe MailSite http://www.rockliffe.com
471
+ example: 220 rhino.accessweb.com MailSite SMTP Receiver Version 2.1.7 Ready
472
+ </description>
473
+ <param pos="0" name="service.vendor" value="Rockliffe"/>
474
+ <param pos="0" name="service.family" value="MailSite"/>
475
+ <param pos="0" name="service.product" value="MailSite"/>
476
+ <param pos="1" name="host.name"/>
477
+ <param pos="2" name="service.version"/>
478
+ </fingerprint>
479
+
480
+ <fingerprint pattern="^([^ ]+) +MAILsweeper ESMTP Receiver Version ([^ ]+\.[^ ]+\.[^ ]+\.[^ ]+) Ready *$">
481
+ <description>
482
+ Content Security MAILsweeper for SMTP http://www.contenttechnologies.com/products/msw4smtp/default.asp
483
+ example: 220 infotech.at MAILsweeper ESMTP Receiver Version 4.2.1.0 Ready
484
+ </description>
485
+ <param pos="0" name="service.vendor" value="Clearswift"/>
486
+ <param pos="0" name="service.family" value="MAILsweeper"/>
487
+ <param pos="0" name="service.product" value="MAILsweeper"/>
488
+ <param pos="1" name="host.name"/>
489
+ <param pos="2" name="service.version"/>
490
+ </fingerprint>
491
+
492
+ <fingerprint pattern="^([^ ]+) +ESMTP MDaemon ([^ ]+\.[^ ]+\.[^ ]+) UNREGISTERED; *(.+) *$">
493
+ <description>
494
+ MDaemon mail server
495
+ 220 foo.bar ESMTP MDaemon 4.0.5 UNREGISTERED; Sat, 06 Oct 2001 09:10:56 +0400
496
+ </description>
497
+ <param pos="0" name="service.vendor" value="Alt-N"/>
498
+ <param pos="0" name="service.family" value="MDaemon"/>
499
+ <param pos="0" name="service.product" value="MDaemon"/>
500
+ <param pos="0" name="system.time.format" value="EEE, dd MMM yyyy HH:mm:ss zzz"/>
501
+ <param pos="0" name="mdaemon.unregistered" value="yes"/>
502
+ <param pos="0" name="os.vendor" value="Microsoft"/>
503
+ <param pos="0" name="os.family" value="Windows"/>
504
+ <param pos="0" name="os.device" value="General"/>
505
+ <param pos="0" name="os.product" value="Windows"/>
506
+ <param pos="0" name="os.arch" value="x86"/>
507
+ <param pos="1" name="host.name"/>
508
+ <param pos="2" name="service.version"/>
509
+ <param pos="3" name="system.time"/>
510
+ </fingerprint>
511
+
512
+ <fingerprint pattern="^([^ ]+) +ESMTP MDaemon ([^ ]+\.[^ ]+\.[^ ]+); *(.+) *$">
513
+ <description>
514
+ MDaemon mail server
515
+ 220 foo.bar ESMTP MDaemon 4.0.2; Sat, 06 Oct 2001 01:46:44 -0500
516
+ </description>
517
+ <param pos="0" name="service.vendor" value="Alt-N"/>
518
+ <param pos="0" name="service.family" value="MDaemon"/>
519
+ <param pos="0" name="service.product" value="MDaemon"/>
520
+ <param pos="0" name="system.time.format" value="EEE, dd MMM yyyy HH:mm:ss zzz"/>
521
+ <param pos="0" name="os.vendor" value="Microsoft"/>
522
+ <param pos="0" name="os.family" value="Windows"/>
523
+ <param pos="0" name="os.device" value="General"/>
524
+ <param pos="0" name="os.product" value="Windows"/>
525
+ <param pos="0" name="os.arch" value="x86"/>
526
+ <param pos="1" name="host.name"/>
527
+ <param pos="2" name="service.version"/>
528
+ <param pos="3" name="system.time"/>
529
+ </fingerprint>
530
+
531
+ <fingerprint pattern="^([^ ]+) +ESMTP MDaemon ([^ ]+\.[^ ]+\.[^ ]+) ready *$">
532
+ <description>
533
+ MDaemon mail server
534
+ 220 foo.bar ESMTP MDaemon 3.5.7 ready
535
+ </description>
536
+ <param pos="0" name="service.vendor" value="Alt-N"/>
537
+ <param pos="0" name="service.family" value="MDaemon"/>
538
+ <param pos="0" name="service.product" value="MDaemon"/>
539
+ <param pos="0" name="os.vendor" value="Microsoft"/>
540
+ <param pos="0" name="os.family" value="Windows"/>
541
+ <param pos="0" name="os.device" value="General"/>
542
+ <param pos="0" name="os.product" value="Windows"/>
543
+ <param pos="0" name="os.arch" value="x86"/>
544
+ <param pos="1" name="host.name"/>
545
+ <param pos="2" name="service.version"/>
546
+ </fingerprint>
547
+
548
+ <fingerprint pattern="^([^ ]+) +ESMTP service ready \[[0-9]+\] MDaemon v([^ ]+\.[^ ]+) ([^ ]+) *$">
549
+ <description>
550
+ MDaemon mail server
551
+ 220 foo.bar.com ESMTP service ready [1] MDaemon v2.84 R
552
+ </description>
553
+ <param pos="0" name="service.vendor" value="Alt-N"/>
554
+ <param pos="0" name="service.family" value="MDaemon"/>
555
+ <param pos="0" name="service.product" value="MDaemon"/>
556
+ <param pos="0" name="os.vendor" value="Microsoft"/>
557
+ <param pos="0" name="os.family" value="Windows"/>
558
+ <param pos="0" name="os.device" value="General"/>
559
+ <param pos="0" name="os.product" value="Windows"/>
560
+ <param pos="0" name="os.arch" value="x86"/>
561
+ <param pos="1" name="host.name"/>
562
+ <param pos="2" name="service.version"/>
563
+ <param pos="3" name="service.version.version"/>
564
+ </fingerprint>
565
+
566
+ <fingerprint pattern="^([^ ]+) +ESMTP service ready \[[0-9]+\] using MDaemon v([^ ]+\.[^ ]+\.[^ ]+) ([^ ]+) *$">
567
+ <description>
568
+ MDaemon mail server
569
+ 220 foo.bar.com ESMTP service ready [1] using MDaemon v3.0.3 R
570
+ </description>
571
+ <param pos="0" name="service.vendor" value="Alt-N"/>
572
+ <param pos="0" name="service.family" value="MDaemon"/>
573
+ <param pos="0" name="service.product" value="MDaemon"/>
574
+ <param pos="0" name="os.vendor" value="Microsoft"/>
575
+ <param pos="0" name="os.family" value="Windows"/>
576
+ <param pos="0" name="os.device" value="General"/>
577
+ <param pos="0" name="os.product" value="Windows"/>
578
+ <param pos="0" name="os.arch" value="x86"/>
579
+ <param pos="1" name="host.name"/>
580
+ <param pos="2" name="service.version"/>
581
+ <param pos="3" name="service.version.version"/>
582
+ </fingerprint>
583
+
584
+ <fingerprint pattern="^([^ ]+) +ESMTP service ready \[[0-9]+\] MDaemon v([^ ]+\.[^ ]+) ([^ ]+) ([^ ]+) *$">
585
+ <description>
586
+ MDaemon mail server
587
+ 220 foo.bar.com ESMTP service ready [1] MDaemon v2.7 SP5 R
588
+ </description>
589
+ <param pos="0" name="service.vendor" value="Alt-N"/>
590
+ <param pos="0" name="service.family" value="MDaemon"/>
591
+ <param pos="0" name="service.product" value="MDaemon"/>
592
+ <param pos="0" name="os.vendor" value="Microsoft"/>
593
+ <param pos="0" name="os.family" value="Windows"/>
594
+ <param pos="0" name="os.device" value="General"/>
595
+ <param pos="0" name="os.product" value="Windows"/>
596
+ <param pos="0" name="os.arch" value="x86"/>
597
+ <param pos="1" name="host.name"/>
598
+ <param pos="2" name="service.version"/>
599
+ <param pos="3" name="service.version.version"/>
600
+ <param pos="4" name="service.version.version.version"/>
601
+ </fingerprint>
602
+
603
+ <fingerprint pattern="^([^ ]+) +ESMTP service ready \[[0-9]+\] MDaemon v([^ ]+)\.([^ ]+)\.([^ ]+)\.([^ ]+) ([^ ]+) *$">
604
+ <description>
605
+ MDaemon mail server
606
+ 220 foo.bar.com ESMTP service ready [1] MDaemon v2.8.7.0 R
607
+ </description>
608
+ <param pos="0" name="service.vendor" value="Alt-N"/>
609
+ <param pos="0" name="service.family" value="MDaemon"/>
610
+ <param pos="0" name="service.product" value="MDaemon"/>
611
+ <param pos="0" name="os.vendor" value="Microsoft"/>
612
+ <param pos="0" name="os.family" value="Windows"/>
613
+ <param pos="0" name="os.device" value="General"/>
614
+ <param pos="0" name="os.product" value="Windows"/>
615
+ <param pos="0" name="os.arch" value="x86"/>
616
+ <param pos="1" name="host.name"/>
617
+ <param pos="2" name="service.version"/>
618
+ <param pos="3" name="service.version.version"/>
619
+ <param pos="4" name="service.version.version.version"/>
620
+ <param pos="5" name="service.version.version.version.version"/>
621
+ <param pos="6" name="service.version.version.version.version.version"/>
622
+ </fingerprint>
623
+
624
+ <fingerprint pattern="^([^ ]+) +ESMTP service ready \[[0-9]+\] \(MDaemon v([^ ]+\.[^ ]+) ([^ ]+) ([^ ]+)\) *$">
625
+ <description>
626
+ MDaemon mail server
627
+ 220 foo.bar.com ESMTP service ready [2] (MDaemon v2.7 SP4 R)
628
+ </description>
629
+ <param pos="0" name="service.vendor" value="Alt-N"/>
630
+ <param pos="0" name="service.family" value="MDaemon"/>
631
+ <param pos="0" name="service.product" value="MDaemon"/>
632
+ <param pos="0" name="os.vendor" value="Microsoft"/>
633
+ <param pos="0" name="os.family" value="Windows"/>
634
+ <param pos="0" name="os.device" value="General"/>
635
+ <param pos="0" name="os.product" value="Windows"/>
636
+ <param pos="0" name="os.arch" value="x86"/>
637
+ <param pos="1" name="host.name"/>
638
+ <param pos="2" name="service.version"/>
639
+ <param pos="3" name="service.version.version"/>
640
+ <param pos="4" name="service.version.version.version"/>
641
+ </fingerprint>
642
+
643
+ <fingerprint pattern="^([^ ]+) +ESMTP service ready \[[0-9]+\] \(MDaemon v([^ ]+\.[^ ]+) ([^ ]+) ([^ ]+) ([^ ]+)\) *$">
644
+ <description>
645
+ MDaemon mail server
646
+ 220 foo.bar.com ESMTP service ready [1] (MDaemon v2.5 rB b1 32-T)
647
+ </description>
648
+ <param pos="0" name="service.vendor" value="Alt-N"/>
649
+ <param pos="0" name="service.family" value="MDaemon"/>
650
+ <param pos="0" name="service.product" value="MDaemon"/>
651
+ <param pos="0" name="os.vendor" value="Microsoft"/>
652
+ <param pos="0" name="os.family" value="Windows"/>
653
+ <param pos="0" name="os.device" value="General"/>
654
+ <param pos="0" name="os.product" value="Windows"/>
655
+ <param pos="0" name="os.arch" value="x86"/>
656
+ <param pos="1" name="host.name"/>
657
+ <param pos="2" name="service.version"/>
658
+ <param pos="3" name="service.version.version"/>
659
+ <param pos="4" name="service.version.version.version"/>
660
+ <param pos="5" name="service.version.version.version.version"/>
661
+ </fingerprint>
662
+
663
+ <!-- example: 220 mail.db-list.com ESMTP MERAK 3.00.140; Tue, 24 Jul 2001 21:30:47 -0700 -->
664
+ <fingerprint pattern="^([^ ]+) +ESMTP MERAK ([^ ]+\.[^ ]+\.[^ ]+); *(.+) *$">
665
+ <description>
666
+ Merak mail server http://www.icewarp.com/merakmail/ (runs on 2000/NT/9x)
667
+ 220 mail.db-list.com ESMTP MERAK 3.00.140; Tue, 24 Jul 2001 21:30:47 -0700
668
+ </description>
669
+ <param pos="0" name="service.vendor" value="Merak"/>
670
+ <param pos="0" name="service.family" value="Mail Server"/>
671
+ <param pos="0" name="service.product" value="Mail Server"/>
672
+ <param pos="0" name="system.time.format" value="EEE, dd MMM yyyy HH:mm:ss zzz"/>
673
+ <param pos="1" name="host.name"/>
674
+ <param pos="2" name="service.version"/>
675
+ <param pos="3" name="system.time"/>
676
+ </fingerprint>
677
+
678
+ <fingerprint pattern="^MERCUR SMTP-Server \(v([^ ]+\.[^ ])0\.([^ ]+) ([^ ]+)\) for (.+) ready at (.+) *$">
679
+ <description>
680
+ Atrium's MERCUR SMTP server
681
+ http://www.atrium-software.com/pub/support_e.cfm
682
+ example: 220 MERCUR SMTP-Server (v3.20.01 KA-0098304) for Windows NT ready at Tue, 6 Feb 2001 21:38:26 +0100
683
+ example: 220 MERCUR SMTP-Server (v3.20.01 KA-0098304) for Windows NT ready at Tue, 6 Feb 2001 21:38:26 +0100
684
+ example: 220 MERCUR SMTP-Server (v3.10.18 KA-0098307) for Windows NT ready at Tue, 6 Feb 2001 18:44:03 +0100
685
+ example: 220 MERCUR SMTP-Server (v3.10.18 KA-0098316) for Windows NT ready at Tue, 6 Feb 2001 15:01:51 +0100
686
+ example: 220 MERCUR SMTP-Server (v3.30.03 KA-0098319) for Windows NT ready at Tue, 6 Feb 2001 19:06:18 +0100
687
+ example: 220 MERCUR SMTP-Server (v3.30.03 KA-5341199) for Windows NT ready at Tue, 6 Feb 2001 18:47:09 +0100
688
+ example: 220 MERCUR SMTP-Server (v3.20.01 AS-0098307) for Windows NT ready at Tue, 6 Feb 2001 15:13:14 +0100
689
+ example: 220 MERCUR SMTP-Server (v3.20.01 AS-0098309) for Windows NT ready at Tue, 6 Feb 2001 16:11:42 +0100
690
+ example: 220 MERCUR SMTP-Server (v3.10.16 AS-7962628) for Windows 95 ready at Tue, 6 Feb 2001 16:37:38 +0100
691
+ example: 220 MERCUR SMTP-Server (v3.10.18 AS-5341186) for Windows NT ready at Tue, 6 Feb 2001 19:27:24 +0100
692
+ example: 220 MERCUR SMTP-Server (v3.30.03 CO-0098319) for Windows NT ready at Tue, 6 Feb 2001 20:45:01 +0100
693
+ example: 220 MERCUR SMTP-Server (v3.30.01 NR-7864330) for Windows NT ready at Tue, 6 Feb 2001 21:31:18 +0100
694
+ example: 220 MERCUR SMTP-Server (v3.30.03 DG-0098304) for Windows NT ready at Tue, 6 Feb 2001 22:52:50 +0100
695
+ example: 220 MERCUR SMTP-Server (v3.20.01 SY-0098318) for Windows NT ready at Tue, 6 Feb 2001 23:26:22 +0100
696
+ </description>
697
+ <param pos="0" name="service.vendor" value="Atrium Software"/>
698
+ <param pos="0" name="service.family" value="MERCUR"/>
699
+ <param pos="0" name="service.product" value="MERCUR"/>
700
+ <param pos="0" name="system.time.format" value="EEE, dd MMM yyyy HH:mm:ss zzz"/>
701
+ <param pos="1" name="service.version"/>
702
+ <param pos="2" name="service.version.version"/>
703
+ <param pos="3" name="service.version.version.version"/>
704
+ <param pos="4" name="mercur.os.info"/>
705
+ <param pos="5" name="system.time"/>
706
+ </fingerprint>
707
+
708
+ <fingerprint pattern="^([^ ]+) Mercury ([^ ]+\.[^ ]+) ESMTP server ready.$">
709
+ <description>
710
+ Mercury NLM for Netware
711
+ http://www.pmail.com/index.cfm
712
+ example: 220 mail.law.utexas.edu Mercury 1.43 ESMTP server ready.
713
+ </description>
714
+ <param pos="0" name="service.family" value="Mercury Mail Transport System"/>
715
+ <param pos="0" name="service.product" value="Mercury Mail Transport System"/>
716
+ <param pos="0" name="os.vendor" value="Novell"/>
717
+ <param pos="0" name="os.family" value="NetWare"/>
718
+ <param pos="0" name="os.device" value="General"/>
719
+ <param pos="0" name="os.product" value="NetWare"/>
720
+ <param pos="1" name="host.name"/>
721
+ <param pos="2" name="service.version"/>
722
+ </fingerprint>
723
+
724
+ <fingerprint pattern="^([^ ]+) Mercury/32 v([^ ]+\.[^ ]+) SMTP/ESMTP server ready.$">
725
+ <description>
726
+ Mercury/32 for Win9x/NT/2000
727
+ http://www.pmail.com/index.cfm
728
+ example: 220 jimmy.qmuc.ac.uk Mercury/32 v3.01a SMTP/ESMTP server ready.
729
+ </description>
730
+ <param pos="0" name="service.family" value="Mercury Mail Transport System"/>
731
+ <param pos="0" name="service.product" value="Mercury Mail Transport System"/>
732
+ <param pos="0" name="os.vendor" value="Microsoft"/>
733
+ <param pos="0" name="os.family" value="Windows"/>
734
+ <param pos="0" name="os.device" value="General"/>
735
+ <param pos="0" name="os.product" value="Windows"/>
736
+ <param pos="1" name="host.name"/>
737
+ <param pos="2" name="service.version"/>
738
+ </fingerprint>
739
+
740
+ <fingerprint pattern="^([^ ]+) Mercury/32 v([^ ]+\.[^ ]+) ESMTP server ready.$">
741
+ <description>
742
+ Mercury/32 for Win9x/NT/2000
743
+ http://www.pmail.com/index.cfm
744
+ example: 220 mail-gateway1.acfw.net Mercury/32 v3.30 ESMTP server ready.
745
+ </description>
746
+ <param pos="0" name="service.family" value="Mercury Mail Transport System"/>
747
+ <param pos="0" name="service.product" value="Mercury Mail Transport System"/>
748
+ <param pos="0" name="os.vendor" value="Microsoft"/>
749
+ <param pos="0" name="os.family" value="Windows"/>
750
+ <param pos="0" name="os.device" value="General"/>
751
+ <param pos="0" name="os.product" value="Windows"/>
752
+ <param pos="1" name="host.name"/>
753
+ <param pos="2" name="service.version"/>
754
+ </fingerprint>
755
+
756
+ <fingerprint pattern="^([^ ]+) SMTP NAVIEG ([^ ]+\.[^ ]+\.[^ ]+); (.+)* http.*$">
757
+ <description>
758
+ Norton Antivirus for Internet Email Gateways
759
+ (note the product changed its name from "Norton Antivirus for Internet Email Gateways" (NAVIEG) to
760
+ "Norton Antivirus for Gateways" (NAVGW) as of version 2.1
761
+ example: mailman.laughlin.af.mil SMTP NAVIEG 2.0.1; Sun, 29 Jul 2001 22:02:16 -0500 http://www.symantec.com
762
+ </description>
763
+ <param pos="0" name="service.vendor" value="Norton"/>
764
+ <param pos="0" name="service.family" value="Antivirus for Gateways"/>
765
+ <param pos="0" name="service.product" value="Antivirus for Gateways"/>
766
+ <param pos="0" name="system.time.format" value="EEE, dd MMM yyyy HH:mm:ss zzz"/>
767
+ <param pos="1" name="host.name"/>
768
+ <param pos="2" name="service.version"/>
769
+ <param pos="3" name="system.time"/>
770
+ </fingerprint>
771
+
772
+ <fingerprint pattern="^([^ ]+) ESMTP service \(Netscape Messaging Server ([^ ]+\.[^ ]+) Patch ([^ ]+).*$">
773
+ <description>
774
+ Netscape Messaging Server
775
+ example: 220 mail.iasmail.net ESMTP service (Netscape Messaging Server 4.15 Patch 2 (built May 30 2000))
776
+ </description>
777
+ <param pos="0" name="service.vendor" value="Netscape"/>
778
+ <param pos="0" name="service.family" value="Messaging Server"/>
779
+ <param pos="0" name="service.product" value="Messaging Server"/>
780
+ <param pos="1" name="host.name"/>
781
+ <param pos="2" name="service.version"/>
782
+ <param pos="3" name="service.version.version"/>
783
+ </fingerprint>
784
+
785
+ <fingerprint pattern="^([^ ]+) ESMTP service \(Netscape Messaging Server ([^ ]+\.[^ ]+)\) ready (.+)$">
786
+ <description>
787
+ Netscape Messaging Server
788
+ </description>
789
+ <param pos="0" name="service.vendor" value="Netscape"/>
790
+ <param pos="0" name="service.family" value="Messaging Server"/>
791
+ <param pos="0" name="service.product" value="Messaging Server"/>
792
+ <param pos="0" name="system.time.format" value="EEE, dd MMM yyyy HH:mm:ss zzz"/>
793
+ <param pos="1" name="host.name"/>
794
+ <param pos="2" name="service.version"/>
795
+ <param pos="3" name="system.time"/>
796
+ </fingerprint>
797
+
798
+ <fingerprint pattern="^([^ ]+) Lotus SMTP MTA Service Ready *$">
799
+ <description>
800
+ Lotus Notes 4 SMTP MTA
801
+ </description>
802
+ <param pos="0" name="service.vendor" value="Lotus"/>
803
+ <param pos="0" name="service.family" value="Lotus Domino"/>
804
+ <param pos="0" name="service.product" value="Lotus Domino"/>
805
+ <param pos="0" name="service.version" value="4"/>
806
+ <param pos="1" name="host.name"/>
807
+ </fingerprint>
808
+
809
+ <fingerprint pattern="^([^ ]+) ESMTP Service \(Lotus Domino Release (\d+\.\d+\.\w+)\) ready at (.+) *$">
810
+ <description>
811
+ Lotus Domino 5 SMTP MTA
812
+ 220 foo.bar.com ESMTP Service (Lotus Domino Release 5.0.5) ready at Wed, 19 Dec 2001 19:54:55 -0500
813
+ </description>
814
+ <param pos="0" name="service.vendor" value="Lotus"/>
815
+ <param pos="0" name="service.family" value="Lotus Domino"/>
816
+ <param pos="0" name="service.product" value="Lotus Domino"/>
817
+ <param pos="0" name="system.time.format" value="EEE, dd MMM yyyy HH:mm:ss zzz"/>
818
+ <param pos="1" name="host.name"/>
819
+ <param pos="2" name="service.version"/>
820
+ <param pos="3" name="system.time"/>
821
+ </fingerprint>
822
+
823
+ <fingerprint pattern="^([^ ]+) ESMTP Service \(Lotus Domino Release (\d+\.\w+)\) ready at (.+) *$">
824
+ <description>
825
+ Lotus Domino 5 SMTP MTA
826
+ example: 220 foo.bar.com ESMTP Service (Lotus Domino Release 5.0a) ready at Wed, 20 Jun 2001 08:59:17 +0200
827
+ </description>
828
+ <param pos="0" name="service.vendor" value="Lotus"/>
829
+ <param pos="0" name="service.family" value="Lotus Domino"/>
830
+ <param pos="0" name="service.product" value="Lotus Domino"/>
831
+ <param pos="0" name="system.time.format" value="EEE, dd MMM yyyy HH:mm:ss zzz"/>
832
+ <param pos="1" name="host.name"/>
833
+ <param pos="2" name="service.version"/>
834
+ <param pos="3" name="system.time"/>
835
+ </fingerprint>
836
+
837
+ <fingerprint pattern="^([^ ]+) ESMTP Service \(Lotus Domino Release (\d+\.\d+\.\w+) \(Intl\)\) ready at (.+) *$">
838
+ <description>
839
+ Lotus Domino 5 SMTP MTA, International product version
840
+ example: 220 foo.bar.com ESMTP Service (Lotus Domino Release 5.0.5 (Intl)) ready at Tue, 6 Feb 2001 18:54:23 -0500
841
+ </description>
842
+ <param pos="0" name="service.vendor" value="Lotus"/>
843
+ <param pos="0" name="service.family" value="Lotus Domino"/>
844
+ <param pos="0" name="service.product" value="Lotus Domino"/>
845
+ <param pos="0" name="system.time.format" value="EEE, dd MMM yyyy HH:mm:ss zzz"/>
846
+ <param pos="0" name="notes.intl" value="yes"/>
847
+ <param pos="1" name="host.name"/>
848
+ <param pos="2" name="service.version"/>
849
+ <param pos="3" name="system.time"/>
850
+ </fingerprint>
851
+
852
+ <fingerprint pattern="^([^ ]+) ESMTP Service \(Lotus Domino Build (\d+\.\d+)\) ready at (.+) *$">
853
+ <description>
854
+ Lotus Domino (some early build)
855
+ 220 foo.bar.com ESMTP Service (Lotus Domino Build 166.1) ready at Tue, 6 Feb 2001 2
856
+ </description>
857
+ <param pos="0" name="service.vendor" value="Lotus"/>
858
+ <param pos="0" name="service.family" value="Lotus Domino"/>
859
+ <param pos="0" name="service.product" value="Lotus Domino"/>
860
+ <param pos="1" name="host.name"/>
861
+ <param pos="2" name="notes.build.version"/>
862
+ <param pos="3" name="system.time"/>
863
+ </fingerprint>
864
+
865
+ <fingerprint pattern="^Lotus Notes ESMTP Server X[^ ]+\.[^ ]+ on (.+) ready at (.+)\. *$">
866
+ <description>
867
+ Lotus Notes 4.x with SMTP MTA add-on
868
+ 220 Lotus Notes ESMTP Server X1.0 on RedSox R45 Server/Red Sox/US ready at Fri, 15 Feb 2002 09:46:19 -0800.
869
+ </description>
870
+ <param pos="0" name="service.vendor" value="Lotus"/>
871
+ <param pos="0" name="service.family" value="Lotus Domino"/>
872
+ <param pos="0" name="service.product" value="Lotus Domino"/>
873
+ <param pos="0" name="system.time.format" value="EEE, dd MMM yyyy HH:mm:ss zzz"/>
874
+ <param pos="1" name="host.name"/>
875
+ <param pos="2" name="system.time"/>
876
+ </fingerprint>
877
+
878
+ <fingerprint pattern="^([^ ]+) NTMail \(v(\d+\.\d+\.\d+)/([^ ]+)\) ready for ESMTP transfer *$">
879
+ <description>
880
+ NTMail http://www.gordano.com
881
+ example: 220 lilzmail.liwest.at NTMail (v4.30.0012/NU2182.02.1cf87970) ready for ESMTP transfer
882
+ example: 220 pluto.wvwc.edu NTMail (v5.06.0016/NT9445.00.28cc9615) ready for ESMTP transfer
883
+ </description>
884
+ <param pos="0" name="service.vendor" value="Gordano"/>
885
+ <param pos="0" name="service.family" value="NTMail"/>
886
+ <param pos="0" name="service.product" value="NTMail"/>
887
+ <param pos="1" name="host.name"/>
888
+ <param pos="2" name="service.version"/>
889
+ <param pos="3" name="ntmail.id"/>
890
+ </fingerprint>
891
+
892
+ <fingerprint pattern="^([^ ]+) WindowsNT SMTP Server v([^ ]+\.[^ ]+\.[^ ]+)/([^ ]+)/SP ESMTP ready at (.+) *$">
893
+ <description>
894
+ versions 3.x and earlier of NTMail http://www.gordano.com (it was called Internet Shopper's something or other)
895
+ example: 220 mail.Networkengineering WindowsNT SMTP Server v3.03.0018/1.aio1/SP ESMTP ready at Wed, 25 Jul 2001 23:03:11 -0400
896
+ example: 220 mars.wvwc.edu WindowsNT SMTP Server v3.03.0018/1.ajhf/SP ESMTP ready at Thu, 29 Oct 1998 18:01:30 -0500
897
+ example: 220 mail.someisp.net WindowsNT SMTP Server v3.03.0017/1.aihl/SP ESMTP ready at Sun, 6 Jun 1999 10:39:30 -0400
898
+ example: 220 nt03s02.switchlink.be WindowsNT SMTP Server v3.03.0014/1.aiss/SP ESMTP ready at Fri, 17 Apr 1998 16:59:04 +0100
899
+ example: 220 www.afsc.org WindowsNT SMTP Server v3.03.0017/1.abkz/SP ESMTP ready at Mon, 2 Oct 2000 11:50:29 -0400
900
+ example: 220 wwmerchant.osopinion.com WindowsNT SMTP Server v3.03.0017/4c.adur/SP ESMTP ready at Fri, 26 Mar 1999 13:20:30 -0700
901
+ example: 220 digital-hoon.tecdm.dmi.co.kr WindowsNT SMTP Server v3.02.07/2c.aaaj ready at Thu, 5 Dec 1996 22:46:12 +0000
902
+ </description>
903
+ <param pos="0" name="service.vendor" value="Gordano"/>
904
+ <param pos="0" name="service.family" value="NTMail"/>
905
+ <param pos="0" name="service.product" value="NTMail"/>
906
+ <param pos="0" name="system.time.format" value="EEE, dd MMM yyyy HH:mm:ss zzz"/>
907
+ <param pos="1" name="host.name"/>
908
+ <param pos="2" name="service.version"/>
909
+ <param pos="3" name="ntmail.id"/>
910
+ <param pos="4" name="system.time"/>
911
+ </fingerprint>
912
+
913
+ <fingerprint pattern="^([^ ]+) Postfix \(Postfix-([^ ]+)-([^ ]+)\) \(([^ ]+)\) *$">
914
+ <!--
915
+ 220 foo.bar.com ESMTP Postfix (Postfix-19991231-pl08) (Linux-Mandrake)
916
+ -->
917
+ <description>
918
+ Postfix (2 version ids, followed by os)
919
+ </description>
920
+ <param pos="0" name="service.family" value="Postfix"/>
921
+ <param pos="0" name="service.product" value="Postfix"/>
922
+ <param pos="1" name="host.name"/>
923
+ <param pos="2" name="service.version"/>
924
+ <param pos="3" name="service.version.version"/>
925
+ <param pos="4" name="postfix.os.info"/>
926
+ </fingerprint>
927
+
928
+ <fingerprint pattern="^([^ ]+) ESMTP Postfix \(Postfix-([^ ]+)-([^ ]+)\) *$">
929
+ <!--
930
+ 220 foo.bar.com ESMTP Postfix (Postfix-20000531-Snapshot)
931
+ -->
932
+ <description>
933
+ Postfix (2 version numbers)
934
+ </description>
935
+ <param pos="0" name="service.family" value="Postfix"/>
936
+ <param pos="0" name="service.product" value="Postfix"/>
937
+ <param pos="1" name="host.name"/>
938
+ <param pos="2" name="service.version"/>
939
+ <param pos="3" name="service.version.version"/>
940
+ </fingerprint>
941
+
942
+ <fingerprint pattern="^([^ ]+) ESMTP Postfix \(([^ ]+)-([^ ]+)\)$">
943
+ <!--
944
+ 220 foo.bar.com ESMTP Postfix (Snapshot-20001121)
945
+ -->
946
+ <description>
947
+ Postfix (2 version numbers )
948
+ </description>
949
+ <param pos="0" name="service.family" value="Postfix"/>
950
+ <param pos="0" name="service.product" value="Postfix"/>
951
+ <param pos="1" name="host.name"/>
952
+ <param pos="2" name="service.version"/>
953
+ <param pos="3" name="service.version.version"/>
954
+ </fingerprint>
955
+
956
+ <fingerprint pattern="^([^ ]+) Postfix \(Postfix-([^ ]+)\) \(([^ ]+)\) *$">
957
+ <description>
958
+ Postfix (1 version number)
959
+ </description>
960
+ <param pos="0" name="service.family" value="Postfix"/>
961
+ <param pos="0" name="service.product" value="Postfix"/>
962
+ <param pos="1" name="host.name"/>
963
+ <param pos="2" name="service.version"/>
964
+ <param pos="3" name="postfix.os.info"/>
965
+ </fingerprint>
966
+
967
+ <fingerprint pattern="^([^ ]+) E?SMTP Postfix \(Ubuntu\)$">
968
+ <description>
969
+ Postfix Ubuntu package.
970
+ </description>
971
+ <example>foo.bar.com ESMTP Postfix (Ubuntu)</example>
972
+ <param pos="0" name="service.family" value="Postfix"/>
973
+ <param pos="0" name="service.product" value="Postfix"/>
974
+ <param pos="1" name="host.name"/>
975
+ <param pos="0" name="os.vendor" value="Ubuntu"/>
976
+ <param pos="0" name="os.device" value="General"/>
977
+ <param pos="0" name="os.family" value="Linux"/>
978
+ <param pos="0" name="os.product" value="Linux"/>
979
+ </fingerprint>
980
+
981
+ <fingerprint pattern="^([^ ]+) E?SMTP Postfix \(Debian/GNU\)$">
982
+ <description>
983
+ Postfix Debian package.
984
+ </description>
985
+ <example>foo.bar.com ESMTP Postfix (Debian/GNU)</example>
986
+ <param pos="0" name="service.family" value="Postfix"/>
987
+ <param pos="0" name="service.product" value="Postfix"/>
988
+ <param pos="1" name="host.name"/>
989
+ <param pos="0" name="os.vendor" value="Debian"/>
990
+ <param pos="0" name="os.device" value="General"/>
991
+ <param pos="0" name="os.family" value="Linux"/>
992
+ <param pos="0" name="os.product" value="Linux"/>
993
+ </fingerprint>
994
+
995
+ <fingerprint pattern="^([^ ]+) ESMTP.* Postfix *\(.+\) *$">
996
+ <description>
997
+ Generic Postfix banner with amusing comments in parentheses
998
+ </description>
999
+ <example>foo.bar.com ESMTP Postfix (lol)</example>
1000
+ <param pos="0" name="service.family" value="Postfix"/>
1001
+ <param pos="0" name="service.product" value="Postfix"/>
1002
+ <param pos="1" name="host.name"/>
1003
+ </fingerprint>
1004
+
1005
+ <fingerprint pattern="^([^ ]+) ESMTP.* Postfix *$">
1006
+ <description>
1007
+ Generic Postfix banner.
1008
+ </description>
1009
+ <example>foo.bar.com ESMTP Postfix</example>
1010
+ <param pos="0" name="service.family" value="Postfix"/>
1011
+ <param pos="0" name="service.product" value="Postfix"/>
1012
+ <param pos="1" name="host.name"/>
1013
+ </fingerprint>
1014
+
1015
+ <fingerprint pattern="^([^ ]+) ESMTP server \(Post\.Office v([^ ]+\.[^ ]+\.[^ ]+) release (.+) ID# ([^ ]+)\) ready (.+) *$">
1016
+ <description>
1017
+ Post.Office (3 version numbers)
1018
+ example: 220 birg.connect.co.at ESMTP server (Post.Office v3.1 release PO205e ID# 0-42000U100L2S100) ready Tue, 6 Feb 2001 19:38:32 +0100
1019
+ </description>
1020
+ <param pos="0" name="service.family" value="Post.Office"/>
1021
+ <param pos="0" name="service.product" value="Post.Office"/>
1022
+ <param pos="0" name="system.time.format" value="EEE, dd MMM yyyy HH:mm:ss zzz"/>
1023
+ <param pos="1" name="host.name"/>
1024
+ <param pos="2" name="service.version"/>
1025
+ <param pos="3" name="postoffice.build"/>
1026
+ <param pos="3" name="postoffice.id"/>
1027
+ <param pos="4" name="system.time"/>
1028
+ </fingerprint>
1029
+
1030
+ <fingerprint pattern="^([^ ]+) ESMTP server \(P|post\.O|office v([^ ]+\.[^ ]+) release (.+) ID# ([^ ]+)\) ready (.+) *$">
1031
+ <description>
1032
+ Post.Office (2 version numbers)
1033
+ example: 220 birg.connect.co.at ESMTP server (Post.Office v3.1 release PO205e ID# 0-42000U100L2S100) ready Tue, 6 Feb 2001 19:38:32 +0100
1034
+ </description>
1035
+ <param pos="0" name="service.family" value="Post.Office"/>
1036
+ <param pos="0" name="service.product" value="Post.Office"/>
1037
+ <param pos="0" name="system.time.format" value="EEE, dd MMM yyyy HH:mm:ss zzz"/>
1038
+ <param pos="1" name="host.name"/>
1039
+ <param pos="2" name="service.version"/>
1040
+ <param pos="3" name="postoffice.build"/>
1041
+ <param pos="4" name="postoffice.id"/>
1042
+ <param pos="5" name="system.time"/>
1043
+ </fingerprint>
1044
+
1045
+ <fingerprint pattern="^([^ ]+) ESMTP server \(P|post\.O|office v([^ ]+\.[^ ]+) (.+) ID# ([^ ]+)\) ready (.+) *$">
1046
+ <description>
1047
+ Post.Office lacking word "release" before release tag
1048
+ </description>
1049
+ <param pos="0" name="service.family" value="Post.Office"/>
1050
+ <param pos="0" name="service.product" value="Post.Office"/>
1051
+ <param pos="0" name="system.time.format" value="EEE, dd MMM yyyy HH:mm:ss zzz"/>
1052
+ <param pos="1" name="host.name"/>
1053
+ <param pos="2" name="service.version"/>
1054
+ <param pos="3" name="postoffice.build"/>
1055
+ <param pos="4" name="postoffice.id"/>
1056
+ <param pos="5" name="system.time"/>
1057
+ </fingerprint>
1058
+
1059
+ <fingerprint pattern="^([^ ]+) Generic SMTP handler *$">
1060
+ <description>
1061
+ Raptor Firewall
1062
+ example: 220 foo.bar.com Generic SMTP handler
1063
+ </description>
1064
+ <param pos="0" name="service.product" value="raptor"/>
1065
+ <param pos="1" name="host.name"/>
1066
+ </fingerprint>
1067
+
1068
+ <fingerprint pattern="^([^ ]+) +ESMTP +Sendmail +([^ ]+) \(PHNE_([^ ]+)\) */ *(.+); *(.+) \(.+\)$">
1069
+ <description>
1070
+ sendmail on HPUX with a PHNE (HP Networking patch) installed
1071
+ </description>
1072
+ <example>foo.bar.com ESMTP Sendmail 8.8.6 (PHNE_14041)/8.7.1; Tue, 6 Feb 2001 10:04:32 -0300 (SAT)</example>
1073
+ <param pos="0" name="service.family" value="Sendmail"/>
1074
+ <param pos="0" name="service.product" value="Sendmail"/>
1075
+ <param pos="0" name="os.vendor" value="HP"/>
1076
+ <param pos="0" name="os.family" value="HP-UX"/>
1077
+ <param pos="0" name="os.device" value="General"/>
1078
+ <param pos="0" name="os.product" value="HP-UX"/>
1079
+ <param pos="0" name="system.time.format" value="EEE, dd MMM yyyy HH:mm:ss zzz"/>
1080
+ <param pos="1" name="host.name"/>
1081
+ <param pos="2" name="service.version"/>
1082
+ <param pos="3" name="sendmail.hpux.phne.version"/>
1083
+ <param pos="4" name="sendmail.config.version"/>
1084
+ <param pos="5" name="system.time"/>
1085
+ </fingerprint>
1086
+
1087
+ <fingerprint pattern="^([^ ]+) +ESMTP +Sendmail +([^ ]+)/UW([^ ]+) ready at *(.+) \(.+\) *$">
1088
+ <description>
1089
+ sendmail on unixware
1090
+ </description>
1091
+ <example>foo.bar.com ESMTP Sendmail 8.8.7/UW7.1.0 ready at Tue, 6 Feb 2001 16:39:30 -0300 (GMT-0300)</example>
1092
+ <param pos="0" name="service.family" value="Sendmail"/>
1093
+ <param pos="0" name="service.product" value="Sendmail"/>
1094
+ <param pos="0" name="os.vendor" value="SCO"/>
1095
+ <param pos="0" name="os.family" value="UnixWare"/>
1096
+ <param pos="0" name="os.device" value="General"/>
1097
+ <param pos="0" name="os.product" value="UnixWare"/>
1098
+ <param pos="0" name="system.time.format" value="EEE, dd MMM yyyy HH:mm:ss zzz"/>
1099
+ <param pos="1" name="host.name"/>
1100
+ <param pos="2" name="service.version"/>
1101
+ <param pos="3" name="os.version"/>
1102
+ <param pos="4" name="system.time"/>
1103
+ </fingerprint>
1104
+
1105
+ <fingerprint pattern="^([^ ]+) ESMTP Sendmail AIX([^/]+)/UCB ([^;]+); (.+) \(.+\)$">
1106
+ <description>
1107
+ sendmail on AIX
1108
+ </description>
1109
+ <example>foo.bar.com ESMTP Sendmail AIX4.2/UCB 8.7; Sun, 29 Jul 2001 22:34:37 -0400 (EDT)</example>
1110
+ <param pos="0" name="service.family" value="Sendmail"/>
1111
+ <param pos="0" name="service.product" value="Sendmail"/>
1112
+ <param pos="0" name="os.vendor" value="IBM"/>
1113
+ <param pos="0" name="os.family" value="AIX"/>
1114
+ <param pos="0" name="os.device" value="General"/>
1115
+ <param pos="0" name="os.product" value="AIX"/>
1116
+ <param pos="0" name="system.time.format" value="EEE, dd MMM yyyy HH:mm:ss zzz"/>
1117
+ <param pos="1" name="host.name"/>
1118
+ <param pos="2" name="os.version"/>
1119
+ <param pos="3" name="service.version"/>
1120
+ <param pos="4" name="system.time"/>
1121
+ </fingerprint>
1122
+
1123
+ <fingerprint pattern="^([^ ]+) Sendmail AIX([^/]+)/UCB ([^/]+)/([^ ]+) ready at (.+)$">
1124
+ <description>
1125
+ sendmail on AIX
1126
+ </description>
1127
+ <example>foo.bar.com Sendmail AIX 4.1/UCB 5.64/4.03 ready at Mon, 30 Jul 2001 00:42:21 -0500</example>
1128
+ <param pos="0" name="service.family" value="Sendmail"/>
1129
+ <param pos="0" name="service.product" value="Sendmail"/>
1130
+ <param pos="0" name="os.vendor" value="IBM"/>
1131
+ <param pos="0" name="os.family" value="AIX"/>
1132
+ <param pos="0" name="os.device" value="General"/>
1133
+ <param pos="0" name="os.product" value="AIX"/>
1134
+ <param pos="0" name="system.time.format" value="EEE, dd MMM yyyy HH:mm:ss zzz"/>
1135
+ <param pos="1" name="host.name"/>
1136
+ <param pos="2" name="os.version"/>
1137
+ <param pos="3" name="service.version"/>
1138
+ <param pos="4" name="sendmail.config.version"/>
1139
+ <param pos="5" name="system.time"/>
1140
+ </fingerprint>
1141
+
1142
+ <fingerprint pattern="^([^ ]+) ESMTP Sendmail AIX([^/]+)/([^/]+)/([^;]+); (.+) \(.+\)$">
1143
+ <description>
1144
+ sendmail on AIX
1145
+ </description>
1146
+ <example>foo.bar.com ESMTP Sendmail AIX4.2/8.7/8.7; Sun, 29 Jul 2001 22:34:37 -0400 (EDT)</example>
1147
+ <param pos="0" name="service.family" value="Sendmail"/>
1148
+ <param pos="0" name="service.product" value="Sendmail"/>
1149
+ <param pos="0" name="os.vendor" value="IBM"/>
1150
+ <param pos="0" name="os.family" value="AIX"/>
1151
+ <param pos="0" name="os.device" value="General"/>
1152
+ <param pos="0" name="os.product" value="AIX"/>
1153
+ <param pos="0" name="system.time.format" value="EEE, dd MMM yyyy HH:mm:ss zzz"/>
1154
+ <param pos="1" name="host.name"/>
1155
+ <param pos="2" name="os.version"/>
1156
+ <param pos="3" name="service.version"/>
1157
+ <param pos="4" name="sendmail.config.version"/>
1158
+ <param pos="5" name="system.time"/>
1159
+ </fingerprint>
1160
+
1161
+ <fingerprint pattern="^([^ ]+) ESMTP Sendmail ([^/]+)/([^/]+)/SuSE Linux ([^;]+); (.+)$">
1162
+ <description>
1163
+ sendmail on suse
1164
+ </description>
1165
+ <example>foo.bar.com ESMTP Sendmail 8.9.3/8.9.3/SuSE Linux 8.9.3-0.1; Mon, 30 Jul 2001 04:48:54 +0200</example>
1166
+ <param pos="0" name="service.family" value="Sendmail"/>
1167
+ <param pos="0" name="service.product" value="Sendmail"/>
1168
+ <param pos="0" name="os.vendor" value="SuSE"/>
1169
+ <param pos="0" name="os.family" value="Linux"/>
1170
+ <param pos="0" name="os.device" value="General"/>
1171
+ <param pos="0" name="os.product" value="Linux"/>
1172
+ <param pos="0" name="system.time.format" value="EEE, dd MMM yyyy HH:mm:ss zzz"/>
1173
+ <param pos="1" name="host.name"/>
1174
+ <param pos="2" name="service.version"/>
1175
+ <param pos="3" name="sendmail.config.version"/>
1176
+ <param pos="4" name="sendmail.vendor.version"/>
1177
+ <param pos="5" name="system.time"/>
1178
+ </fingerprint>
1179
+
1180
+ <fingerprint pattern="^([^ ]+) ESMTP Sendmail ([^ ]+)\+Sun/([^ ]+); (.+)$">
1181
+ <description>
1182
+ sendmail on Solaris
1183
+ </description>
1184
+ <example>foo.bar.com ESMTP Sendmail 8.9.3+Sun/8.9.1; Mon, 30 Jul 2001 02:50:22 GMT</example>
1185
+ <param pos="0" name="service.family" value="Sendmail"/>
1186
+ <param pos="0" name="service.product" value="Sendmail"/>
1187
+ <param pos="0" name="os.vendor" value="Sun"/>
1188
+ <param pos="0" name="os.family" value="Solaris"/>
1189
+ <param pos="0" name="os.device" value="General"/>
1190
+ <param pos="0" name="os.product" value="Solaris"/>
1191
+ <param pos="0" name="system.time.format" value="EEE, dd MMM yyyy HH:mm:ss zzz"/>
1192
+ <param pos="1" name="host.name"/>
1193
+ <param pos="2" name="service.version"/>
1194
+ <param pos="3" name="sendmail.config.version"/>
1195
+ <param pos="4" name="system.time"/>
1196
+ </fingerprint>
1197
+
1198
+ <fingerprint pattern="^([^ ]+) ESMTP Sendmail ([^ ]+)\+Sun/([^ ]+) ready at (.+) \(.+\)$">
1199
+ <description>
1200
+ sendmail on Solaris
1201
+ </description>
1202
+ <example>foo.bar.com ESMTP Sendmail 8.8.8+Sun/8.6.4 ready at Thu, 15 Nov 2000 11:40:32 -0800 (PST)</example>
1203
+ <param pos="0" name="service.family" value="Sendmail"/>
1204
+ <param pos="0" name="service.product" value="Sendmail"/>
1205
+ <param pos="0" name="os.vendor" value="Sun"/>
1206
+ <param pos="0" name="os.family" value="Solaris"/>
1207
+ <param pos="0" name="os.device" value="General"/>
1208
+ <param pos="0" name="os.product" value="Solaris"/>
1209
+ <param pos="0" name="system.time.format" value="EEE, dd MMM yyyy HH:mm:ss zzz"/>
1210
+ <param pos="1" name="host.name"/>
1211
+ <param pos="2" name="service.version"/>
1212
+ <param pos="3" name="sendmail.config.version"/>
1213
+ <param pos="4" name="system.time"/>
1214
+ </fingerprint>
1215
+
1216
+ <fingerprint pattern="^([^ ]+) ESMTP Debian Sendmail ([^/]+)/([^/]+)/Debian ([^/]+); (.+) *$">
1217
+ <description>
1218
+ sendmail on debian
1219
+ </description>
1220
+ <example>foo.bar.com ESMTP Debian Sendmail 8.12.0.Beta7/8.12.0.Beta7/Debian 8.12.0.Beta7-1; Sun, 29 Jul 2001 18:52:20 -0800</example>
1221
+ <param pos="0" name="service.family" value="Sendmail"/>
1222
+ <param pos="0" name="service.product" value="Sendmail"/>
1223
+ <param pos="0" name="os.vendor" value="Debian"/>
1224
+ <param pos="0" name="os.family" value="Linux"/>
1225
+ <param pos="0" name="os.device" value="General"/>
1226
+ <param pos="0" name="os.product" value="Linux"/>
1227
+ <param pos="0" name="system.time.format" value="EEE, dd MMM yyyy HH:mm:ss zzz"/>
1228
+ <param pos="1" name="host.name"/>
1229
+ <param pos="2" name="service.version"/>
1230
+ <param pos="3" name="sendmail.config.version"/>
1231
+ <param pos="4" name="sendmail.vendor.version"/>
1232
+ <param pos="5" name="system.time"/>
1233
+ </fingerprint>
1234
+
1235
+ <fingerprint pattern="^([^ ]+) ESMTP Sendmail ([^/]+)/([^/]+)/Debian ([^/]+); (.+) *$">
1236
+ <description>
1237
+ sendmail on debian
1238
+ </description>
1239
+ <example>foo.bar.com ESMTP Sendmail 8.11.0/8.9.3/Debian 8.9.3-21; Sun, 29 Jul 2001 19:51:00 -0700</example>
1240
+ <param pos="0" name="service.family" value="Sendmail"/>
1241
+ <param pos="0" name="service.product" value="Sendmail"/>
1242
+ <param pos="0" name="os.vendor" value="Debian"/>
1243
+ <param pos="0" name="os.family" value="Linux"/>
1244
+ <param pos="0" name="os.device" value="General"/>
1245
+ <param pos="0" name="os.product" value="Linux"/>
1246
+ <param pos="0" name="system.time.format" value="EEE, dd MMM yyyy HH:mm:ss zzz"/>
1247
+ <param pos="1" name="host.name"/>
1248
+ <param pos="2" name="service.version"/>
1249
+ <param pos="3" name="sendmail.config.version"/>
1250
+ <param pos="4" name="sendmail.vendor.version"/>
1251
+ <param pos="5" name="system.time"/>
1252
+ </fingerprint>
1253
+
1254
+ <fingerprint pattern="^([^ ]+) ESMTP Sendmail ([^/]+)/[^/]+/Debian-\dubuntu[^ ]*; (.+); .*$">
1255
+ <description>
1256
+ Sendmail for Ubuntu
1257
+ </description>
1258
+ <example>foo.bar.com ESMTP Sendmail 8.13.5.20060308/8.13.5/Debian-3ubuntu1.1; Fri, 24 Jul 2009 01:41:21 -0700; (No UCE/UBE) logging access from: xyz.example.com(OK)-xyz.example.com [10.0.0.1]</example>
1259
+ <param pos="0" name="service.family" value="Sendmail"/>
1260
+ <param pos="0" name="service.product" value="Sendmail"/>
1261
+ <param pos="0" name="os.vendor" value="Ubuntu"/>
1262
+ <param pos="0" name="os.family" value="Linux"/>
1263
+ <param pos="0" name="os.device" value="General"/>
1264
+ <param pos="0" name="os.product" value="Linux"/>
1265
+ <param pos="0" name="system.time.format" value="EEE, dd MMM yyyy HH:mm:ss zzz"/>
1266
+ <param pos="1" name="host.name"/>
1267
+ <param pos="2" name="service.version"/>
1268
+ <param pos="3" name="system.time"/>
1269
+ </fingerprint>
1270
+
1271
+ <fingerprint pattern="^([^ ]+) (?:E?SMTP )?Sendmail SMI-([^/]+)/(SMI-SVR4) ready at (.+)$">
1272
+ <description>
1273
+ unknown
1274
+ </description>
1275
+ <example>foo.bar.com Sendmail SMI-8.6/SMI-SVR4 ready at Sun, 29 Jul 2001 22:58:46 -0400</example>
1276
+ <param pos="0" name="service.family" value="Sendmail"/>
1277
+ <param pos="0" name="service.product" value="Sendmail"/>
1278
+ <param pos="0" name="os.vendor" value="Sun"/>
1279
+ <param pos="0" name="os.family" value="SunOS"/>
1280
+ <param pos="0" name="os.device" value="General"/>
1281
+ <param pos="0" name="os.product" value="Solaris"/>
1282
+ <param pos="0" name="system.time.format" value="EEE, dd MMM yyyy HH:mm:ss zzz"/>
1283
+ <param pos="1" name="host.name"/>
1284
+ <param pos="2" name="service.version"/>
1285
+ <param pos="3" name="sendmail.config.version"/>
1286
+ <param pos="4" name="system.time"/>
1287
+ </fingerprint>
1288
+
1289
+ <fingerprint pattern="^([^ ]+) ESMTP Sendmail ([^ ]+)/(linuxconf); (.+)$">
1290
+ <description>
1291
+ unknown
1292
+ </description>
1293
+ <example>foo.bar.com ESMTP Sendmail 8.9.3/linuxconf; Sun, 29 Jul 2001 22:48:28 -0400</example>
1294
+ <param pos="0" name="service.family" value="Sendmail"/>
1295
+ <param pos="0" name="service.product" value="Sendmail"/>
1296
+ <param pos="0" name="os.family" value="Linux"/>
1297
+ <param pos="0" name="os.device" value="General"/>
1298
+ <param pos="0" name="os.product" value="Linux"/>
1299
+ <param pos="0" name="system.time.format" value="EEE, dd MMM yyyy HH:mm:ss zzz"/>
1300
+ <param pos="1" name="host.name"/>
1301
+ <param pos="2" name="service.version"/>
1302
+ <param pos="3" name="sendmail.config.version"/>
1303
+ <param pos="4" name="system.time"/>
1304
+ </fingerprint>
1305
+
1306
+ <fingerprint pattern="^([^ ]+) ESMTP MetaInfo Sendmail ([^ ]+) Build ([^ ]+) \(Berkeley ([^ ]+)\)/([^;]+); (.+)$">
1307
+ <description>
1308
+ unknown
1309
+ </description>
1310
+ <example>foo.bar.com ESMTP MetaInfo Sendmail 2.5 Build 2630 (Berkeley 8.8.6)/8.8.4; Mon, 30 Jul</example>
1311
+ <param pos="0" name="service.vendor" value="MetaInfo"/>
1312
+ <param pos="0" name="service.family" value="Sendmail"/>
1313
+ <param pos="0" name="service.product" value="Sendmail"/>
1314
+ <param pos="0" name="os.vendor" value="Microsoft"/>
1315
+ <param pos="0" name="os.family" value="Windows"/>
1316
+ <param pos="0" name="os.device" value="General"/>
1317
+ <param pos="0" name="os.product" value="Windows NT"/>
1318
+ <param pos="0" name="system.time.format" value="EEE, dd MMM"/>
1319
+ <param pos="1" name="host.name"/>
1320
+ <param pos="2" name="metainfo.version"/>
1321
+ <param pos="3" name="metainfo.version.version"/>
1322
+ <param pos="4" name="service.version"/>
1323
+ <param pos="5" name="sendmail.config.version"/>
1324
+ <param pos="6" name="system.time"/>
1325
+ </fingerprint>
1326
+
1327
+ <fingerprint pattern="^([^ ]+) +ESMTP +Sendmail +([^ ]+\+[^ ]+) */ *([^ ]+\+[^ ]+); *(.+) \(.+\)$">
1328
+ <description>
1329
+ sendmail where both daemon and config file are patched
1330
+ </description>
1331
+ <example>foo.bar.com ESMTP Sendmail 8.9.3+3.4W/8.9.3+3.4W; Tue, 30 Jan 2001 20:40:09 -0500 (EST)</example>
1332
+ <param pos="0" name="service.family" value="Sendmail"/>
1333
+ <param pos="0" name="service.product" value="Sendmail"/>
1334
+ <param pos="0" name="system.time.format" value="EEE, dd MMM yyyy HH:mm:ss zzz"/>
1335
+ <param pos="1" name="host.name"/>
1336
+ <param pos="2" name="service.version"/>
1337
+ <param pos="3" name="sendmail.config.version"/>
1338
+ <param pos="4" name="system.time"/>
1339
+ </fingerprint>
1340
+
1341
+ <fingerprint pattern="^([^ ]+) +ESMTP .*Sendmail +([^ ]+) */ *([^ ]+); *(.+) \(.+\)$">
1342
+ <description>
1343
+ sendmail where neither daemon nor config file are patched (with timezone)
1344
+ </description>
1345
+ <example>mail.foo.bar ESMTP Sendmail 8.8.8/8.8.8; Wed, 21 Nov 2001 23:39:07 +0100 (CET)</example>
1346
+ <example>mail.foo.bar ESMTP blah Sendmail 8.8.8/8.8.8; Wed, 21 Nov 2001 23:39:07 +0100 (CET)</example>
1347
+ <param pos="0" name="service.family" value="Sendmail"/>
1348
+ <param pos="0" name="service.product" value="Sendmail"/>
1349
+ <param pos="0" name="system.time.format" value="EEE, dd MMM yyyy HH:mm:ss zzz"/>
1350
+ <param pos="1" name="host.name"/>
1351
+ <param pos="2" name="service.version"/>
1352
+ <param pos="3" name="sendmail.config.version"/>
1353
+ <param pos="4" name="system.time"/>
1354
+ </fingerprint>
1355
+
1356
+ <fingerprint pattern="^([^ ]+) +ESMTP .*Sendmail +([^ ]+) */ *([^ ]+) *; *(.+) *$">
1357
+ <description>
1358
+ sendmail where neither daemon nor config file are patched (without timezone)
1359
+ </description>
1360
+ <example>mail.foo.bar ESMTP Sendmail 8.10.2/8.10.2; Mon, 10 Sep 2001 08:37:14 -0400</example>
1361
+ <example>mail.foo.bar ESMTP Sendmail 8.8.7/8.8.7; Mon, 2 Jul 2001 14:19:18 -0700</example>
1362
+ <example>foo.example.com ESMTP foo-MTA Sendmail 8.13.8/8.13.8; Mon, 18 Apr 2011 08:52:38 -0700</example>
1363
+ <param pos="0" name="service.family" value="Sendmail"/>
1364
+ <param pos="0" name="service.product" value="Sendmail"/>
1365
+ <param pos="0" name="system.time.format" value="EEE, dd MMM yyyy HH:mm:ss zzz"/>
1366
+ <param pos="1" name="host.name"/>
1367
+ <param pos="2" name="service.version"/>
1368
+ <param pos="3" name="sendmail.config.version"/>
1369
+ <param pos="4" name="system.time"/>
1370
+ </fingerprint>
1371
+
1372
+ <fingerprint pattern="^([^ ]+) +Sendmail ready\. *$">
1373
+ <description>
1374
+ some old version of sendmail - TODO: figure out which versions this could be
1375
+ </description>
1376
+ <example>mail.foo.bar Sendmail ready.</example>
1377
+ <param pos="0" name="service.family" value="Sendmail"/>
1378
+ <param pos="0" name="service.product" value="Sendmail"/>
1379
+ <param pos="1" name="host.name"/>
1380
+ </fingerprint>
1381
+
1382
+ <fingerprint pattern="^([^ ]+) +ESMTP +Sendmail ([^ ]+) ready at *(.+) \(.+\)$">
1383
+ <description>
1384
+ sendmail with daemon version only
1385
+ </description>
1386
+ <example>mail.foo.bar ESMTP Sendmail 8.8.8 ready at Tue, 6 Feb 2001 14:37:14 +0100 (CET)</example>
1387
+ <param pos="0" name="service.family" value="Sendmail"/>
1388
+ <param pos="0" name="service.product" value="Sendmail"/>
1389
+ <param pos="0" name="system.time.format" value="EEE, dd MMM yyyy HH:mm:ss zzz"/>
1390
+ <param pos="1" name="host.name"/>
1391
+ <param pos="2" name="service.version"/>
1392
+ <param pos="3" name="system.time"/>
1393
+ </fingerprint>
1394
+
1395
+ <fingerprint pattern="^([^ ]+) +ESMTP +Sendmail ([^ /]+) \([^\)]+\) *(.+) \(.+\)$">
1396
+ <description>
1397
+ unknown
1398
+ </description>
1399
+ <example>mail.foo.bar ESMTP Sendmail 8.11.1 (1.1.2.11/12Jul01-1016AM) Wed, 8 Jan 2003 11:21:22 +0100 (MET)</example>
1400
+ <param pos="0" name="service.family" value="Sendmail"/>
1401
+ <param pos="0" name="service.product" value="Sendmail"/>
1402
+ <param pos="0" name="system.time.format" value="EEE, dd MMM yyyy HH:mm:ss zzz"/>
1403
+ <param pos="1" name="host.name"/>
1404
+ <param pos="2" name="service.version"/>
1405
+ <param pos="3" name="system.time"/>
1406
+ </fingerprint>
1407
+
1408
+ <fingerprint pattern="^([^ ]+) +ESMTP +Sendmail ([^ /]+) - \([^\)]+\)/[^ ]+;? *(.+) \(.+\)$">
1409
+ <description>
1410
+ unknown
1411
+ </description>
1412
+ <example>foo.example.com ESMTP Sendmail 8.11.1 - (Revision 1.010)/8.9.3; Sat, 22 Jan 2011 10:08:35 -0500 (EST)</example>
1413
+ <param pos="0" name="service.family" value="Sendmail"/>
1414
+ <param pos="0" name="service.product" value="Sendmail"/>
1415
+ <param pos="0" name="system.time.format" value="EEE, dd MMM yyyy HH:mm:ss zzz"/>
1416
+ <param pos="1" name="host.name"/>
1417
+ <param pos="2" name="service.version"/>
1418
+ <param pos="3" name="system.time"/>
1419
+ </fingerprint>
1420
+
1421
+ <fingerprint pattern="^([^ ]+) +ESMTP +Sendmail +(?:[^ ]+) +version +([^ ]+) +- +(?:[^;]+); +(.+) +\(.+\)$">
1422
+ <description>
1423
+ unknown
1424
+ </description>
1425
+ <example>foo.example.com ESMTP Sendmail @(#)Sendmail version 8.13.3 - Revision 2.007 - 8 December 2008/8.8.6; Wed, 21 Jul 2010 11:17:01 -0400 (EDT)</example>
1426
+ <param pos="0" name="service.family" value="Sendmail"/>
1427
+ <param pos="0" name="service.product" value="Sendmail"/>
1428
+ <param pos="0" name="system.time.format" value="EEE, dd MMM yyyy HH:mm:ss zzz"/>
1429
+ <param pos="1" name="host.name"/>
1430
+ <param pos="2" name="service.version"/>
1431
+ <param pos="3" name="system.time"/>
1432
+ </fingerprint>
1433
+
1434
+ <fingerprint pattern="^Sendmail ([^/]+)/([^/]+) ready on ([^ ]+)$">
1435
+ <description>
1436
+ catch all for other versions of sendmail
1437
+ </description>
1438
+ <param pos="0" name="service.family" value="Sendmail"/>
1439
+ <param pos="0" name="service.product" value="Sendmail"/>
1440
+ <param pos="1" name="service.version"/>
1441
+ <param pos="2" name="sendmail.config.version"/>
1442
+ <param pos="3" name="host.name"/>
1443
+ </fingerprint>
1444
+
1445
+ <fingerprint pattern="^([^ ]+) +ESMTP +Sendmail ready at (.+) \(.+\)$">
1446
+ <description>
1447
+ catch all for other versions of sendmail
1448
+ </description>
1449
+ <param pos="0" name="service.family" value="Sendmail"/>
1450
+ <param pos="0" name="service.product" value="Sendmail"/>
1451
+ <param pos="0" name="system.time.format" value="EEE, dd MMM yyyy HH:mm:ss zzz"/>
1452
+ <param pos="1" name="host.name"/>
1453
+ <param pos="2" name="system.time"/>
1454
+ </fingerprint>
1455
+
1456
+ <fingerprint pattern="^([^ ]+) +ESMTP +Sendmail ;.*$">
1457
+ <description>
1458
+ catch all for other versions of sendmail
1459
+ </description>
1460
+ <param pos="0" name="service.family" value="Sendmail"/>
1461
+ <param pos="0" name="service.product" value="Sendmail"/>
1462
+ <param pos="1" name="host.name"/>
1463
+ </fingerprint>
1464
+
1465
+ <fingerprint pattern="^([^ ]+) ESMTP Sendmail ready$">
1466
+ <description>
1467
+ catch all for other versions of sendmail
1468
+ </description>
1469
+ <param pos="0" name="service.family" value="Sendmail"/>
1470
+ <param pos="0" name="service.product" value="Sendmail"/>
1471
+ <param pos="1" name="host.name"/>
1472
+ </fingerprint>
1473
+
1474
+ <fingerprint pattern="^([^ ]+) Sendmail ([^/]+)/([^ ]+) ready at ([^;\.]+)$">
1475
+ <description>
1476
+ catch all for other versions of sendmail
1477
+ </description>
1478
+ <param pos="0" name="service.family" value="Sendmail"/>
1479
+ <param pos="0" name="service.product" value="Sendmail"/>
1480
+ <param pos="0" name="system.time.format" value="EEE, dd MMM yyyy HH:mm:ss zzz"/>
1481
+ <param pos="1" name="host.name"/>
1482
+ <param pos="2" name="service.version"/>
1483
+ <param pos="3" name="sendmail.config.version"/>
1484
+ <param pos="4" name="system.time"/>
1485
+ </fingerprint>
1486
+
1487
+ <fingerprint pattern="^([^ ]+) Sendmail ([^;]+); ([^;\.]+)$">
1488
+ <description>
1489
+ catch all for other versions of sendmail
1490
+ </description>
1491
+ <param pos="0" name="service.family" value="Sendmail"/>
1492
+ <param pos="0" name="service.product" value="Sendmail"/>
1493
+ <param pos="0" name="system.time.format" value="EEE, dd MMM yyyy HH:mm:ss zzz"/>
1494
+ <param pos="1" name="host.name"/>
1495
+ <param pos="2" name="service.version"/>
1496
+ <param pos="3" name="system.time"/>
1497
+ </fingerprint>
1498
+
1499
+ <fingerprint pattern="^([^ ]+) ESMTP Sendmail$">
1500
+ <description>
1501
+ catch all for other versions of sendmail
1502
+ </description>
1503
+ <param pos="0" name="service.family" value="Sendmail"/>
1504
+ <param pos="0" name="service.product" value="Sendmail"/>
1505
+ <param pos="1" name="host.name"/>
1506
+ </fingerprint>
1507
+
1508
+ <!-- Sun Internet Mail Server -->
1509
+ <!-- Sun Internet Mail Server sims\.([^\.]+)([^\.]+)([^\.]+)([^\.]+)([^\.]+)([^\.]+)([^\.]+)([^\.]+) -->
1510
+
1511
+ <!-- these suckers can have LOTS of version numbers -->
1512
+ <fingerprint pattern="^([^ ]+) -- Server ESMTP \(Sun Internet Mail Server sims\.([^\.]+\.[^\.]+\.[^\.]+\.[^\.]+\.[^\.]+\.[^\.]+\.[^\.]+\.[^\.]+)\)$">
1513
+ <description>
1514
+ 220 smtp.foo.bar -- Server ESMTP (Sun Internet Mail Server sims.4.0.2000.10.12.16.25.p8)
1515
+ </description>
1516
+ <param pos="0" name="service.vendor" value="Sun"/>
1517
+ <param pos="0" name="service.family" value="Internet Mail Server"/>
1518
+ <param pos="0" name="service.product" value="Internet Mail Server"/>
1519
+ <param pos="0" name="os.vendor" value="Sun"/>
1520
+ <param pos="0" name="os.family" value="Solaris"/>
1521
+ <param pos="0" name="os.device" value="General"/>
1522
+ <param pos="0" name="os.product" value="Solaris"/>
1523
+ <param pos="1" name="host.name"/>
1524
+ <param pos="2" name="service.version"/>
1525
+ </fingerprint>
1526
+
1527
+ <!-- these suckers can have LOTS of version numbers -->
1528
+ <fingerprint pattern="^([^ ]+) -- Server ESMTP \(Sun Internet Mail Server sims\.([^\.]+\.[^\.]+\.[^\.]+\.[^\.]+\.[^\.]+\.[^\.]+\.[^\.]+)\)$">
1529
+ <description>
1530
+ 220 mercury.doc.ntu.ac.uk -- Server ESMTP (Sun Internet Mail Server sims.4.0.1999.06.13.00.20)
1531
+ </description>
1532
+ <param pos="0" name="service.vendor" value="Sun"/>
1533
+ <param pos="0" name="service.family" value="Internet Mail Server"/>
1534
+ <param pos="0" name="service.product" value="Internet Mail Server"/>
1535
+ <param pos="0" name="os.vendor" value="Sun"/>
1536
+ <param pos="0" name="os.family" value="Solaris"/>
1537
+ <param pos="0" name="os.device" value="General"/>
1538
+ <param pos="0" name="os.product" value="Solaris"/>
1539
+ <param pos="1" name="host.name"/>
1540
+ <param pos="2" name="service.version"/>
1541
+ </fingerprint>
1542
+
1543
+ <!-- SLMail with two version numbers -->
1544
+ <fingerprint pattern="^([^ ]+) S[mM][tT][pP] Server SL[mM]ail v?([^ ]+\.[^ ]+) Ready ESMTP spoken here *$">
1545
+ <description>
1546
+ Seattle Labs SLMail server for Windows NT/2k (v2.7 runs on Win9x)
1547
+ http://serverwatch.internet.com/reviews/mail-slmail.html
1548
+ http://www.seattlelab.com/
1549
+ example: 220 mail2.webgeneral.com Smtp Server SLMail v2.7 Ready ESMTP spoken here
1550
+ </description>
1551
+ <param pos="0" name="service.vendor" value="Seattle Labs"/>
1552
+ <param pos="0" name="service.family" value="SLMail"/>
1553
+ <param pos="0" name="service.product" value="SLMail"/>
1554
+ <param pos="1" name="host.name"/>
1555
+ <param pos="2" name="service.version"/>
1556
+ </fingerprint>
1557
+
1558
+ <!-- SLMail with three version numbers -->
1559
+ <fingerprint pattern="^([^ ]+) S[mM][tT][pP] Server SL[mM]ail v?([^ ]+\.[^ ]+\.[^ ]+) Ready ESMTP spoken here *$">
1560
+ <description>
1561
+ Seattle Labs SLMail server for Windows NT/2k (v2.7 runs on Win9x)
1562
+ http://serverwatch.internet.com/reviews/mail-slmail.html
1563
+ http://www.seattlelab.com/
1564
+ example: 220 wl004.pbx.web-light.net SMTP Server SLmail 3.2.3113 Ready ESMTP spoken here
1565
+ </description>
1566
+ <param pos="0" name="service.vendor" value="Seattle Labs"/>
1567
+ <param pos="0" name="service.family" value="SLMail"/>
1568
+ <param pos="0" name="service.product" value="SLMail"/>
1569
+ <param pos="1" name="host.name"/>
1570
+ <param pos="2" name="service.version"/>
1571
+ </fingerprint>
1572
+
1573
+ <!-- SLMail with four version numbers -->
1574
+ <fingerprint pattern="^([^ ]+) S[mM][tT][pP] Server SL[mM]ail v?([^ ]+\.[^ ]+\.[^ ]+\.[^ ]+) Ready ESMTP spoken here *$">
1575
+ <description>
1576
+ Seattle Labs SLMail server for Windows NT/2k (v2.7 runs on Win9x)
1577
+ http://serverwatch.internet.com/reviews/mail-slmail.html
1578
+ http://www.seattlelab.com/
1579
+ example: 220 mail2.webgeneral.com Smtp Server SLMail v2.7 Ready ESMTP spoken here
1580
+ </description>
1581
+ <param pos="0" name="service.vendor" value="Seattle Labs"/>
1582
+ <param pos="0" name="service.family" value="SLMail"/>
1583
+ <param pos="0" name="service.product" value="SLMail"/>
1584
+ <param pos="1" name="host.name"/>
1585
+ <param pos="2" name="service.version"/>
1586
+ </fingerprint>
1587
+
1588
+ <fingerprint pattern="^([^ ]+) +ESMTP Symantec Mail Security$">
1589
+ <description>
1590
+ Symantec Mail Security for SMTP
1591
+ </description>
1592
+ <param pos="0" name="service.vendor" value="Symantec"/>
1593
+ <param pos="0" name="service.product" value="Symantec Mail Security for SMTP"/>
1594
+ <param pos="1" name="host.name"/>
1595
+ </fingerprint>
1596
+
1597
+ <fingerprint pattern="^([^ ]+) +VOPmail ESMTP Receiver Version ([^ ]+\.[^ ]+\.[^ ]+\.[^ ]+) Ready *$">
1598
+ <description>
1599
+ VOPMail http://www.vircom.com/en/products/vopmail/vopmail.shtml
1600
+ example: 220 compudata.com.ar VOPmail ESMTP Receiver Version 4.0.179.0 Ready
1601
+ </description>
1602
+ <param pos="0" name="service.vendor" value="Vircom"/>
1603
+ <param pos="0" name="service.family" value="VOPMail"/>
1604
+ <param pos="0" name="service.product" value="VOPMail"/>
1605
+ <param pos="1" name="host.name"/>
1606
+ <param pos="2" name="service.version"/>
1607
+ </fingerprint>
1608
+
1609
+ <fingerprint pattern="^([^ ]+) VPOP3 SMTP Server Ready *$">
1610
+ <description>
1611
+ VPOP3 Email server: http://www.pscs.co.uk/products/vpop3/index.html
1612
+ example: 220 mail.sbm.com.ar VPOP3 SMTP Server Ready
1613
+ </description>
1614
+ <param pos="0" name="service.vendor" value="Paul Smith Computer Services"/>
1615
+ <param pos="0" name="service.family" value="VPOP3"/>
1616
+ <param pos="0" name="service.product" value="VPOP3"/>
1617
+ <param pos="1" name="host.name"/>
1618
+ </fingerprint>
1619
+
1620
+ <fingerprint pattern="^([^ ]+) WebShield SMTP V([^ ]+\.[^ ]+) Network Associates.*Ready at (.+) *$">
1621
+ <description>
1622
+ http://www.mcafeeb2b.com/products/webshield-smtp/default.asp
1623
+ example:220 smtp.foo.bar WebShield SMTP V4.5 Network Associates, Inc. Ready at Fri Jun 22 02:36:23 2001
1624
+ </description>
1625
+ <param pos="0" name="service.vendor" value="McAfee"/>
1626
+ <param pos="0" name="service.family" value="WebShield"/>
1627
+ <param pos="0" name="service.product" value="WebShield"/>
1628
+ <param pos="0" name="system.time.format" value="EEE dd MMM yyyy HH:mm:ss zzz"/>
1629
+ <param pos="1" name="host.name"/>
1630
+ <param pos="2" name="service.version"/>
1631
+ <param pos="3" name="system.time"/>
1632
+ </fingerprint>
1633
+
1634
+ <fingerprint pattern="^([^ ]+) WebShield SMTP V([^ ]+\.[^ ]+) ([^ ]+) Network Associates.*Ready at (.+) *$">
1635
+ <description>
1636
+ http://www.mcafeeb2b.com/products/webshield-smtp/default.asp
1637
+ example:220 wsigate WebShield SMTP V4.5 MR1 Network Associates, Inc. Ready at Sun Jul 29 22:47:44 2001
1638
+ </description>
1639
+ <param pos="0" name="service.vendor" value="McAfee"/>
1640
+ <param pos="0" name="service.family" value="WebShield"/>
1641
+ <param pos="0" name="service.product" value="WebShield"/>
1642
+ <param pos="0" name="system.time.format" value="EEE dd MMM yyyy HH:mm:ss zzz"/>
1643
+ <param pos="1" name="host.name"/>
1644
+ <param pos="2" name="service.version"/>
1645
+ <param pos="3" name="service.version.version"/>
1646
+ <param pos="4" name="system.time"/>
1647
+ </fingerprint>
1648
+
1649
+ <fingerprint pattern="^([^ ]+) McAfee WebShield ASaP v([^ ]+\.[^ ]+\.[^ ]+): (.+) *$">
1650
+ <description>
1651
+ McAfee Webshield ASaP is a combination hardware/software platform,
1652
+ basically consisting of a 1U Linux rackmount box with McAfee's filtering software
1653
+ http://www.mcafeeb2b.com/services/webshield-asap/faq.asp
1654
+ example: 220 smtp.foo.bar McAfee WebShield ASaP v1.0.1: Sun, 29 Jul 2001 22:46:18 -0700
1655
+ </description>
1656
+ <param pos="0" name="service.vendor" value="McAfee"/>
1657
+ <param pos="0" name="service.family" value="WebShield"/>
1658
+ <param pos="0" name="service.product" value="WebShield"/>
1659
+ <param pos="0" name="system.time.format" value="EEE, dd MMM yyyy HH:mm:ss zzz"/>
1660
+ <param pos="0" name="os.vendor" value="McAfee"/>
1661
+ <param pos="0" name="os.family" value="Linux"/>
1662
+ <param pos="0" name="os.device" value="General"/>
1663
+ <param pos="0" name="os.product" value="Linux"/>
1664
+ <param pos="1" name="host.name"/>
1665
+ <param pos="2" name="service.version"/>
1666
+ <param pos="3" name="system.time"/>
1667
+ </fingerprint>
1668
+
1669
+ <fingerprint pattern="^([^ ]+) McAfee VirusScreen ASaP v([^ ]+\.[^ ]+): (.+) *$">
1670
+ <description>
1671
+ example: 220 smtp.foo.bar McAfee VirusScreen ASaP v1.1: Sun, 20 Jul 2003 09:20:52 -0700
1672
+ </description>
1673
+ <param pos="0" name="service.vendor" value="McAfee"/>
1674
+ <param pos="0" name="service.family" value="WebShield"/>
1675
+ <param pos="0" name="service.product" value="WebShield"/>
1676
+ <param pos="0" name="system.time.format" value="EEE, dd MMM yyyy HH:mm:ss zzz"/>
1677
+ <param pos="0" name="os.vendor" value="McAfee"/>
1678
+ <param pos="0" name="os.family" value="Linux"/>
1679
+ <param pos="0" name="os.device" value="General"/>
1680
+ <param pos="0" name="os.product" value="Linux"/>
1681
+ <param pos="1" name="host.name"/>
1682
+ <param pos="2" name="service.version"/>
1683
+ <param pos="3" name="system.time"/>
1684
+ </fingerprint>
1685
+
1686
+ <fingerprint pattern="^([^ ]+) ESMTP - WinRoute Pro ([^ ]+\.[^ ]+) *$">
1687
+ <description>
1688
+ WinRoute Pro, runs on 9x/NT/2k
1689
+ http://www.tinysoftware.com/winpro.php
1690
+ example: 220 unspecified.host ESMTP - WinRoute Pro 4.0
1691
+ </description>
1692
+ <param pos="0" name="service.family" value="WinRoute"/>
1693
+ <param pos="0" name="service.product" value="WinRoute"/>
1694
+ <param pos="1" name="host.name"/>
1695
+ <param pos="2" name="service.version"/>
1696
+ </fingerprint>
1697
+
1698
+ <fingerprint pattern="^([^ ]+) ZMailer Server ([^ ]+\.[^ ]+\.[^ ]+) #([^ ]) ESMTP ready at (.+) *$">
1699
+ <description>
1700
+ ZMailer http://www.zmailer.org/technical.html
1701
+ example: 220 dedos.pert.com.ar ZMailer Server 2.99.54 #2 ESMTP ready at Tue, 6 Feb 2001 10:42:08 -0300
1702
+ </description>
1703
+ <param pos="0" name="service.vendor" value="ZMailer"/>
1704
+ <param pos="0" name="service.family" value="ZMailer"/>
1705
+ <param pos="0" name="service.product" value="ZMailer"/>
1706
+ <param pos="0" name="system.time.format" value="EEE, dd MMM yyyy HH:mm:ss zzz"/>
1707
+ <param pos="1" name="host.name"/>
1708
+ <param pos="2" name="service.version"/>
1709
+ <param pos="3" name="service.version.version"/>
1710
+ <param pos="4" name="system.time"/>
1711
+ </fingerprint>
1712
+
1713
+ <fingerprint pattern="^([^ ]+) ZMailer Server ([^ ]+\.[^ ]+\.[^ ]+) #([^ ]) ESMTP\+IDENT ready at (.+) *$">
1714
+ <description>
1715
+ ZMailer server that supports IDENT
1716
+ </description>
1717
+ <param pos="0" name="service.vendor" value="ZMailer"/>
1718
+ <param pos="0" name="service.family" value="ZMailer"/>
1719
+ <param pos="0" name="service.product" value="ZMailer"/>
1720
+ <param pos="0" name="system.time.format" value="EEE, dd MMM yyyy HH:mm:ss zzz"/>
1721
+ <param pos="0" name="zmailer.ident" value="yes"/>
1722
+ <param pos="1" name="host.name"/>
1723
+ <param pos="2" name="service.version"/>
1724
+ <param pos="3" name="service.version.version"/>
1725
+ <param pos="4" name="system.time"/>
1726
+ </fingerprint>
1727
+
1728
+ <fingerprint pattern="^([^ ]+) E?SMTP(?: Ready\.?)?$">
1729
+ <description>
1730
+ catch all for daemons that have no distinguishing fingerprint whatsoever
1731
+ </description>
1732
+ <example>foo.example.com ESMTP</example>
1733
+ <example>foo.example.com ESMTP Ready</example>
1734
+ <example>foo.example.com SMTP</example>
1735
+ <param pos="0" name="service.product" value="Unknown"/>
1736
+ <param pos="1" name="host.name"/>
1737
+ </fingerprint>
1738
+ </fingerprints>