recog 0.01
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- data/.gitignore +3 -0
- data/.rspec +2 -0
- data/Gemfile +9 -0
- data/Gemfile.lock +42 -0
- data/LICENSE +23 -0
- data/README.md +63 -0
- data/bin/recog_export.rb +81 -0
- data/bin/recog_match.rb +51 -0
- data/bin/recog_verify.rb +45 -0
- data/features/match.feature +16 -0
- data/features/support/env.rb +5 -0
- data/features/verify.feature +31 -0
- data/features/xml/banners.xml +2 -0
- data/features/xml/failing_banners_fingerprints.xml +20 -0
- data/features/xml/matching_banners_fingerprints.xml +22 -0
- data/features/xml/no_tests.xml +53 -0
- data/features/xml/successful_tests.xml +33 -0
- data/features/xml/tests_with_failures.xml +10 -0
- data/features/xml/tests_with_warnings.xml +10 -0
- data/lib/recog.rb +3 -0
- data/lib/recog/db.rb +38 -0
- data/lib/recog/db_manager.rb +27 -0
- data/lib/recog/fingerprint.rb +60 -0
- data/lib/recog/formatter.rb +51 -0
- data/lib/recog/match_reporter.rb +77 -0
- data/lib/recog/matcher.rb +60 -0
- data/lib/recog/matcher_factory.rb +14 -0
- data/lib/recog/nizer.rb +263 -0
- data/lib/recog/verifier.rb +46 -0
- data/lib/recog/verifier_factory.rb +13 -0
- data/lib/recog/verify_reporter.rb +85 -0
- data/lib/recog/version.rb +3 -0
- data/recog.gemspec +34 -0
- data/spec/data/best_os_match_1.yml +17 -0
- data/spec/data/best_os_match_2.yml +17 -0
- data/spec/data/best_service_match_1.yml +17 -0
- data/spec/data/smb_native_os.txt +31 -0
- data/spec/data/test_fingerprints.xml +24 -0
- data/spec/lib/db_spec.rb +89 -0
- data/spec/lib/formatter_spec.rb +69 -0
- data/spec/lib/match_reporter_spec.rb +90 -0
- data/spec/lib/nizer_spec.rb +124 -0
- data/spec/lib/verify_reporter_spec.rb +112 -0
- data/xml/apache_os.xml +295 -0
- data/xml/architecture.xml +45 -0
- data/xml/ftp_banners.xml +808 -0
- data/xml/h323_callresp.xml +701 -0
- data/xml/hp_pjl_id.xml +435 -0
- data/xml/http_cookies.xml +379 -0
- data/xml/http_servers.xml +3326 -0
- data/xml/http_wwwauth.xml +412 -0
- data/xml/imap_banners.xml +267 -0
- data/xml/nntp_banners.xml +51 -0
- data/xml/ntp_banners.xml +538 -0
- data/xml/pop_banners.xml +452 -0
- data/xml/rsh_resp.xml +90 -0
- data/xml/sip_banners.xml +14 -0
- data/xml/smb_native_os.xml +385 -0
- data/xml/smtp_banners.xml +1738 -0
- data/xml/smtp_debug.xml +45 -0
- data/xml/smtp_ehlo.xml +53 -0
- data/xml/smtp_expn.xml +95 -0
- data/xml/smtp_help.xml +212 -0
- data/xml/smtp_mailfrom.xml +24 -0
- data/xml/smtp_noop.xml +45 -0
- data/xml/smtp_quit.xml +31 -0
- data/xml/smtp_rcptto.xml +33 -0
- data/xml/smtp_rset.xml +23 -0
- data/xml/smtp_turn.xml +23 -0
- data/xml/smtp_vrfy.xml +109 -0
- data/xml/snmp_sysdescr.xml +8008 -0
- data/xml/snmp_sysobjid.xml +284 -0
- data/xml/ssh_banners.xml +790 -0
- data/xml/upnp_banners.xml +590 -0
- metadata +190 -0
data/xml/sip_banners.xml
ADDED
@@ -0,0 +1,14 @@
|
|
1
|
+
<?xml version="1.0"?>
|
2
|
+
<!--
|
3
|
+
SIP Server header values are matched against these patterns to fingerprint SIP devices.
|
4
|
+
-->
|
5
|
+
|
6
|
+
<fingerprint matches="sip_header.server">
|
7
|
+
<fingerprint pattern="^Cisco-SIPGateway/IOS-([\d\.x]+)$">
|
8
|
+
<description>Cisco SIPGateway</description>
|
9
|
+
<example>Cisco-SIPGateway/IOS-12.x</example>
|
10
|
+
<param pos="0" name="os.vendor" value="Cisco"/>
|
11
|
+
<param pos="0" name="os.product" value="IOS"/>
|
12
|
+
<param pos="1" name="os.version"/>
|
13
|
+
</fingerprint>
|
14
|
+
</fingerprints>
|
@@ -0,0 +1,385 @@
|
|
1
|
+
<?xml version="1.0"?>
|
2
|
+
|
3
|
+
<!--
|
4
|
+
SMB Native OS Fingerprints
|
5
|
+
-->
|
6
|
+
|
7
|
+
<fingerprints matches="smb.native_os">
|
8
|
+
|
9
|
+
<fingerprint pattern="^(Windows NT \d\.\d+)$">
|
10
|
+
<description>Windows NT</description>
|
11
|
+
<example>Windows NT 4.0</example>
|
12
|
+
<param pos="0" name="os.certainty" value="1.0"/>
|
13
|
+
<param pos="0" name="os.vendor" value="Microsoft"/>
|
14
|
+
<param pos="1" name="os.product"/>
|
15
|
+
</fingerprint>
|
16
|
+
|
17
|
+
<fingerprint pattern="^(Windows (95|98|ME))$">
|
18
|
+
<description>Windows 95/98/ME</description>
|
19
|
+
<example>Windows 95</example>
|
20
|
+
<example>Windows 98</example>
|
21
|
+
<param pos="0" name="os.certainty" value="1.0"/>
|
22
|
+
<param pos="0" name="os.vendor" value="Microsoft"/>
|
23
|
+
<param pos="1" name="os.product"/>
|
24
|
+
</fingerprint>
|
25
|
+
|
26
|
+
<fingerprint pattern="^Windows 5\.0$">
|
27
|
+
<description>Windows 2000</description>
|
28
|
+
<example>Windows 5.0</example>
|
29
|
+
<param pos="0" name="os.certainty" value="1.0"/>
|
30
|
+
<param pos="0" name="os.vendor" value="Microsoft"/>
|
31
|
+
<param pos="0" name="os.product" value="Windows 2000"/>
|
32
|
+
</fingerprint>
|
33
|
+
|
34
|
+
<fingerprint pattern="^Windows 5\.1$">
|
35
|
+
<description>Windows XP</description>
|
36
|
+
<example>Windows 5.1</example>
|
37
|
+
<param pos="0" name="os.certainty" value="1.0"/>
|
38
|
+
<param pos="0" name="os.vendor" value="Microsoft"/>
|
39
|
+
<param pos="0" name="os.product" value="Windows XP"/>
|
40
|
+
</fingerprint>
|
41
|
+
|
42
|
+
<fingerprint pattern="^Windows XP (\d+) (Service Pack \d+)$">
|
43
|
+
<description>Windows XP</description>
|
44
|
+
<example>Windows XP 2600 Service Pack 1</example>
|
45
|
+
<param pos="0" name="os.certainty" value="1.0"/>
|
46
|
+
<param pos="0" name="os.vendor" value="Microsoft"/>
|
47
|
+
<param pos="0" name="os.product" value="Windows XP"/>
|
48
|
+
<param pos="1" name="os.build"/>
|
49
|
+
<param pos="2" name="os.version"/>
|
50
|
+
</fingerprint>
|
51
|
+
|
52
|
+
<fingerprint pattern="^Windows XP (\d+)$">
|
53
|
+
<description>Windows XP</description>
|
54
|
+
<example>Windows XP 2600</example>
|
55
|
+
<param pos="0" name="os.certainty" value="1.0"/>
|
56
|
+
<param pos="0" name="os.vendor" value="Microsoft"/>
|
57
|
+
<param pos="0" name="os.product" value="Windows XP"/>
|
58
|
+
<param pos="1" name="os.build"/>
|
59
|
+
</fingerprint>
|
60
|
+
|
61
|
+
<fingerprint pattern="^Windows \.NET">
|
62
|
+
<description>Windows Server 2003 Beta</description>
|
63
|
+
<param pos="0" name="os.certainty" value="1.0"/>
|
64
|
+
<param pos="0" name="os.vendor" value="Microsoft"/>
|
65
|
+
<param pos="0" name="os.product" value="Windows Server 2003"/>
|
66
|
+
<param pos="0" name="os.version" value="Beta"/>
|
67
|
+
</fingerprint>
|
68
|
+
|
69
|
+
<fingerprint pattern="^Windows Server 2003 R2 (\d+)$">
|
70
|
+
<description>Windows Server 2003 R2</description>
|
71
|
+
<param pos="0" name="os.certainty" value="1.0"/>
|
72
|
+
<param pos="0" name="os.vendor" value="Microsoft"/>
|
73
|
+
<param pos="0" name="os.product" value="Windows Server 2003 R2"/>
|
74
|
+
<param pos="1" name="os.build"/>
|
75
|
+
</fingerprint>
|
76
|
+
|
77
|
+
<fingerprint pattern="^Windows Server 2003 R2 (\d+) (Service Pack \d+)$">
|
78
|
+
<description>Windows Server 2003 R2 (SP)</description>
|
79
|
+
<example>Windows Server 2003 R2 3790 Service Pack 2</example>
|
80
|
+
<param pos="0" name="os.certainty" value="1.0"/>
|
81
|
+
<param pos="0" name="os.vendor" value="Microsoft"/>
|
82
|
+
<param pos="0" name="os.product" value="Windows Server 2003 R2"/>
|
83
|
+
<param pos="1" name="os.build"/>
|
84
|
+
<param pos="2" name="os.version"/>
|
85
|
+
</fingerprint>
|
86
|
+
|
87
|
+
<fingerprint pattern="^Windows Server 2003 (\d+)$">
|
88
|
+
<description>Windows Server 2003</description>
|
89
|
+
<example>Windows Server 2003 3790</example>
|
90
|
+
<param pos="0" name="os.certainty" value="1.0"/>
|
91
|
+
<param pos="0" name="os.vendor" value="Microsoft"/>
|
92
|
+
<param pos="0" name="os.product" value="Windows Server 2003"/>
|
93
|
+
<param pos="1" name="os.build"/>
|
94
|
+
</fingerprint>
|
95
|
+
|
96
|
+
<fingerprint pattern="^Windows Server 2003 (\d+) (Service Pack \d+)$">
|
97
|
+
<description>Windows Server 2003 (SP)</description>
|
98
|
+
<example>Windows Server 2003 3790 Service Pack 1</example>
|
99
|
+
<example>Windows Server 2003 3790 Service Pack 2</example>
|
100
|
+
<param pos="0" name="os.certainty" value="1.0"/>
|
101
|
+
<param pos="0" name="os.vendor" value="Microsoft"/>
|
102
|
+
<param pos="0" name="os.product" value="Windows Server 2003"/>
|
103
|
+
<param pos="1" name="os.build"/>
|
104
|
+
<param pos="2" name="os.version"/>
|
105
|
+
</fingerprint>
|
106
|
+
|
107
|
+
<!-- Note that 2008 SP1 is technically "2008 Gold" according to Microsoft -->
|
108
|
+
<fingerprint pattern="^Windows Server \(R\) 2008 (\w+|\w+ \w+|\w+ \w+ \w+)(?: (?:with|without) Hyper-V|) (\d+) (Service Pack \d+)$">
|
109
|
+
<description>Windows Server 2008</description>
|
110
|
+
<example>Windows Server (R) 2008 Enterprise without Hyper-V 6001 Service Pack 1</example>
|
111
|
+
<example>Windows Server (R) 2008 Enterprise 6002 Service Pack 2</example>
|
112
|
+
<param pos="0" name="os.certainty" value="1.0"/>
|
113
|
+
<param pos="0" name="os.vendor" value="Microsoft"/>
|
114
|
+
<param pos="0" name="os.product" value="Windows Server 2008"/>
|
115
|
+
<param pos="1" name="os.edition"/>
|
116
|
+
<param pos="2" name="os.build"/>
|
117
|
+
<param pos="3" name="os.version"/>
|
118
|
+
</fingerprint>
|
119
|
+
|
120
|
+
<fingerprint pattern="^Windows \(R\) Web Server 2008 (\d+) (Service Pack \d+)$">
|
121
|
+
<description>Windows Web Server 2008 (SP)</description>
|
122
|
+
<example>Windows (R) Web Server 2008 6002 Service Pack 2</example>
|
123
|
+
<param pos="0" name="os.certainty" value="1.0"/>
|
124
|
+
<param pos="0" name="os.vendor" value="Microsoft"/>
|
125
|
+
<param pos="0" name="os.product" value="Windows Server 2008"/>
|
126
|
+
<param pos="0" name="os.edition" value="Web"/>
|
127
|
+
<param pos="1" name="os.build"/>
|
128
|
+
<param pos="2" name="os.version"/>
|
129
|
+
</fingerprint>
|
130
|
+
|
131
|
+
<fingerprint pattern="^Windows \(R\) Web Server 2008 (\d+)$">
|
132
|
+
<description>Windows Web Server 2008</description>
|
133
|
+
<example>Windows (R) Web Server 2008 6002</example>
|
134
|
+
<param pos="0" name="os.certainty" value="1.0"/>
|
135
|
+
<param pos="0" name="os.vendor" value="Microsoft"/>
|
136
|
+
<param pos="0" name="os.product" value="Windows Server 2008"/>
|
137
|
+
<param pos="0" name="os.edition" value="Web"/>
|
138
|
+
<param pos="1" name="os.build"/>
|
139
|
+
</fingerprint>
|
140
|
+
|
141
|
+
<!-- TODO: Need an example string -->
|
142
|
+
<fingerprint pattern="^Windows \(R\) Storage Server 2008 (\w+|\w+ \w+|\w+ \w+ \w+) (\d+) (Service Pack \d+)$">
|
143
|
+
<description>Windows Server 2008 Storage (SP)</description>
|
144
|
+
<param pos="0" name="os.certainty" value="1.0"/>
|
145
|
+
<param pos="0" name="os.vendor" value="Microsoft"/>
|
146
|
+
<param pos="0" name="os.product" value="Windows Server 2008"/>
|
147
|
+
<param pos="0" name="os.edition" value="Storage"/>
|
148
|
+
<param pos="3" name="os.build"/>
|
149
|
+
<param pos="4" name="os.version"/>
|
150
|
+
</fingerprint>
|
151
|
+
|
152
|
+
<!-- TODO: Need an example string -->
|
153
|
+
<fingerprint pattern="^Windows \(R\) Storage Server 2008 (\w+|\w+ \w+|\w+ \w+ \w+) (\d+)$">
|
154
|
+
<description>Windows Web Server 2008 Storage</description>
|
155
|
+
<param pos="0" name="os.certainty" value="1.0"/>
|
156
|
+
<param pos="0" name="os.vendor" value="Microsoft"/>
|
157
|
+
<param pos="0" name="os.product" value="Windows Server 2008"/>
|
158
|
+
<param pos="0" name="os.edition" value="Storage"/>
|
159
|
+
<param pos="3" name="os.build"/>
|
160
|
+
</fingerprint>
|
161
|
+
|
162
|
+
<fingerprint pattern="^Windows Server 2008 HPC Edition (\d+) (Service Pack \d+)$">
|
163
|
+
<description>Windows Server 2008 HPC</description>
|
164
|
+
<example>Windows Server 2008 HPC Edition 7601 Service Pack 1</example>
|
165
|
+
<param pos="0" name="os.certainty" value="1.0"/>
|
166
|
+
<param pos="0" name="os.vendor" value="Microsoft"/>
|
167
|
+
<param pos="0" name="os.product" value="Windows Server 2008"/>
|
168
|
+
<param pos="0" name="os.edition" value="HPC"/>
|
169
|
+
<param pos="1" name="os.build"/>
|
170
|
+
<param pos="2" name="os.version"/>
|
171
|
+
</fingerprint>
|
172
|
+
|
173
|
+
<!-- TODO: Need an example string -->
|
174
|
+
<fingerprint pattern="^Windows Server 2008 HPC Edition (\d+)$">
|
175
|
+
<description>Windows Web Server 2008 HPC</description>
|
176
|
+
<example>Windows Server 2008 HPC Edition 7600</example>
|
177
|
+
<param pos="0" name="os.certainty" value="1.0"/>
|
178
|
+
<param pos="0" name="os.vendor" value="Microsoft"/>
|
179
|
+
<param pos="0" name="os.product" value="Windows Server 2008"/>
|
180
|
+
<param pos="0" name="os.edition" value="HPC"/>
|
181
|
+
<param pos="1" name="os.build"/>
|
182
|
+
</fingerprint>
|
183
|
+
|
184
|
+
<!-- 2008 R2 -->
|
185
|
+
|
186
|
+
<fingerprint pattern="^Windows Server 2008 R2 (\w+|\w+ \w+|\w+ \w+ \w+) (\d+) (Service Pack \d+)$">
|
187
|
+
<description>Windows Server 2008</description>
|
188
|
+
<example>Windows Server 2008 R2 Enterprise 7601 Service Pack 1</example>
|
189
|
+
<example>Windows Server 2008 R2 Standard 7601 Service Pack 1</example>
|
190
|
+
<param pos="0" name="os.certainty" value="1.0"/>
|
191
|
+
<param pos="0" name="os.vendor" value="Microsoft"/>
|
192
|
+
<param pos="0" name="os.product" value="Windows Server 2008 R2"/>
|
193
|
+
<param pos="1" name="os.edition"/>
|
194
|
+
<param pos="2" name="os.build"/>
|
195
|
+
<param pos="3" name="os.version"/>
|
196
|
+
</fingerprint>
|
197
|
+
|
198
|
+
<fingerprint pattern="^Windows Server 2008 R2 (\w+|\w+ \w+|\w+ \w+ \w+) (\d+)$">
|
199
|
+
<description>Windows Server 2008 R2</description>
|
200
|
+
<example>Windows Server 2008 R2 Enterprise 7600</example>
|
201
|
+
<example>Windows Server 2008 R2 Standard 7600</example>
|
202
|
+
<example>Windows Server 2008 R2 Datacenter 7600</example>
|
203
|
+
<param pos="0" name="os.certainty" value="1.0"/>
|
204
|
+
<param pos="0" name="os.vendor" value="Microsoft"/>
|
205
|
+
<param pos="0" name="os.product" value="Windows Server 2008 R2"/>
|
206
|
+
<param pos="1" name="os.edition"/>
|
207
|
+
<param pos="2" name="os.build"/>
|
208
|
+
</fingerprint>
|
209
|
+
|
210
|
+
<fingerprint pattern="^Windows Web Server 2008 R2 (\d+) (Service Pack \d+)$">
|
211
|
+
<description>Windows Server 2008 R2 Web</description>
|
212
|
+
<example>Windows Web Server 2008 R2 7601 Service Pack 1</example>
|
213
|
+
<param pos="0" name="os.certainty" value="1.0"/>
|
214
|
+
<param pos="0" name="os.vendor" value="Microsoft"/>
|
215
|
+
<param pos="0" name="os.product" value="Windows Server 2008 R2"/>
|
216
|
+
<param pos="0" name="os.edition" value="Web"/>
|
217
|
+
<param pos="1" name="os.build"/>
|
218
|
+
<param pos="2" name="os.version"/>
|
219
|
+
</fingerprint>
|
220
|
+
|
221
|
+
<fingerprint pattern="^Windows Web Server 2008 R2 (\d+)$">
|
222
|
+
<description>Windows Web Server 2008 R2 Web</description>
|
223
|
+
<example>Windows Web Server 2008 R2 7600</example>
|
224
|
+
<param pos="0" name="os.certainty" value="1.0"/>
|
225
|
+
<param pos="0" name="os.vendor" value="Microsoft"/>
|
226
|
+
<param pos="0" name="os.product" value="Windows Server 2008 R2"/>
|
227
|
+
<param pos="0" name="os.edition" value="Web"/>
|
228
|
+
<param pos="1" name="os.build"/>
|
229
|
+
</fingerprint>
|
230
|
+
|
231
|
+
<fingerprint pattern="^Windows Vista \(TM\) (\w+|\w+ \w+|\w+ \w+ \w+) (\d+) (Service Pack \d+)$">
|
232
|
+
<description>Windows Vista (SP)</description>
|
233
|
+
<example>Windows Vista (TM) Home Premium 6002 Service Pack 2</example>
|
234
|
+
<param pos="0" name="os.certainty" value="1.0"/>
|
235
|
+
<param pos="0" name="os.vendor" value="Microsoft"/>
|
236
|
+
<param pos="0" name="os.product" value="Windows Vista"/>
|
237
|
+
<param pos="1" name="os.edition"/>
|
238
|
+
<param pos="2" name="os.build"/>
|
239
|
+
<param pos="3" name="os.version"/>
|
240
|
+
</fingerprint>
|
241
|
+
|
242
|
+
<fingerprint pattern="^Windows Vista \(TM\) (\w+|\w+ \w+|\w+ \w+ \w+) (\d+)$">
|
243
|
+
<description>Windows Vista</description>
|
244
|
+
<example>Windows Vista (TM) Home Premium 6000</example>
|
245
|
+
<param pos="0" name="os.certainty" value="1.0"/>
|
246
|
+
<param pos="0" name="os.vendor" value="Microsoft"/>
|
247
|
+
<param pos="0" name="os.product" value="Windows Vista"/>
|
248
|
+
<param pos="1" name="os.edition"/>
|
249
|
+
<param pos="2" name="os.build"/>
|
250
|
+
</fingerprint>
|
251
|
+
|
252
|
+
|
253
|
+
<fingerprint pattern="^(Windows (?:7|8|8\.1)(?:| RT)) (\w+|\w+ \w+|\w+ \w+ \w+) (\d+) (Service Pack \d+)$">
|
254
|
+
<description>Windows 7/8 (SP + Edition)</description>
|
255
|
+
<example>Windows 7 Enterprise 7601 Service Pack 1</example>
|
256
|
+
<example>Windows 7 Starter 7601 Service Pack 1</example>
|
257
|
+
<param pos="0" name="os.certainty" value="1.0"/>
|
258
|
+
<param pos="0" name="os.vendor" value="Microsoft"/>
|
259
|
+
<param pos="1" name="os.product"/>
|
260
|
+
<param pos="2" name="os.edition"/>
|
261
|
+
<param pos="3" name="os.build"/>
|
262
|
+
<param pos="4" name="os.version"/>
|
263
|
+
</fingerprint>
|
264
|
+
|
265
|
+
<fingerprint pattern="^(Windows (?:7|8|8\.1)(?:| RT)) (\w+|\w+ \w+|\w+ \w+ \w+) (\d+)$">
|
266
|
+
<description>Windows 7/8 (Edition)</description>
|
267
|
+
<example>Windows 7 Enterprise 7600</example>
|
268
|
+
<example>Windows 8.1 Enterprise 9600</example>
|
269
|
+
<example>Windows 8 Enterprise 9200</example>
|
270
|
+
<param pos="0" name="os.certainty" value="1.0"/>
|
271
|
+
<param pos="0" name="os.vendor" value="Microsoft"/>
|
272
|
+
<param pos="1" name="os.product"/>
|
273
|
+
<param pos="2" name="os.edition"/>
|
274
|
+
<param pos="3" name="os.build"/>
|
275
|
+
</fingerprint>
|
276
|
+
|
277
|
+
<fingerprint pattern="^(Windows (?:7|8|8\.1)(?:| RT)) (\d+) (Service Pack \d+)$">
|
278
|
+
<description>Windows 7/8 (SP)</description>
|
279
|
+
<example>Windows 7 7601 Service Pack 1</example>
|
280
|
+
<param pos="0" name="os.certainty" value="1.0"/>
|
281
|
+
<param pos="0" name="os.vendor" value="Microsoft"/>
|
282
|
+
<param pos="1" name="os.product"/>
|
283
|
+
<param pos="2" name="os.build"/>
|
284
|
+
<param pos="3" name="os.version"/>
|
285
|
+
</fingerprint>
|
286
|
+
|
287
|
+
<fingerprint pattern="^(Windows (?:7|8|8\.1)(?:| RT)) (\d+)$">
|
288
|
+
<description>Windows 7/8</description>
|
289
|
+
<example>Windows 8 9200</example>
|
290
|
+
<param pos="0" name="os.certainty" value="1.0"/>
|
291
|
+
<param pos="0" name="os.vendor" value="Microsoft"/>
|
292
|
+
<param pos="1" name="os.product"/>
|
293
|
+
<param pos="2" name="os.build"/>
|
294
|
+
</fingerprint>
|
295
|
+
|
296
|
+
<!-- Windows 2012 R2 matches go first to simplify the regular expressions -->
|
297
|
+
|
298
|
+
<!-- TODO: Need an example string -->
|
299
|
+
<fingerprint pattern="^Windows Server 2012 R2 (\w+|\w+ \w+|\w+ \w+ \w+) (\d+) (Service Pack \d+)$">
|
300
|
+
<description>Windows Server 2012 R2 (SP)</description>
|
301
|
+
<param pos="0" name="os.certainty" value="1.0"/>
|
302
|
+
<param pos="0" name="os.vendor" value="Microsoft"/>
|
303
|
+
<param pos="0" name="os.product" value="Windows Server 2012 R2"/>
|
304
|
+
<param pos="1" name="os.edition"/>
|
305
|
+
<param pos="2" name="os.build"/>
|
306
|
+
<param pos="3" name="os.version"/>
|
307
|
+
</fingerprint>
|
308
|
+
|
309
|
+
<fingerprint pattern="^Windows Server 2012 R2 (\w+|\w+ \w+|\w+ \w+ \w+) (\d+)$">
|
310
|
+
<description>Windows Server 2012 R2</description>
|
311
|
+
<example>Windows Server 2012 R2 Standard 9600</example>
|
312
|
+
<param pos="0" name="os.certainty" value="1.0"/>
|
313
|
+
<param pos="0" name="os.vendor" value="Microsoft"/>
|
314
|
+
<param pos="0" name="os.product" value="Windows Server 2012 R2"/>
|
315
|
+
<param pos="1" name="os.edition"/>
|
316
|
+
<param pos="2" name="os.build"/>
|
317
|
+
</fingerprint>
|
318
|
+
|
319
|
+
<!-- TODO: Need an example string -->
|
320
|
+
<fingerprint pattern="^Windows Server 2012 (\w+|\w+ \w+|\w+ \w+ \w+) (\d+) (Service Pack \d+)$">
|
321
|
+
<description>Windows Server 2012 (SP)</description>
|
322
|
+
<param pos="0" name="os.certainty" value="1.0"/>
|
323
|
+
<param pos="0" name="os.vendor" value="Microsoft"/>
|
324
|
+
<param pos="0" name="os.product" value="Windows Server 2012"/>
|
325
|
+
<param pos="1" name="os.edition"/>
|
326
|
+
<param pos="2" name="os.build"/>
|
327
|
+
<param pos="3" name="os.version"/>
|
328
|
+
</fingerprint>
|
329
|
+
|
330
|
+
<fingerprint pattern="^Windows Server 2012 (\w+|\w+ \w+|\w+ \w+ \w+) (\d+)$">
|
331
|
+
<description>Windows Server 2012</description>
|
332
|
+
<example>Windows Server 2012 Standard 9200</example>
|
333
|
+
<param pos="0" name="os.certainty" value="1.0"/>
|
334
|
+
<param pos="0" name="os.vendor" value="Microsoft"/>
|
335
|
+
<param pos="0" name="os.product" value="Windows Server 2012"/>
|
336
|
+
<param pos="1" name="os.edition"/>
|
337
|
+
<param pos="2" name="os.build"/>
|
338
|
+
</fingerprint>
|
339
|
+
|
340
|
+
<fingerprint pattern="^Windows MultiPoint Server 2012 (\w+|\w+ \w+|\w+ \w+ \w+) (\d+) (Service Pack \d+)$">
|
341
|
+
<description>Windows MultiPoint Server 2012 (SP)</description>
|
342
|
+
<example>Windows MultiPoint Server 2012 Premium 9201 Service Pack 1</example>
|
343
|
+
<param pos="0" name="os.certainty" value="1.0"/>
|
344
|
+
<param pos="0" name="os.vendor" value="Microsoft"/>
|
345
|
+
<param pos="0" name="os.product" value="Windows Server 2012"/>
|
346
|
+
<param pos="0" name="os.edition" value="MultiPoint"/>
|
347
|
+
<param pos="2" name="os.build"/>
|
348
|
+
<param pos="3" name="os.version"/>
|
349
|
+
</fingerprint>
|
350
|
+
|
351
|
+
<fingerprint pattern="^Windows MultiPoint Server 2012 (\w+|\w+ \w+|\w+ \w+ \w+) (\d+)$">
|
352
|
+
<description>Windows MultiPoint Server 2012</description>
|
353
|
+
<example>Windows MultiPoint Server 2012 Premium 9200</example>
|
354
|
+
<param pos="0" name="os.certainty" value="1.0"/>
|
355
|
+
<param pos="0" name="os.vendor" value="Microsoft"/>
|
356
|
+
<param pos="0" name="os.product" value="Windows Server 2012"/>
|
357
|
+
<param pos="0" name="os.edition" value="MultiPoint"/>
|
358
|
+
<param pos="2" name="os.build"/>
|
359
|
+
</fingerprint>
|
360
|
+
|
361
|
+
<!-- TODO: Detect vendor, distribution, and package versions -->
|
362
|
+
<fingerprint pattern="^Samba (\d\.\d+.\d+\w*)">
|
363
|
+
<description>Samba</description>
|
364
|
+
<example>Samba 3.0.24</example>
|
365
|
+
<example>Samba 3.0.28a</example>
|
366
|
+
<example>Samba 3.0.32-0.2-2210-SUSE-SL10.3</example>
|
367
|
+
<example>Samba 3.6.3</example>
|
368
|
+
<example>Samba 3.6.6</example>
|
369
|
+
<example>Samba 3.6.9-151.el6_4.1</example>
|
370
|
+
<param pos="0" name="service.vendor" value="Samba"/>
|
371
|
+
<param pos="0" name="service.product" value="Samba"/>
|
372
|
+
<param pos="1" name="service.version" />
|
373
|
+
</fingerprint>
|
374
|
+
|
375
|
+
<fingerprint pattern="^VxWorks">
|
376
|
+
<description>VxWorks</description>
|
377
|
+
<example>VxWorks</example>
|
378
|
+
<param pos="0" name="os.certainty" value="0.5"/>
|
379
|
+
<param pos="0" name="os.vendor" value="Wind River"/>
|
380
|
+
<param pos="0" name="os.product" value="VxWorks"/>
|
381
|
+
<param pos="0" name="service.vendor" value="Wind River"/>
|
382
|
+
<param pos="0" name="service.product" value="VxWorks CIFS"/>
|
383
|
+
</fingerprint>
|
384
|
+
|
385
|
+
</fingerprints>
|
@@ -0,0 +1,1738 @@
|
|
1
|
+
<?xml version="1.0"?>
|
2
|
+
<!--
|
3
|
+
SMTP greeting lines (part of the banner after the response code) are matched
|
4
|
+
against these patterns (1 line at a time) to fingerprint SMTP servers.
|
5
|
+
|
6
|
+
This is always done in addition to the patterns in other smtp_*.xml files.
|
7
|
+
These XML files are used in this order:
|
8
|
+
smtp_banners.xml
|
9
|
+
smtp_ehlo.xml
|
10
|
+
smtp_help.xml
|
11
|
+
smtp_noop.xml
|
12
|
+
smtp_expn.xml
|
13
|
+
smtp_vrfy.xml
|
14
|
+
smtp_debug.xml
|
15
|
+
smtp_turn.xml
|
16
|
+
smtp_rset.xml
|
17
|
+
smtp_quit.xml
|
18
|
+
|
19
|
+
The system or service fingerprint with the highest certainty overwrites the others.
|
20
|
+
-->
|
21
|
+
|
22
|
+
<fingerprints matches="smtp.banner">
|
23
|
+
<fingerprint pattern="^X1 NT-ESMTP Server ([^ ]+) \(IMail (\d+\.[^ ]+) EVAL \d+-\d+\)$">
|
24
|
+
<description>IMail EVAL version</description>
|
25
|
+
<param pos="0" name="service.vendor" value="Ipswitch"/>
|
26
|
+
<param pos="0" name="service.family" value="IMail Server"/>
|
27
|
+
<param pos="0" name="service.product" value="IMail Server"/>
|
28
|
+
<param pos="2" name="service.version"/>
|
29
|
+
<param pos="1" name="host.name"/>
|
30
|
+
<param pos="0" name="imail.eval" value="yes"/>
|
31
|
+
</fingerprint>
|
32
|
+
|
33
|
+
<fingerprint pattern="^X1 NT-ESMTP Server ([^ ]+) \(IMail (\d+\.[^ ]+) \d+-\d+\)$">
|
34
|
+
<!-- 220 X1 NT-ESMTP Server foo.bar (IMail 6.06 4342-1) -->
|
35
|
+
<description>IMail non-EVAL version</description>
|
36
|
+
<param pos="0" name="service.vendor" value="Ipswitch"/>
|
37
|
+
<param pos="0" name="service.family" value="IMail Server"/>
|
38
|
+
<param pos="0" name="service.product" value="IMail Server"/>
|
39
|
+
<param pos="2" name="service.version"/>
|
40
|
+
<param pos="1" name="host.name"/>
|
41
|
+
</fingerprint>
|
42
|
+
|
43
|
+
<fingerprint pattern="^([^ ]+) \(IMail (\d+\.[^ ]+) \d+-\d+\) NT-ESMTP Server X1$">
|
44
|
+
<!-- 220 foo.bar (IMail 8.05 113547-7) NT-ESMTP Server X1 -->
|
45
|
+
<description>IMail non-EVAL version</description>
|
46
|
+
<param pos="0" name="service.vendor" value="Ipswitch"/>
|
47
|
+
<param pos="0" name="service.family" value="IMail Server"/>
|
48
|
+
<param pos="0" name="service.product" value="IMail Server"/>
|
49
|
+
<param pos="2" name="service.version"/>
|
50
|
+
<param pos="1" name="host.name"/>
|
51
|
+
</fingerprint>
|
52
|
+
|
53
|
+
<fingerprint pattern="^([^ ]+) SMTP AnalogX Proxy ([^ ]+\.[^ ]+) \(Release\) ready *$">
|
54
|
+
<description>
|
55
|
+
AnalogX proxy
|
56
|
+
http://www.analogx.com/contents/download/network/proxy.htm
|
57
|
+
</description>
|
58
|
+
<param pos="0" name="service.vendor" value="AnalogX"/>
|
59
|
+
<param pos="0" name="service.family" value="Proxy"/>
|
60
|
+
<param pos="0" name="service.product" value="Proxy"/>
|
61
|
+
<param pos="1" name="service.version"/>
|
62
|
+
</fingerprint>
|
63
|
+
|
64
|
+
<fingerprint pattern="^ArGoSoft Mail Server, Version [^ ]+ \(([^ ]+\.[^ ]+\.[^ ]+\.[^ ]+)\) *$">
|
65
|
+
<description>
|
66
|
+
ArGoSoft Mail Server is fully functional STMP/POP3/Finger server for Windows 95/98/NT/2000.
|
67
|
+
http://www.argosoft.com/applications/mailserver/
|
68
|
+
Example: 220 ArGoSoft Mail Server, Version 1.4 (1.4.0.3)
|
69
|
+
</description>
|
70
|
+
<param pos="0" name="service.vendor" value="ArGoSoft"/>
|
71
|
+
<param pos="0" name="service.family" value="Mail Server"/>
|
72
|
+
<param pos="0" name="service.product" value="Mail Server"/>
|
73
|
+
<param pos="1" name="service.version"/>
|
74
|
+
</fingerprint>
|
75
|
+
|
76
|
+
<fingerprint pattern="^ArGoSoft Mail Server Pro for WinNT/2000, Version [^ ]+ \(([^ ]+\.[^ ]+\.[^ ]+\.[^ ]+)\) *$">
|
77
|
+
<description>
|
78
|
+
Example: 220 ArGoSoft Mail Server Pro for WinNT/2000, Version 1.61 (1.6.1.8)
|
79
|
+
</description>
|
80
|
+
<param pos="0" name="service.vendor" value="ArGoSoft"/>
|
81
|
+
<param pos="0" name="service.family" value="Mail Server"/>
|
82
|
+
<param pos="0" name="service.product" value="Mail Server"/>
|
83
|
+
<param pos="1" name="service.version"/>
|
84
|
+
</fingerprint>
|
85
|
+
|
86
|
+
<fingerprint pattern="^([^ ]+) +AppleShare IP Mail Server ([^ ]+\.[^ ]+\.[^ ]+) SMTP Server Ready *$">
|
87
|
+
<description>
|
88
|
+
AppleShare IP Mail Server (3 version numbers)
|
89
|
+
</description>
|
90
|
+
<param pos="0" name="service.vendor" value="Apple"/>
|
91
|
+
<param pos="0" name="service.family" value="AppleShare IP Mail Server"/>
|
92
|
+
<param pos="0" name="service.product" value="AppleShare IP Mail Server"/>
|
93
|
+
<param pos="1" name="host.name"/>
|
94
|
+
<param pos="2" name="service.version"/>
|
95
|
+
</fingerprint>
|
96
|
+
|
97
|
+
<fingerprint pattern="^([^ ]+) +AppleShare IP Mail Server ([^ ]+\.[^ ]+) SMTP Server Ready *$">
|
98
|
+
<description>
|
99
|
+
AppleShare IP Mail Server (2 version numbers)
|
100
|
+
</description>
|
101
|
+
<param pos="0" name="service.vendor" value="Apple"/>
|
102
|
+
<param pos="0" name="service.family" value="AppleShare IP Mail Server"/>
|
103
|
+
<param pos="0" name="service.product" value="AppleShare IP Mail Server"/>
|
104
|
+
<param pos="1" name="host.name"/>
|
105
|
+
<param pos="2" name="service.version"/>
|
106
|
+
</fingerprint>
|
107
|
+
|
108
|
+
<fingerprint pattern="^CheckPoint FireWall-1 secure SMTP server *$">
|
109
|
+
<description>
|
110
|
+
CheckPoint FireWall-1
|
111
|
+
</description>
|
112
|
+
<param pos="0" name="service.vendor" value="Check Point"/>
|
113
|
+
<param pos="0" name="service.family" value="Check Point"/>
|
114
|
+
<param pos="0" name="service.product" value="Firewall-1"/>
|
115
|
+
</fingerprint>
|
116
|
+
|
117
|
+
<fingerprint pattern="^SMTP/cmap ready_+$">
|
118
|
+
<description>
|
119
|
+
Cisco Pix v4.x
|
120
|
+
</description>
|
121
|
+
<param pos="0" name="service.vendor" value="Cisco"/>
|
122
|
+
<param pos="0" name="service.family" value="PIX"/>
|
123
|
+
<param pos="0" name="service.product" value="PIX"/>
|
124
|
+
<param pos="0" name="service.version" value="4"/>
|
125
|
+
</fingerprint>
|
126
|
+
|
127
|
+
<fingerprint pattern="^([\*20 ]+)$">
|
128
|
+
<description>
|
129
|
+
Cisco PIX firewall: PIX sits between an internal SMTP server and the rest of the world.
|
130
|
+
|
131
|
+
Its MailGuard feature strips all information out of the 220 header except for the ' ' (space), '2' (digit two),
|
132
|
+
and '0' (digit zero) characters, replacing them with asterisks. While this effectively
|
133
|
+
hides the back-end SMTP server, it does tell us that they are running Cisco PIX firewall
|
134
|
+
(at least for SMTP, and possibly other services as well).
|
135
|
+
|
136
|
+
Search Cisco's documentation for "fixup protocol SMTP" for more information.
|
137
|
+
</description>
|
138
|
+
<param pos="0" name="service.vendor" value="Cisco"/>
|
139
|
+
<param pos="0" name="service.family" value="PIX"/>
|
140
|
+
<param pos="0" name="service.product" value="PIX"/>
|
141
|
+
</fingerprint>
|
142
|
+
|
143
|
+
<fingerprint pattern="^([^ ]+) +ESMTP CPMTA-([^ ]+)_([^ ]+)_([^ ]+)_([^ ]+) - NO UCE *$">
|
144
|
+
<description>
|
145
|
+
Critical Path (aka InScribe) Messaging Server
|
146
|
+
http://www.cp.net/products/inscr_messagingserv_overview.html
|
147
|
+
Runs on Windows NT4/2k, Solaris 2.6, 2.7, and 2.8 Sparc/Intel, SGI IRIX 6.5.3 or later, and AIX
|
148
|
+
</description>
|
149
|
+
<param pos="0" name="service.vendor" value="Critical Path"/>
|
150
|
+
<param pos="0" name="service.family" value="Messaging Server"/>
|
151
|
+
<param pos="0" name="service.product" value="Messaging Server"/>
|
152
|
+
<param pos="1" name="host.name"/>
|
153
|
+
<param pos="2" name="service.version"/>
|
154
|
+
<param pos="3" name="service.version.version"/>
|
155
|
+
<param pos="4" name="service.version.version.version"/>
|
156
|
+
<param pos="5" name="service.version.version.version.version"/>
|
157
|
+
</fingerprint>
|
158
|
+
|
159
|
+
<fingerprint pattern="^CSM Internet Mail Scanner SMTP-Gateway ready?\. *$">
|
160
|
+
<description>
|
161
|
+
CSM Internet Mail Scanner SMTP proxy
|
162
|
+
see http://www.csm-usa.com/product/ims/release.htm
|
163
|
+
TODO: Some versions return a typo "read." instead of "ready." - use this to fingerprint
|
164
|
+
example: 220 CSM Internet Mail Scanner SMTP-Gateway ready.
|
165
|
+
example: 220 CSM Internet Mail Scanner SMTP-Gateway read.
|
166
|
+
</description>
|
167
|
+
<param pos="0" name="service.vendor" value="CSM"/>
|
168
|
+
<param pos="0" name="service.family" value="Internet Mail Scanner"/>
|
169
|
+
<param pos="0" name="service.product" value="Internet Mail Scanner"/>
|
170
|
+
</fingerprint>
|
171
|
+
|
172
|
+
<fingerprint pattern="^([^ ]+) +IMS SMTP Receiver Version ([^ ]+\.[^ ]+) Ready *$">
|
173
|
+
<description>
|
174
|
+
EMWAC Internet Mail Services http://emwac.ed.ac.uk/html/internet_toolchest/ims/ims.htm
|
175
|
+
example: 220 gabriela.networld.com.ar IMS SMTP Receiver Version 0.83 Ready
|
176
|
+
</description>
|
177
|
+
<param pos="0" name="service.vendor" value="EMWAC"/>
|
178
|
+
<param pos="0" name="service.family" value="Internet Mail Services"/>
|
179
|
+
<param pos="0" name="service.product" value="Internet Mail Services"/>
|
180
|
+
<param pos="1" name="host.name"/>
|
181
|
+
<param pos="2" name="service.version"/>
|
182
|
+
</fingerprint>
|
183
|
+
|
184
|
+
<fingerprint pattern="^([^ ]+) running Eudora Internet Mail Server ([^ ]+\.[^ ]+\.[^ ]+) *$">
|
185
|
+
<description>
|
186
|
+
Eudora Internet Mail Server (3 version numbers)
|
187
|
+
example: 220 interlink.com.ar running Eudora Internet Mail Server 3.0.2
|
188
|
+
example: 220 mail.gis.at running Eudora Internet Mail Server 2.2
|
189
|
+
</description>
|
190
|
+
<param pos="0" name="service.vendor" value="Eudora"/>
|
191
|
+
<param pos="0" name="service.family" value="Internet Mail Server"/>
|
192
|
+
<param pos="0" name="service.product" value="Internet Mail Server"/>
|
193
|
+
<param pos="0" name="os.vendor" value="Apple"/>
|
194
|
+
<param pos="0" name="os.family" value="Mac OS"/>
|
195
|
+
<param pos="0" name="os.device" value="General"/>
|
196
|
+
<param pos="0" name="os.product" value="Mac OS"/>
|
197
|
+
<param pos="1" name="host.name"/>
|
198
|
+
<param pos="2" name="service.version"/>
|
199
|
+
</fingerprint>
|
200
|
+
|
201
|
+
<fingerprint pattern="^([^ ]+) running Eudora Internet Mail Server ([^ ]+\.[^ ]+) *$">
|
202
|
+
<description>
|
203
|
+
Eudora Internet Mail Server (2 version numbers)
|
204
|
+
220 mail.gis.at running Eudora Internet Mail Server 2.2
|
205
|
+
</description>
|
206
|
+
<param pos="0" name="service.vendor" value="Eudora"/>
|
207
|
+
<param pos="0" name="service.family" value="Internet Mail Server"/>
|
208
|
+
<param pos="0" name="service.product" value="Internet Mail Server"/>
|
209
|
+
<param pos="0" name="os.vendor" value="Apple"/>
|
210
|
+
<param pos="0" name="os.family" value="Mac OS"/>
|
211
|
+
<param pos="0" name="os.device" value="General"/>
|
212
|
+
<param pos="0" name="os.product" value="Mac OS"/>
|
213
|
+
<param pos="1" name="host.name"/>
|
214
|
+
<param pos="2" name="service.version"/>
|
215
|
+
</fingerprint>
|
216
|
+
|
217
|
+
<fingerprint pattern="^([^ ]+) +ESMTP Server \(Microsoft Exchange Internet Mail Service (\d+\.\d+\.\d+\.\d+)\) ready *$">
|
218
|
+
<!-- your.smtp.server ESMTP Server (Microsoft Exchange Internet Mail Service 5.5.2448.0) ready -->
|
219
|
+
<description>
|
220
|
+
Microsoft Exchange Server 5.5 and above
|
221
|
+
(for sure, can't be confused with the IIS builtin SMTP service)
|
222
|
+
</description>
|
223
|
+
<param pos="0" name="service.vendor" value="Microsoft"/>
|
224
|
+
<param pos="0" name="service.family" value="Exchange Server"/>
|
225
|
+
<param pos="0" name="service.product" value="Exchange Server"/>
|
226
|
+
<param pos="2" name="service.version"/>
|
227
|
+
<param pos="1" name="host.name"/>
|
228
|
+
<param pos="0" name="os.vendor" value="Microsoft"/>
|
229
|
+
<param pos="0" name="os.family" value="Windows"/>
|
230
|
+
<param pos="0" name="os.device" value="General"/>
|
231
|
+
<param pos="0" name="os.product" value="Windows"/>
|
232
|
+
</fingerprint>
|
233
|
+
|
234
|
+
<fingerprint pattern="^([^ ]+) Microsoft Exchange Internet Mail Service (\d+\.\d+\.\d+\.\d+) ready *$">
|
235
|
+
<!-- your.smtp.server Microsoft Exchange Internet Mail Service 5.0.1460.8 ready -->
|
236
|
+
<description>
|
237
|
+
Microsoft Exchange Server 5.0
|
238
|
+
(for sure, can't be confused with the IIS builtin SMTP service)
|
239
|
+
</description>
|
240
|
+
<param pos="0" name="service.vendor" value="Microsoft"/>
|
241
|
+
<param pos="0" name="service.family" value="Exchange Server"/>
|
242
|
+
<param pos="0" name="service.product" value="Exchange Server"/>
|
243
|
+
<param pos="2" name="service.version"/>
|
244
|
+
<param pos="1" name="host.name"/>
|
245
|
+
<param pos="0" name="os.vendor" value="Microsoft"/>
|
246
|
+
<param pos="0" name="os.family" value="Windows"/>
|
247
|
+
<param pos="0" name="os.device" value="General"/>
|
248
|
+
<param pos="0" name="os.product" value="Windows"/>
|
249
|
+
</fingerprint>
|
250
|
+
|
251
|
+
<fingerprint pattern="^([^ ]+) Microsoft ESMTP MAIL Service ready at .*$">
|
252
|
+
<description>
|
253
|
+
Microsoft Exchange 2007/2010
|
254
|
+
(for sure, can't be confused with the IIS builtin SMTP service)
|
255
|
+
</description>
|
256
|
+
<example>foo Microsoft ESMTP MAIL Service ready at Wed, 21 Jul 2010 19:04:24 -0700</example>
|
257
|
+
<param pos="0" name="service.vendor" value="Microsoft"/>
|
258
|
+
<param pos="0" name="service.family" value="Exchange Server"/>
|
259
|
+
<param pos="0" name="service.product" value="Exchange Server"/>
|
260
|
+
<param pos="1" name="host.name"/>
|
261
|
+
<param pos="0" name="os.vendor" value="Microsoft"/>
|
262
|
+
<param pos="0" name="os.family" value="Windows"/>
|
263
|
+
<param pos="0" name="os.device" value="General"/>
|
264
|
+
<param pos="0" name="os.product" value="Windows"/>
|
265
|
+
</fingerprint>
|
266
|
+
|
267
|
+
<fingerprint pattern="^([^ ]+) Microsoft SMTP MAIL ready at (.+) Version: +(\d+\.\d+\.\d+\.\d+\.\d+) *$">
|
268
|
+
<!-- smtp.foo.bar Microsoft SMTP MAIL ready at Tue, 6 Feb 2001 18:28:07 +0100 Version: 5.5.1877.197.19 -->
|
269
|
+
<description>
|
270
|
+
Microsoft IIS builtin SMTP service, or Microsoft Exchange Server
|
271
|
+
(they are differentiated from each other in smtp-iis.clp)
|
272
|
+
</description>
|
273
|
+
<param pos="0" name="service.vendor" value="Microsoft"/>
|
274
|
+
<param pos="0" name="service.family" value="IIS"/>
|
275
|
+
<param pos="0" name="service.product" value="IIS"/>
|
276
|
+
<param pos="3" name="service.version"/>
|
277
|
+
<param pos="1" name="host.name"/>
|
278
|
+
<param pos="2" name="system.time"/>
|
279
|
+
<param pos="0" name="system.time.format" value="EEE, dd MMM yyyy HH:mm:ss zzz"/>
|
280
|
+
<param pos="0" name="os.vendor" value="Microsoft"/>
|
281
|
+
<param pos="0" name="os.family" value="Windows"/>
|
282
|
+
<param pos="0" name="os.device" value="General"/>
|
283
|
+
<param pos="0" name="os.product" value="Windows"/>
|
284
|
+
</fingerprint>
|
285
|
+
|
286
|
+
<fingerprint pattern="^([^ ]+) +Microsoft ESMTP MAIL Service, Version: +(\d+\.\d+\.\d+\.\d+) +ready at +(.+)$">
|
287
|
+
<!-- foo.bar.com Microsoft ESMTP MAIL Service, Version: 5.0.2195.1600 ready at Wed, 31 Jan 2001 00:10:50 -0400 -->
|
288
|
+
<description>
|
289
|
+
Microsoft IIS builtin SMTP service, or Microsoft Exchange Server
|
290
|
+
(they are differentiated from each other in smtp-iis.clp)
|
291
|
+
</description>
|
292
|
+
<param pos="0" name="service.vendor" value="Microsoft"/>
|
293
|
+
<param pos="0" name="service.family" value="IIS"/>
|
294
|
+
<param pos="0" name="service.product" value="IIS"/>
|
295
|
+
<param pos="2" name="service.version"/>
|
296
|
+
<param pos="1" name="host.name"/>
|
297
|
+
<param pos="3" name="system.time"/>
|
298
|
+
<param pos="0" name="system.time.format" value="EEE, dd MMM yyyy HH:mm:ss zzz"/>
|
299
|
+
<param pos="0" name="os.vendor" value="Microsoft"/>
|
300
|
+
<param pos="0" name="os.family" value="Windows"/>
|
301
|
+
<param pos="0" name="os.device" value="General"/>
|
302
|
+
<param pos="0" name="os.product" value="Windows"/>
|
303
|
+
</fingerprint>
|
304
|
+
|
305
|
+
|
306
|
+
<fingerprint pattern="^([^ ]+) ESMTP Exim ([^ ]+\.[^ ]+) (.+)$">
|
307
|
+
<description>
|
308
|
+
Exim (3 version numbers)
|
309
|
+
example: 220 foo.bar.com ESMTP Exim 3.12 #1 Wed, 31 Jan 2001 15:47:23 +1100
|
310
|
+
example: 220 foo.bar.com ESMTP Exim 3.22 1 Mon, 30 Jul 2001 23:16:12 +0100 [NO UCE, NO SPAM]
|
311
|
+
</description>
|
312
|
+
<param pos="0" name="service.vendor" value="exim"/>
|
313
|
+
<param pos="0" name="service.family" value="exim"/>
|
314
|
+
<param pos="0" name="service.product" value="exim"/>
|
315
|
+
<param pos="0" name="system.time.format" value="EEE, dd MMM yyyy HH:mm:ss zzz"/>
|
316
|
+
<param pos="1" name="host.name"/>
|
317
|
+
<param pos="2" name="service.version"/>
|
318
|
+
<param pos="3" name="system.time"/>
|
319
|
+
</fingerprint>
|
320
|
+
|
321
|
+
<fingerprint pattern="^([^ ]+) FTGate server ready .*$">
|
322
|
+
<description>
|
323
|
+
FTGate mail server, runs on Windows 9x/NT/2k
|
324
|
+
http://www.ftgate.com
|
325
|
+
Example: 220 stoddardhoney.com FTGate server ready -attitude [C.o.r.E]
|
326
|
+
</description>
|
327
|
+
<param pos="0" name="service.vendor" value="Floosietek"/>
|
328
|
+
<param pos="0" name="service.family" value="FTGate"/>
|
329
|
+
<param pos="0" name="service.product" value="FTGate"/>
|
330
|
+
<param pos="1" name="host.name"/>
|
331
|
+
</fingerprint>
|
332
|
+
|
333
|
+
<fingerprint pattern="^([^ ]+) +SMTP/smap Ready\.$">
|
334
|
+
<description>
|
335
|
+
TIS FWTK and derivatives
|
336
|
+
http://www.tis.com/research/software/
|
337
|
+
This fingerprint may be ambiguous because other firewalls (like
|
338
|
+
Gauntlet) are derived from TIS
|
339
|
+
</description>
|
340
|
+
<param pos="0" name="service.vendor" value="TIS"/>
|
341
|
+
<param pos="0" name="service.family" value="FWTK"/>
|
342
|
+
<param pos="0" name="service.product" value="FWTK"/>
|
343
|
+
</fingerprint>
|
344
|
+
|
345
|
+
<fingerprint pattern="^([^ ]+) GroupWise Internet Agent ([^ ]+\.[^ ]+\.[^ ]+) Ready \(C\).* Novell, Inc\. *$">
|
346
|
+
<description>
|
347
|
+
Novell GroupWise Internet Agent versions 5 and higher, 3 version numbers
|
348
|
+
example: 220 coleharbourplace.com GroupWise Internet Agent 5.5.1 Ready (C)1993, 1998 Novell, Inc.
|
349
|
+
</description>
|
350
|
+
<param pos="0" name="service.vendor" value="Novell"/>
|
351
|
+
<param pos="0" name="service.family" value="GroupWise"/>
|
352
|
+
<param pos="0" name="service.product" value="GroupWise"/>
|
353
|
+
<param pos="1" name="host.name"/>
|
354
|
+
<param pos="2" name="service.version"/>
|
355
|
+
</fingerprint>
|
356
|
+
|
357
|
+
<fingerprint pattern="^([^ ]+) GroupWise Internet Agent ([^ ]+\.[^ ]+) Ready \(C\).* Novell, Inc\. *$">
|
358
|
+
<description>
|
359
|
+
Novell GroupWise Internet Agent versions 5 and higher, 2 version numbers
|
360
|
+
</description>
|
361
|
+
<param pos="0" name="service.vendor" value="Novell"/>
|
362
|
+
<param pos="0" name="service.family" value="GroupWise"/>
|
363
|
+
<param pos="0" name="service.product" value="GroupWise"/>
|
364
|
+
<param pos="1" name="host.name"/>
|
365
|
+
<param pos="2" name="service.version"/>
|
366
|
+
</fingerprint>
|
367
|
+
|
368
|
+
<fingerprint pattern="^([^ ]+) GroupWise SMTP/MIME Daemon ([^ ]+\.[^ ]+) v([^ ]+) Ready \(C\).* Novell, Inc\. *$">
|
369
|
+
<description>
|
370
|
+
Novell GroupWise versions below 5
|
371
|
+
example: 220 bates.at GroupWise SMTP/MIME Daemon 4.1 v3 Ready (C)1993, 1996 Novell, Inc.
|
372
|
+
</description>
|
373
|
+
<param pos="0" name="service.vendor" value="Novell"/>
|
374
|
+
<param pos="0" name="service.family" value="GroupWise"/>
|
375
|
+
<param pos="0" name="service.product" value="GroupWise"/>
|
376
|
+
<param pos="1" name="host.name"/>
|
377
|
+
<param pos="2" name="service.version"/>
|
378
|
+
<param pos="3" name="service.version.version"/>
|
379
|
+
</fingerprint>
|
380
|
+
|
381
|
+
<fingerprint pattern="^([^ ]+) running IBM VM SMTP (.+) on (.+) *$">
|
382
|
+
<description>
|
383
|
+
IBM SMTP server for VM/ESA on IBM S/390 and IBM eserver z/Series 900.
|
384
|
+
http://www.vm.ibm.com
|
385
|
+
http://www-1.ibm.com/servers/eserver/zseries/
|
386
|
+
http://mitvma.mit.edu/system/vm.html
|
387
|
+
example: 220 mail.foo.bar running IBM VM SMTP Level 3A0 on Mon, 10 Sep 2001 07:21:54 EDT
|
388
|
+
example: 220 mail.foo.bar running IBM VM SMTP V2R4 on Mon, 10 Sep 2001 12:23:47 +0100
|
389
|
+
</description>
|
390
|
+
<param pos="0" name="service.vendor" value="IBM"/>
|
391
|
+
<param pos="0" name="service.family" value="VM"/>
|
392
|
+
<param pos="0" name="service.product" value="VM"/>
|
393
|
+
<param pos="0" name="system.time.format" value="EEE, dd MMM yyyy HH:mm:ss zzz"/>
|
394
|
+
<param pos="1" name="host.name"/>
|
395
|
+
<param pos="2" name="service.version"/>
|
396
|
+
<param pos="3" name="system.time"/>
|
397
|
+
</fingerprint>
|
398
|
+
|
399
|
+
<fingerprint pattern="^([^ ]+) running IBM VM SMTP (.+); (.+) *$">
|
400
|
+
<description>
|
401
|
+
IBM SMTP server for VM/ESA on IBM S/390 and IBM eserver z/Series 900.
|
402
|
+
http://www.vm.ibm.com
|
403
|
+
http://www-1.ibm.com/servers/eserver/zseries/
|
404
|
+
http://mitvma.mit.edu/system/vm.html
|
405
|
+
example: 220 mail.foo.bar ESMTP running IBM VM SMTP V2R4; Mon, 10 Sep 2001 07:24:35 -0400 (EDT)
|
406
|
+
</description>
|
407
|
+
<param pos="0" name="service.vendor" value="IBM"/>
|
408
|
+
<param pos="0" name="service.family" value="VM"/>
|
409
|
+
<param pos="0" name="service.product" value="VM"/>
|
410
|
+
<param pos="0" name="system.time.format" value="EEE, dd MMM yyyy HH:mm:ss zzz"/>
|
411
|
+
<param pos="1" name="host.name"/>
|
412
|
+
<param pos="2" name="service.version"/>
|
413
|
+
<param pos="3" name="system.time"/>
|
414
|
+
</fingerprint>
|
415
|
+
|
416
|
+
<fingerprint pattern="^([^ ]+) \(IntraStore TurboSendmail\) ESMTP Service ready *$">
|
417
|
+
<description>
|
418
|
+
Syntegra/CDC IntraStore TurboSendmail, part of the IntraStore server which runs on
|
419
|
+
the following platforms ONLY: Linux, HP-UX, Solaris, AIX, and Windows NT/2000
|
420
|
+
see http://www.cdc.com for more information
|
421
|
+
example: 220 tigger.disneyonline.com (IntraStore TurboSendmail) ESMTP Service ready
|
422
|
+
</description>
|
423
|
+
<param pos="0" name="service.vendor" value="BT"/>
|
424
|
+
<param pos="0" name="service.family" value="IntraStore"/>
|
425
|
+
<param pos="0" name="service.product" value="IntraStore"/>
|
426
|
+
</fingerprint>
|
427
|
+
|
428
|
+
<fingerprint pattern="^([^ ]+) \(Mail-Max Version (\d+\.\d+\.\d+\.\d+), (.+, .+)\) ESMTP Mail Server Ready. *$">
|
429
|
+
<description>
|
430
|
+
Mail Max (4 version numbers)
|
431
|
+
example: 220 MAIL3 (Mail-Max Version 4.2.4.7, Wed, 31 Jan 2001 03:44:35 +0100 WST) ESMTP Mail Server Ready.
|
432
|
+
</description>
|
433
|
+
<param pos="0" name="service.vendor" value="Mail-Max"/>
|
434
|
+
<param pos="0" name="service.family" value="Mail-Max"/>
|
435
|
+
<param pos="0" name="service.product" value="Mail-Max"/>
|
436
|
+
<param pos="0" name="system.time.format" value="EEE, dd MMM yyyy HH:mm:ss zzz"/>
|
437
|
+
<param pos="1" name="host.name"/>
|
438
|
+
<param pos="2" name="service.version"/>
|
439
|
+
<param pos="3" name="system.time"/>
|
440
|
+
</fingerprint>
|
441
|
+
|
442
|
+
<fingerprint pattern="^([^ ]+) \(Mail-Max Version (\d+\.\d+), (.+, .+)\) ESMTP Mail Server Ready. *$">
|
443
|
+
<description>
|
444
|
+
Mail Max (2 version numbers)
|
445
|
+
example: 220 WEBB (Mail-Max Version 3.065, Wed, 31 Jan 2001 03:46:11 +0100 WST) ESMTP Mail Server Ready.
|
446
|
+
</description>
|
447
|
+
<param pos="0" name="service.vendor" value="Mail-Max"/>
|
448
|
+
<param pos="0" name="service.family" value="Mail-Max"/>
|
449
|
+
<param pos="0" name="service.product" value="Mail-Max"/>
|
450
|
+
<param pos="0" name="system.time.format" value="EEE, dd MMM yyyy HH:mm:ss zzz"/>
|
451
|
+
<param pos="1" name="host.name"/>
|
452
|
+
<param pos="2" name="service.version"/>
|
453
|
+
<param pos="3" name="system.time"/>
|
454
|
+
</fingerprint>
|
455
|
+
|
456
|
+
<fingerprint pattern="^([^ ]+) +MailSite ESMTP Receiver Version ([^ ]+\.[^ ]+\.[^ ]+\.[^ ]+) Ready *$">
|
457
|
+
<description>
|
458
|
+
Rockliffe MailSite http://www.rockliffe.com
|
459
|
+
example: 220 bas.com.ar MailSite ESMTP Receiver Version 3.4.6.0 Ready
|
460
|
+
</description>
|
461
|
+
<param pos="0" name="service.vendor" value="Rockliffe"/>
|
462
|
+
<param pos="0" name="service.family" value="MailSite"/>
|
463
|
+
<param pos="0" name="service.product" value="MailSite"/>
|
464
|
+
<param pos="1" name="host.name"/>
|
465
|
+
<param pos="2" name="service.version"/>
|
466
|
+
</fingerprint>
|
467
|
+
|
468
|
+
<fingerprint pattern="^([^ ]+) +MailSite ESMTP Receiver Version ([^ ]+\.[^ ]+\.[^ ]+) Ready *$">
|
469
|
+
<description>
|
470
|
+
Rockliffe MailSite http://www.rockliffe.com
|
471
|
+
example: 220 rhino.accessweb.com MailSite SMTP Receiver Version 2.1.7 Ready
|
472
|
+
</description>
|
473
|
+
<param pos="0" name="service.vendor" value="Rockliffe"/>
|
474
|
+
<param pos="0" name="service.family" value="MailSite"/>
|
475
|
+
<param pos="0" name="service.product" value="MailSite"/>
|
476
|
+
<param pos="1" name="host.name"/>
|
477
|
+
<param pos="2" name="service.version"/>
|
478
|
+
</fingerprint>
|
479
|
+
|
480
|
+
<fingerprint pattern="^([^ ]+) +MAILsweeper ESMTP Receiver Version ([^ ]+\.[^ ]+\.[^ ]+\.[^ ]+) Ready *$">
|
481
|
+
<description>
|
482
|
+
Content Security MAILsweeper for SMTP http://www.contenttechnologies.com/products/msw4smtp/default.asp
|
483
|
+
example: 220 infotech.at MAILsweeper ESMTP Receiver Version 4.2.1.0 Ready
|
484
|
+
</description>
|
485
|
+
<param pos="0" name="service.vendor" value="Clearswift"/>
|
486
|
+
<param pos="0" name="service.family" value="MAILsweeper"/>
|
487
|
+
<param pos="0" name="service.product" value="MAILsweeper"/>
|
488
|
+
<param pos="1" name="host.name"/>
|
489
|
+
<param pos="2" name="service.version"/>
|
490
|
+
</fingerprint>
|
491
|
+
|
492
|
+
<fingerprint pattern="^([^ ]+) +ESMTP MDaemon ([^ ]+\.[^ ]+\.[^ ]+) UNREGISTERED; *(.+) *$">
|
493
|
+
<description>
|
494
|
+
MDaemon mail server
|
495
|
+
220 foo.bar ESMTP MDaemon 4.0.5 UNREGISTERED; Sat, 06 Oct 2001 09:10:56 +0400
|
496
|
+
</description>
|
497
|
+
<param pos="0" name="service.vendor" value="Alt-N"/>
|
498
|
+
<param pos="0" name="service.family" value="MDaemon"/>
|
499
|
+
<param pos="0" name="service.product" value="MDaemon"/>
|
500
|
+
<param pos="0" name="system.time.format" value="EEE, dd MMM yyyy HH:mm:ss zzz"/>
|
501
|
+
<param pos="0" name="mdaemon.unregistered" value="yes"/>
|
502
|
+
<param pos="0" name="os.vendor" value="Microsoft"/>
|
503
|
+
<param pos="0" name="os.family" value="Windows"/>
|
504
|
+
<param pos="0" name="os.device" value="General"/>
|
505
|
+
<param pos="0" name="os.product" value="Windows"/>
|
506
|
+
<param pos="0" name="os.arch" value="x86"/>
|
507
|
+
<param pos="1" name="host.name"/>
|
508
|
+
<param pos="2" name="service.version"/>
|
509
|
+
<param pos="3" name="system.time"/>
|
510
|
+
</fingerprint>
|
511
|
+
|
512
|
+
<fingerprint pattern="^([^ ]+) +ESMTP MDaemon ([^ ]+\.[^ ]+\.[^ ]+); *(.+) *$">
|
513
|
+
<description>
|
514
|
+
MDaemon mail server
|
515
|
+
220 foo.bar ESMTP MDaemon 4.0.2; Sat, 06 Oct 2001 01:46:44 -0500
|
516
|
+
</description>
|
517
|
+
<param pos="0" name="service.vendor" value="Alt-N"/>
|
518
|
+
<param pos="0" name="service.family" value="MDaemon"/>
|
519
|
+
<param pos="0" name="service.product" value="MDaemon"/>
|
520
|
+
<param pos="0" name="system.time.format" value="EEE, dd MMM yyyy HH:mm:ss zzz"/>
|
521
|
+
<param pos="0" name="os.vendor" value="Microsoft"/>
|
522
|
+
<param pos="0" name="os.family" value="Windows"/>
|
523
|
+
<param pos="0" name="os.device" value="General"/>
|
524
|
+
<param pos="0" name="os.product" value="Windows"/>
|
525
|
+
<param pos="0" name="os.arch" value="x86"/>
|
526
|
+
<param pos="1" name="host.name"/>
|
527
|
+
<param pos="2" name="service.version"/>
|
528
|
+
<param pos="3" name="system.time"/>
|
529
|
+
</fingerprint>
|
530
|
+
|
531
|
+
<fingerprint pattern="^([^ ]+) +ESMTP MDaemon ([^ ]+\.[^ ]+\.[^ ]+) ready *$">
|
532
|
+
<description>
|
533
|
+
MDaemon mail server
|
534
|
+
220 foo.bar ESMTP MDaemon 3.5.7 ready
|
535
|
+
</description>
|
536
|
+
<param pos="0" name="service.vendor" value="Alt-N"/>
|
537
|
+
<param pos="0" name="service.family" value="MDaemon"/>
|
538
|
+
<param pos="0" name="service.product" value="MDaemon"/>
|
539
|
+
<param pos="0" name="os.vendor" value="Microsoft"/>
|
540
|
+
<param pos="0" name="os.family" value="Windows"/>
|
541
|
+
<param pos="0" name="os.device" value="General"/>
|
542
|
+
<param pos="0" name="os.product" value="Windows"/>
|
543
|
+
<param pos="0" name="os.arch" value="x86"/>
|
544
|
+
<param pos="1" name="host.name"/>
|
545
|
+
<param pos="2" name="service.version"/>
|
546
|
+
</fingerprint>
|
547
|
+
|
548
|
+
<fingerprint pattern="^([^ ]+) +ESMTP service ready \[[0-9]+\] MDaemon v([^ ]+\.[^ ]+) ([^ ]+) *$">
|
549
|
+
<description>
|
550
|
+
MDaemon mail server
|
551
|
+
220 foo.bar.com ESMTP service ready [1] MDaemon v2.84 R
|
552
|
+
</description>
|
553
|
+
<param pos="0" name="service.vendor" value="Alt-N"/>
|
554
|
+
<param pos="0" name="service.family" value="MDaemon"/>
|
555
|
+
<param pos="0" name="service.product" value="MDaemon"/>
|
556
|
+
<param pos="0" name="os.vendor" value="Microsoft"/>
|
557
|
+
<param pos="0" name="os.family" value="Windows"/>
|
558
|
+
<param pos="0" name="os.device" value="General"/>
|
559
|
+
<param pos="0" name="os.product" value="Windows"/>
|
560
|
+
<param pos="0" name="os.arch" value="x86"/>
|
561
|
+
<param pos="1" name="host.name"/>
|
562
|
+
<param pos="2" name="service.version"/>
|
563
|
+
<param pos="3" name="service.version.version"/>
|
564
|
+
</fingerprint>
|
565
|
+
|
566
|
+
<fingerprint pattern="^([^ ]+) +ESMTP service ready \[[0-9]+\] using MDaemon v([^ ]+\.[^ ]+\.[^ ]+) ([^ ]+) *$">
|
567
|
+
<description>
|
568
|
+
MDaemon mail server
|
569
|
+
220 foo.bar.com ESMTP service ready [1] using MDaemon v3.0.3 R
|
570
|
+
</description>
|
571
|
+
<param pos="0" name="service.vendor" value="Alt-N"/>
|
572
|
+
<param pos="0" name="service.family" value="MDaemon"/>
|
573
|
+
<param pos="0" name="service.product" value="MDaemon"/>
|
574
|
+
<param pos="0" name="os.vendor" value="Microsoft"/>
|
575
|
+
<param pos="0" name="os.family" value="Windows"/>
|
576
|
+
<param pos="0" name="os.device" value="General"/>
|
577
|
+
<param pos="0" name="os.product" value="Windows"/>
|
578
|
+
<param pos="0" name="os.arch" value="x86"/>
|
579
|
+
<param pos="1" name="host.name"/>
|
580
|
+
<param pos="2" name="service.version"/>
|
581
|
+
<param pos="3" name="service.version.version"/>
|
582
|
+
</fingerprint>
|
583
|
+
|
584
|
+
<fingerprint pattern="^([^ ]+) +ESMTP service ready \[[0-9]+\] MDaemon v([^ ]+\.[^ ]+) ([^ ]+) ([^ ]+) *$">
|
585
|
+
<description>
|
586
|
+
MDaemon mail server
|
587
|
+
220 foo.bar.com ESMTP service ready [1] MDaemon v2.7 SP5 R
|
588
|
+
</description>
|
589
|
+
<param pos="0" name="service.vendor" value="Alt-N"/>
|
590
|
+
<param pos="0" name="service.family" value="MDaemon"/>
|
591
|
+
<param pos="0" name="service.product" value="MDaemon"/>
|
592
|
+
<param pos="0" name="os.vendor" value="Microsoft"/>
|
593
|
+
<param pos="0" name="os.family" value="Windows"/>
|
594
|
+
<param pos="0" name="os.device" value="General"/>
|
595
|
+
<param pos="0" name="os.product" value="Windows"/>
|
596
|
+
<param pos="0" name="os.arch" value="x86"/>
|
597
|
+
<param pos="1" name="host.name"/>
|
598
|
+
<param pos="2" name="service.version"/>
|
599
|
+
<param pos="3" name="service.version.version"/>
|
600
|
+
<param pos="4" name="service.version.version.version"/>
|
601
|
+
</fingerprint>
|
602
|
+
|
603
|
+
<fingerprint pattern="^([^ ]+) +ESMTP service ready \[[0-9]+\] MDaemon v([^ ]+)\.([^ ]+)\.([^ ]+)\.([^ ]+) ([^ ]+) *$">
|
604
|
+
<description>
|
605
|
+
MDaemon mail server
|
606
|
+
220 foo.bar.com ESMTP service ready [1] MDaemon v2.8.7.0 R
|
607
|
+
</description>
|
608
|
+
<param pos="0" name="service.vendor" value="Alt-N"/>
|
609
|
+
<param pos="0" name="service.family" value="MDaemon"/>
|
610
|
+
<param pos="0" name="service.product" value="MDaemon"/>
|
611
|
+
<param pos="0" name="os.vendor" value="Microsoft"/>
|
612
|
+
<param pos="0" name="os.family" value="Windows"/>
|
613
|
+
<param pos="0" name="os.device" value="General"/>
|
614
|
+
<param pos="0" name="os.product" value="Windows"/>
|
615
|
+
<param pos="0" name="os.arch" value="x86"/>
|
616
|
+
<param pos="1" name="host.name"/>
|
617
|
+
<param pos="2" name="service.version"/>
|
618
|
+
<param pos="3" name="service.version.version"/>
|
619
|
+
<param pos="4" name="service.version.version.version"/>
|
620
|
+
<param pos="5" name="service.version.version.version.version"/>
|
621
|
+
<param pos="6" name="service.version.version.version.version.version"/>
|
622
|
+
</fingerprint>
|
623
|
+
|
624
|
+
<fingerprint pattern="^([^ ]+) +ESMTP service ready \[[0-9]+\] \(MDaemon v([^ ]+\.[^ ]+) ([^ ]+) ([^ ]+)\) *$">
|
625
|
+
<description>
|
626
|
+
MDaemon mail server
|
627
|
+
220 foo.bar.com ESMTP service ready [2] (MDaemon v2.7 SP4 R)
|
628
|
+
</description>
|
629
|
+
<param pos="0" name="service.vendor" value="Alt-N"/>
|
630
|
+
<param pos="0" name="service.family" value="MDaemon"/>
|
631
|
+
<param pos="0" name="service.product" value="MDaemon"/>
|
632
|
+
<param pos="0" name="os.vendor" value="Microsoft"/>
|
633
|
+
<param pos="0" name="os.family" value="Windows"/>
|
634
|
+
<param pos="0" name="os.device" value="General"/>
|
635
|
+
<param pos="0" name="os.product" value="Windows"/>
|
636
|
+
<param pos="0" name="os.arch" value="x86"/>
|
637
|
+
<param pos="1" name="host.name"/>
|
638
|
+
<param pos="2" name="service.version"/>
|
639
|
+
<param pos="3" name="service.version.version"/>
|
640
|
+
<param pos="4" name="service.version.version.version"/>
|
641
|
+
</fingerprint>
|
642
|
+
|
643
|
+
<fingerprint pattern="^([^ ]+) +ESMTP service ready \[[0-9]+\] \(MDaemon v([^ ]+\.[^ ]+) ([^ ]+) ([^ ]+) ([^ ]+)\) *$">
|
644
|
+
<description>
|
645
|
+
MDaemon mail server
|
646
|
+
220 foo.bar.com ESMTP service ready [1] (MDaemon v2.5 rB b1 32-T)
|
647
|
+
</description>
|
648
|
+
<param pos="0" name="service.vendor" value="Alt-N"/>
|
649
|
+
<param pos="0" name="service.family" value="MDaemon"/>
|
650
|
+
<param pos="0" name="service.product" value="MDaemon"/>
|
651
|
+
<param pos="0" name="os.vendor" value="Microsoft"/>
|
652
|
+
<param pos="0" name="os.family" value="Windows"/>
|
653
|
+
<param pos="0" name="os.device" value="General"/>
|
654
|
+
<param pos="0" name="os.product" value="Windows"/>
|
655
|
+
<param pos="0" name="os.arch" value="x86"/>
|
656
|
+
<param pos="1" name="host.name"/>
|
657
|
+
<param pos="2" name="service.version"/>
|
658
|
+
<param pos="3" name="service.version.version"/>
|
659
|
+
<param pos="4" name="service.version.version.version"/>
|
660
|
+
<param pos="5" name="service.version.version.version.version"/>
|
661
|
+
</fingerprint>
|
662
|
+
|
663
|
+
<!-- example: 220 mail.db-list.com ESMTP MERAK 3.00.140; Tue, 24 Jul 2001 21:30:47 -0700 -->
|
664
|
+
<fingerprint pattern="^([^ ]+) +ESMTP MERAK ([^ ]+\.[^ ]+\.[^ ]+); *(.+) *$">
|
665
|
+
<description>
|
666
|
+
Merak mail server http://www.icewarp.com/merakmail/ (runs on 2000/NT/9x)
|
667
|
+
220 mail.db-list.com ESMTP MERAK 3.00.140; Tue, 24 Jul 2001 21:30:47 -0700
|
668
|
+
</description>
|
669
|
+
<param pos="0" name="service.vendor" value="Merak"/>
|
670
|
+
<param pos="0" name="service.family" value="Mail Server"/>
|
671
|
+
<param pos="0" name="service.product" value="Mail Server"/>
|
672
|
+
<param pos="0" name="system.time.format" value="EEE, dd MMM yyyy HH:mm:ss zzz"/>
|
673
|
+
<param pos="1" name="host.name"/>
|
674
|
+
<param pos="2" name="service.version"/>
|
675
|
+
<param pos="3" name="system.time"/>
|
676
|
+
</fingerprint>
|
677
|
+
|
678
|
+
<fingerprint pattern="^MERCUR SMTP-Server \(v([^ ]+\.[^ ])0\.([^ ]+) ([^ ]+)\) for (.+) ready at (.+) *$">
|
679
|
+
<description>
|
680
|
+
Atrium's MERCUR SMTP server
|
681
|
+
http://www.atrium-software.com/pub/support_e.cfm
|
682
|
+
example: 220 MERCUR SMTP-Server (v3.20.01 KA-0098304) for Windows NT ready at Tue, 6 Feb 2001 21:38:26 +0100
|
683
|
+
example: 220 MERCUR SMTP-Server (v3.20.01 KA-0098304) for Windows NT ready at Tue, 6 Feb 2001 21:38:26 +0100
|
684
|
+
example: 220 MERCUR SMTP-Server (v3.10.18 KA-0098307) for Windows NT ready at Tue, 6 Feb 2001 18:44:03 +0100
|
685
|
+
example: 220 MERCUR SMTP-Server (v3.10.18 KA-0098316) for Windows NT ready at Tue, 6 Feb 2001 15:01:51 +0100
|
686
|
+
example: 220 MERCUR SMTP-Server (v3.30.03 KA-0098319) for Windows NT ready at Tue, 6 Feb 2001 19:06:18 +0100
|
687
|
+
example: 220 MERCUR SMTP-Server (v3.30.03 KA-5341199) for Windows NT ready at Tue, 6 Feb 2001 18:47:09 +0100
|
688
|
+
example: 220 MERCUR SMTP-Server (v3.20.01 AS-0098307) for Windows NT ready at Tue, 6 Feb 2001 15:13:14 +0100
|
689
|
+
example: 220 MERCUR SMTP-Server (v3.20.01 AS-0098309) for Windows NT ready at Tue, 6 Feb 2001 16:11:42 +0100
|
690
|
+
example: 220 MERCUR SMTP-Server (v3.10.16 AS-7962628) for Windows 95 ready at Tue, 6 Feb 2001 16:37:38 +0100
|
691
|
+
example: 220 MERCUR SMTP-Server (v3.10.18 AS-5341186) for Windows NT ready at Tue, 6 Feb 2001 19:27:24 +0100
|
692
|
+
example: 220 MERCUR SMTP-Server (v3.30.03 CO-0098319) for Windows NT ready at Tue, 6 Feb 2001 20:45:01 +0100
|
693
|
+
example: 220 MERCUR SMTP-Server (v3.30.01 NR-7864330) for Windows NT ready at Tue, 6 Feb 2001 21:31:18 +0100
|
694
|
+
example: 220 MERCUR SMTP-Server (v3.30.03 DG-0098304) for Windows NT ready at Tue, 6 Feb 2001 22:52:50 +0100
|
695
|
+
example: 220 MERCUR SMTP-Server (v3.20.01 SY-0098318) for Windows NT ready at Tue, 6 Feb 2001 23:26:22 +0100
|
696
|
+
</description>
|
697
|
+
<param pos="0" name="service.vendor" value="Atrium Software"/>
|
698
|
+
<param pos="0" name="service.family" value="MERCUR"/>
|
699
|
+
<param pos="0" name="service.product" value="MERCUR"/>
|
700
|
+
<param pos="0" name="system.time.format" value="EEE, dd MMM yyyy HH:mm:ss zzz"/>
|
701
|
+
<param pos="1" name="service.version"/>
|
702
|
+
<param pos="2" name="service.version.version"/>
|
703
|
+
<param pos="3" name="service.version.version.version"/>
|
704
|
+
<param pos="4" name="mercur.os.info"/>
|
705
|
+
<param pos="5" name="system.time"/>
|
706
|
+
</fingerprint>
|
707
|
+
|
708
|
+
<fingerprint pattern="^([^ ]+) Mercury ([^ ]+\.[^ ]+) ESMTP server ready.$">
|
709
|
+
<description>
|
710
|
+
Mercury NLM for Netware
|
711
|
+
http://www.pmail.com/index.cfm
|
712
|
+
example: 220 mail.law.utexas.edu Mercury 1.43 ESMTP server ready.
|
713
|
+
</description>
|
714
|
+
<param pos="0" name="service.family" value="Mercury Mail Transport System"/>
|
715
|
+
<param pos="0" name="service.product" value="Mercury Mail Transport System"/>
|
716
|
+
<param pos="0" name="os.vendor" value="Novell"/>
|
717
|
+
<param pos="0" name="os.family" value="NetWare"/>
|
718
|
+
<param pos="0" name="os.device" value="General"/>
|
719
|
+
<param pos="0" name="os.product" value="NetWare"/>
|
720
|
+
<param pos="1" name="host.name"/>
|
721
|
+
<param pos="2" name="service.version"/>
|
722
|
+
</fingerprint>
|
723
|
+
|
724
|
+
<fingerprint pattern="^([^ ]+) Mercury/32 v([^ ]+\.[^ ]+) SMTP/ESMTP server ready.$">
|
725
|
+
<description>
|
726
|
+
Mercury/32 for Win9x/NT/2000
|
727
|
+
http://www.pmail.com/index.cfm
|
728
|
+
example: 220 jimmy.qmuc.ac.uk Mercury/32 v3.01a SMTP/ESMTP server ready.
|
729
|
+
</description>
|
730
|
+
<param pos="0" name="service.family" value="Mercury Mail Transport System"/>
|
731
|
+
<param pos="0" name="service.product" value="Mercury Mail Transport System"/>
|
732
|
+
<param pos="0" name="os.vendor" value="Microsoft"/>
|
733
|
+
<param pos="0" name="os.family" value="Windows"/>
|
734
|
+
<param pos="0" name="os.device" value="General"/>
|
735
|
+
<param pos="0" name="os.product" value="Windows"/>
|
736
|
+
<param pos="1" name="host.name"/>
|
737
|
+
<param pos="2" name="service.version"/>
|
738
|
+
</fingerprint>
|
739
|
+
|
740
|
+
<fingerprint pattern="^([^ ]+) Mercury/32 v([^ ]+\.[^ ]+) ESMTP server ready.$">
|
741
|
+
<description>
|
742
|
+
Mercury/32 for Win9x/NT/2000
|
743
|
+
http://www.pmail.com/index.cfm
|
744
|
+
example: 220 mail-gateway1.acfw.net Mercury/32 v3.30 ESMTP server ready.
|
745
|
+
</description>
|
746
|
+
<param pos="0" name="service.family" value="Mercury Mail Transport System"/>
|
747
|
+
<param pos="0" name="service.product" value="Mercury Mail Transport System"/>
|
748
|
+
<param pos="0" name="os.vendor" value="Microsoft"/>
|
749
|
+
<param pos="0" name="os.family" value="Windows"/>
|
750
|
+
<param pos="0" name="os.device" value="General"/>
|
751
|
+
<param pos="0" name="os.product" value="Windows"/>
|
752
|
+
<param pos="1" name="host.name"/>
|
753
|
+
<param pos="2" name="service.version"/>
|
754
|
+
</fingerprint>
|
755
|
+
|
756
|
+
<fingerprint pattern="^([^ ]+) SMTP NAVIEG ([^ ]+\.[^ ]+\.[^ ]+); (.+)* http.*$">
|
757
|
+
<description>
|
758
|
+
Norton Antivirus for Internet Email Gateways
|
759
|
+
(note the product changed its name from "Norton Antivirus for Internet Email Gateways" (NAVIEG) to
|
760
|
+
"Norton Antivirus for Gateways" (NAVGW) as of version 2.1
|
761
|
+
example: mailman.laughlin.af.mil SMTP NAVIEG 2.0.1; Sun, 29 Jul 2001 22:02:16 -0500 http://www.symantec.com
|
762
|
+
</description>
|
763
|
+
<param pos="0" name="service.vendor" value="Norton"/>
|
764
|
+
<param pos="0" name="service.family" value="Antivirus for Gateways"/>
|
765
|
+
<param pos="0" name="service.product" value="Antivirus for Gateways"/>
|
766
|
+
<param pos="0" name="system.time.format" value="EEE, dd MMM yyyy HH:mm:ss zzz"/>
|
767
|
+
<param pos="1" name="host.name"/>
|
768
|
+
<param pos="2" name="service.version"/>
|
769
|
+
<param pos="3" name="system.time"/>
|
770
|
+
</fingerprint>
|
771
|
+
|
772
|
+
<fingerprint pattern="^([^ ]+) ESMTP service \(Netscape Messaging Server ([^ ]+\.[^ ]+) Patch ([^ ]+).*$">
|
773
|
+
<description>
|
774
|
+
Netscape Messaging Server
|
775
|
+
example: 220 mail.iasmail.net ESMTP service (Netscape Messaging Server 4.15 Patch 2 (built May 30 2000))
|
776
|
+
</description>
|
777
|
+
<param pos="0" name="service.vendor" value="Netscape"/>
|
778
|
+
<param pos="0" name="service.family" value="Messaging Server"/>
|
779
|
+
<param pos="0" name="service.product" value="Messaging Server"/>
|
780
|
+
<param pos="1" name="host.name"/>
|
781
|
+
<param pos="2" name="service.version"/>
|
782
|
+
<param pos="3" name="service.version.version"/>
|
783
|
+
</fingerprint>
|
784
|
+
|
785
|
+
<fingerprint pattern="^([^ ]+) ESMTP service \(Netscape Messaging Server ([^ ]+\.[^ ]+)\) ready (.+)$">
|
786
|
+
<description>
|
787
|
+
Netscape Messaging Server
|
788
|
+
</description>
|
789
|
+
<param pos="0" name="service.vendor" value="Netscape"/>
|
790
|
+
<param pos="0" name="service.family" value="Messaging Server"/>
|
791
|
+
<param pos="0" name="service.product" value="Messaging Server"/>
|
792
|
+
<param pos="0" name="system.time.format" value="EEE, dd MMM yyyy HH:mm:ss zzz"/>
|
793
|
+
<param pos="1" name="host.name"/>
|
794
|
+
<param pos="2" name="service.version"/>
|
795
|
+
<param pos="3" name="system.time"/>
|
796
|
+
</fingerprint>
|
797
|
+
|
798
|
+
<fingerprint pattern="^([^ ]+) Lotus SMTP MTA Service Ready *$">
|
799
|
+
<description>
|
800
|
+
Lotus Notes 4 SMTP MTA
|
801
|
+
</description>
|
802
|
+
<param pos="0" name="service.vendor" value="Lotus"/>
|
803
|
+
<param pos="0" name="service.family" value="Lotus Domino"/>
|
804
|
+
<param pos="0" name="service.product" value="Lotus Domino"/>
|
805
|
+
<param pos="0" name="service.version" value="4"/>
|
806
|
+
<param pos="1" name="host.name"/>
|
807
|
+
</fingerprint>
|
808
|
+
|
809
|
+
<fingerprint pattern="^([^ ]+) ESMTP Service \(Lotus Domino Release (\d+\.\d+\.\w+)\) ready at (.+) *$">
|
810
|
+
<description>
|
811
|
+
Lotus Domino 5 SMTP MTA
|
812
|
+
220 foo.bar.com ESMTP Service (Lotus Domino Release 5.0.5) ready at Wed, 19 Dec 2001 19:54:55 -0500
|
813
|
+
</description>
|
814
|
+
<param pos="0" name="service.vendor" value="Lotus"/>
|
815
|
+
<param pos="0" name="service.family" value="Lotus Domino"/>
|
816
|
+
<param pos="0" name="service.product" value="Lotus Domino"/>
|
817
|
+
<param pos="0" name="system.time.format" value="EEE, dd MMM yyyy HH:mm:ss zzz"/>
|
818
|
+
<param pos="1" name="host.name"/>
|
819
|
+
<param pos="2" name="service.version"/>
|
820
|
+
<param pos="3" name="system.time"/>
|
821
|
+
</fingerprint>
|
822
|
+
|
823
|
+
<fingerprint pattern="^([^ ]+) ESMTP Service \(Lotus Domino Release (\d+\.\w+)\) ready at (.+) *$">
|
824
|
+
<description>
|
825
|
+
Lotus Domino 5 SMTP MTA
|
826
|
+
example: 220 foo.bar.com ESMTP Service (Lotus Domino Release 5.0a) ready at Wed, 20 Jun 2001 08:59:17 +0200
|
827
|
+
</description>
|
828
|
+
<param pos="0" name="service.vendor" value="Lotus"/>
|
829
|
+
<param pos="0" name="service.family" value="Lotus Domino"/>
|
830
|
+
<param pos="0" name="service.product" value="Lotus Domino"/>
|
831
|
+
<param pos="0" name="system.time.format" value="EEE, dd MMM yyyy HH:mm:ss zzz"/>
|
832
|
+
<param pos="1" name="host.name"/>
|
833
|
+
<param pos="2" name="service.version"/>
|
834
|
+
<param pos="3" name="system.time"/>
|
835
|
+
</fingerprint>
|
836
|
+
|
837
|
+
<fingerprint pattern="^([^ ]+) ESMTP Service \(Lotus Domino Release (\d+\.\d+\.\w+) \(Intl\)\) ready at (.+) *$">
|
838
|
+
<description>
|
839
|
+
Lotus Domino 5 SMTP MTA, International product version
|
840
|
+
example: 220 foo.bar.com ESMTP Service (Lotus Domino Release 5.0.5 (Intl)) ready at Tue, 6 Feb 2001 18:54:23 -0500
|
841
|
+
</description>
|
842
|
+
<param pos="0" name="service.vendor" value="Lotus"/>
|
843
|
+
<param pos="0" name="service.family" value="Lotus Domino"/>
|
844
|
+
<param pos="0" name="service.product" value="Lotus Domino"/>
|
845
|
+
<param pos="0" name="system.time.format" value="EEE, dd MMM yyyy HH:mm:ss zzz"/>
|
846
|
+
<param pos="0" name="notes.intl" value="yes"/>
|
847
|
+
<param pos="1" name="host.name"/>
|
848
|
+
<param pos="2" name="service.version"/>
|
849
|
+
<param pos="3" name="system.time"/>
|
850
|
+
</fingerprint>
|
851
|
+
|
852
|
+
<fingerprint pattern="^([^ ]+) ESMTP Service \(Lotus Domino Build (\d+\.\d+)\) ready at (.+) *$">
|
853
|
+
<description>
|
854
|
+
Lotus Domino (some early build)
|
855
|
+
220 foo.bar.com ESMTP Service (Lotus Domino Build 166.1) ready at Tue, 6 Feb 2001 2
|
856
|
+
</description>
|
857
|
+
<param pos="0" name="service.vendor" value="Lotus"/>
|
858
|
+
<param pos="0" name="service.family" value="Lotus Domino"/>
|
859
|
+
<param pos="0" name="service.product" value="Lotus Domino"/>
|
860
|
+
<param pos="1" name="host.name"/>
|
861
|
+
<param pos="2" name="notes.build.version"/>
|
862
|
+
<param pos="3" name="system.time"/>
|
863
|
+
</fingerprint>
|
864
|
+
|
865
|
+
<fingerprint pattern="^Lotus Notes ESMTP Server X[^ ]+\.[^ ]+ on (.+) ready at (.+)\. *$">
|
866
|
+
<description>
|
867
|
+
Lotus Notes 4.x with SMTP MTA add-on
|
868
|
+
220 Lotus Notes ESMTP Server X1.0 on RedSox R45 Server/Red Sox/US ready at Fri, 15 Feb 2002 09:46:19 -0800.
|
869
|
+
</description>
|
870
|
+
<param pos="0" name="service.vendor" value="Lotus"/>
|
871
|
+
<param pos="0" name="service.family" value="Lotus Domino"/>
|
872
|
+
<param pos="0" name="service.product" value="Lotus Domino"/>
|
873
|
+
<param pos="0" name="system.time.format" value="EEE, dd MMM yyyy HH:mm:ss zzz"/>
|
874
|
+
<param pos="1" name="host.name"/>
|
875
|
+
<param pos="2" name="system.time"/>
|
876
|
+
</fingerprint>
|
877
|
+
|
878
|
+
<fingerprint pattern="^([^ ]+) NTMail \(v(\d+\.\d+\.\d+)/([^ ]+)\) ready for ESMTP transfer *$">
|
879
|
+
<description>
|
880
|
+
NTMail http://www.gordano.com
|
881
|
+
example: 220 lilzmail.liwest.at NTMail (v4.30.0012/NU2182.02.1cf87970) ready for ESMTP transfer
|
882
|
+
example: 220 pluto.wvwc.edu NTMail (v5.06.0016/NT9445.00.28cc9615) ready for ESMTP transfer
|
883
|
+
</description>
|
884
|
+
<param pos="0" name="service.vendor" value="Gordano"/>
|
885
|
+
<param pos="0" name="service.family" value="NTMail"/>
|
886
|
+
<param pos="0" name="service.product" value="NTMail"/>
|
887
|
+
<param pos="1" name="host.name"/>
|
888
|
+
<param pos="2" name="service.version"/>
|
889
|
+
<param pos="3" name="ntmail.id"/>
|
890
|
+
</fingerprint>
|
891
|
+
|
892
|
+
<fingerprint pattern="^([^ ]+) WindowsNT SMTP Server v([^ ]+\.[^ ]+\.[^ ]+)/([^ ]+)/SP ESMTP ready at (.+) *$">
|
893
|
+
<description>
|
894
|
+
versions 3.x and earlier of NTMail http://www.gordano.com (it was called Internet Shopper's something or other)
|
895
|
+
example: 220 mail.Networkengineering WindowsNT SMTP Server v3.03.0018/1.aio1/SP ESMTP ready at Wed, 25 Jul 2001 23:03:11 -0400
|
896
|
+
example: 220 mars.wvwc.edu WindowsNT SMTP Server v3.03.0018/1.ajhf/SP ESMTP ready at Thu, 29 Oct 1998 18:01:30 -0500
|
897
|
+
example: 220 mail.someisp.net WindowsNT SMTP Server v3.03.0017/1.aihl/SP ESMTP ready at Sun, 6 Jun 1999 10:39:30 -0400
|
898
|
+
example: 220 nt03s02.switchlink.be WindowsNT SMTP Server v3.03.0014/1.aiss/SP ESMTP ready at Fri, 17 Apr 1998 16:59:04 +0100
|
899
|
+
example: 220 www.afsc.org WindowsNT SMTP Server v3.03.0017/1.abkz/SP ESMTP ready at Mon, 2 Oct 2000 11:50:29 -0400
|
900
|
+
example: 220 wwmerchant.osopinion.com WindowsNT SMTP Server v3.03.0017/4c.adur/SP ESMTP ready at Fri, 26 Mar 1999 13:20:30 -0700
|
901
|
+
example: 220 digital-hoon.tecdm.dmi.co.kr WindowsNT SMTP Server v3.02.07/2c.aaaj ready at Thu, 5 Dec 1996 22:46:12 +0000
|
902
|
+
</description>
|
903
|
+
<param pos="0" name="service.vendor" value="Gordano"/>
|
904
|
+
<param pos="0" name="service.family" value="NTMail"/>
|
905
|
+
<param pos="0" name="service.product" value="NTMail"/>
|
906
|
+
<param pos="0" name="system.time.format" value="EEE, dd MMM yyyy HH:mm:ss zzz"/>
|
907
|
+
<param pos="1" name="host.name"/>
|
908
|
+
<param pos="2" name="service.version"/>
|
909
|
+
<param pos="3" name="ntmail.id"/>
|
910
|
+
<param pos="4" name="system.time"/>
|
911
|
+
</fingerprint>
|
912
|
+
|
913
|
+
<fingerprint pattern="^([^ ]+) Postfix \(Postfix-([^ ]+)-([^ ]+)\) \(([^ ]+)\) *$">
|
914
|
+
<!--
|
915
|
+
220 foo.bar.com ESMTP Postfix (Postfix-19991231-pl08) (Linux-Mandrake)
|
916
|
+
-->
|
917
|
+
<description>
|
918
|
+
Postfix (2 version ids, followed by os)
|
919
|
+
</description>
|
920
|
+
<param pos="0" name="service.family" value="Postfix"/>
|
921
|
+
<param pos="0" name="service.product" value="Postfix"/>
|
922
|
+
<param pos="1" name="host.name"/>
|
923
|
+
<param pos="2" name="service.version"/>
|
924
|
+
<param pos="3" name="service.version.version"/>
|
925
|
+
<param pos="4" name="postfix.os.info"/>
|
926
|
+
</fingerprint>
|
927
|
+
|
928
|
+
<fingerprint pattern="^([^ ]+) ESMTP Postfix \(Postfix-([^ ]+)-([^ ]+)\) *$">
|
929
|
+
<!--
|
930
|
+
220 foo.bar.com ESMTP Postfix (Postfix-20000531-Snapshot)
|
931
|
+
-->
|
932
|
+
<description>
|
933
|
+
Postfix (2 version numbers)
|
934
|
+
</description>
|
935
|
+
<param pos="0" name="service.family" value="Postfix"/>
|
936
|
+
<param pos="0" name="service.product" value="Postfix"/>
|
937
|
+
<param pos="1" name="host.name"/>
|
938
|
+
<param pos="2" name="service.version"/>
|
939
|
+
<param pos="3" name="service.version.version"/>
|
940
|
+
</fingerprint>
|
941
|
+
|
942
|
+
<fingerprint pattern="^([^ ]+) ESMTP Postfix \(([^ ]+)-([^ ]+)\)$">
|
943
|
+
<!--
|
944
|
+
220 foo.bar.com ESMTP Postfix (Snapshot-20001121)
|
945
|
+
-->
|
946
|
+
<description>
|
947
|
+
Postfix (2 version numbers )
|
948
|
+
</description>
|
949
|
+
<param pos="0" name="service.family" value="Postfix"/>
|
950
|
+
<param pos="0" name="service.product" value="Postfix"/>
|
951
|
+
<param pos="1" name="host.name"/>
|
952
|
+
<param pos="2" name="service.version"/>
|
953
|
+
<param pos="3" name="service.version.version"/>
|
954
|
+
</fingerprint>
|
955
|
+
|
956
|
+
<fingerprint pattern="^([^ ]+) Postfix \(Postfix-([^ ]+)\) \(([^ ]+)\) *$">
|
957
|
+
<description>
|
958
|
+
Postfix (1 version number)
|
959
|
+
</description>
|
960
|
+
<param pos="0" name="service.family" value="Postfix"/>
|
961
|
+
<param pos="0" name="service.product" value="Postfix"/>
|
962
|
+
<param pos="1" name="host.name"/>
|
963
|
+
<param pos="2" name="service.version"/>
|
964
|
+
<param pos="3" name="postfix.os.info"/>
|
965
|
+
</fingerprint>
|
966
|
+
|
967
|
+
<fingerprint pattern="^([^ ]+) E?SMTP Postfix \(Ubuntu\)$">
|
968
|
+
<description>
|
969
|
+
Postfix Ubuntu package.
|
970
|
+
</description>
|
971
|
+
<example>foo.bar.com ESMTP Postfix (Ubuntu)</example>
|
972
|
+
<param pos="0" name="service.family" value="Postfix"/>
|
973
|
+
<param pos="0" name="service.product" value="Postfix"/>
|
974
|
+
<param pos="1" name="host.name"/>
|
975
|
+
<param pos="0" name="os.vendor" value="Ubuntu"/>
|
976
|
+
<param pos="0" name="os.device" value="General"/>
|
977
|
+
<param pos="0" name="os.family" value="Linux"/>
|
978
|
+
<param pos="0" name="os.product" value="Linux"/>
|
979
|
+
</fingerprint>
|
980
|
+
|
981
|
+
<fingerprint pattern="^([^ ]+) E?SMTP Postfix \(Debian/GNU\)$">
|
982
|
+
<description>
|
983
|
+
Postfix Debian package.
|
984
|
+
</description>
|
985
|
+
<example>foo.bar.com ESMTP Postfix (Debian/GNU)</example>
|
986
|
+
<param pos="0" name="service.family" value="Postfix"/>
|
987
|
+
<param pos="0" name="service.product" value="Postfix"/>
|
988
|
+
<param pos="1" name="host.name"/>
|
989
|
+
<param pos="0" name="os.vendor" value="Debian"/>
|
990
|
+
<param pos="0" name="os.device" value="General"/>
|
991
|
+
<param pos="0" name="os.family" value="Linux"/>
|
992
|
+
<param pos="0" name="os.product" value="Linux"/>
|
993
|
+
</fingerprint>
|
994
|
+
|
995
|
+
<fingerprint pattern="^([^ ]+) ESMTP.* Postfix *\(.+\) *$">
|
996
|
+
<description>
|
997
|
+
Generic Postfix banner with amusing comments in parentheses
|
998
|
+
</description>
|
999
|
+
<example>foo.bar.com ESMTP Postfix (lol)</example>
|
1000
|
+
<param pos="0" name="service.family" value="Postfix"/>
|
1001
|
+
<param pos="0" name="service.product" value="Postfix"/>
|
1002
|
+
<param pos="1" name="host.name"/>
|
1003
|
+
</fingerprint>
|
1004
|
+
|
1005
|
+
<fingerprint pattern="^([^ ]+) ESMTP.* Postfix *$">
|
1006
|
+
<description>
|
1007
|
+
Generic Postfix banner.
|
1008
|
+
</description>
|
1009
|
+
<example>foo.bar.com ESMTP Postfix</example>
|
1010
|
+
<param pos="0" name="service.family" value="Postfix"/>
|
1011
|
+
<param pos="0" name="service.product" value="Postfix"/>
|
1012
|
+
<param pos="1" name="host.name"/>
|
1013
|
+
</fingerprint>
|
1014
|
+
|
1015
|
+
<fingerprint pattern="^([^ ]+) ESMTP server \(Post\.Office v([^ ]+\.[^ ]+\.[^ ]+) release (.+) ID# ([^ ]+)\) ready (.+) *$">
|
1016
|
+
<description>
|
1017
|
+
Post.Office (3 version numbers)
|
1018
|
+
example: 220 birg.connect.co.at ESMTP server (Post.Office v3.1 release PO205e ID# 0-42000U100L2S100) ready Tue, 6 Feb 2001 19:38:32 +0100
|
1019
|
+
</description>
|
1020
|
+
<param pos="0" name="service.family" value="Post.Office"/>
|
1021
|
+
<param pos="0" name="service.product" value="Post.Office"/>
|
1022
|
+
<param pos="0" name="system.time.format" value="EEE, dd MMM yyyy HH:mm:ss zzz"/>
|
1023
|
+
<param pos="1" name="host.name"/>
|
1024
|
+
<param pos="2" name="service.version"/>
|
1025
|
+
<param pos="3" name="postoffice.build"/>
|
1026
|
+
<param pos="3" name="postoffice.id"/>
|
1027
|
+
<param pos="4" name="system.time"/>
|
1028
|
+
</fingerprint>
|
1029
|
+
|
1030
|
+
<fingerprint pattern="^([^ ]+) ESMTP server \(P|post\.O|office v([^ ]+\.[^ ]+) release (.+) ID# ([^ ]+)\) ready (.+) *$">
|
1031
|
+
<description>
|
1032
|
+
Post.Office (2 version numbers)
|
1033
|
+
example: 220 birg.connect.co.at ESMTP server (Post.Office v3.1 release PO205e ID# 0-42000U100L2S100) ready Tue, 6 Feb 2001 19:38:32 +0100
|
1034
|
+
</description>
|
1035
|
+
<param pos="0" name="service.family" value="Post.Office"/>
|
1036
|
+
<param pos="0" name="service.product" value="Post.Office"/>
|
1037
|
+
<param pos="0" name="system.time.format" value="EEE, dd MMM yyyy HH:mm:ss zzz"/>
|
1038
|
+
<param pos="1" name="host.name"/>
|
1039
|
+
<param pos="2" name="service.version"/>
|
1040
|
+
<param pos="3" name="postoffice.build"/>
|
1041
|
+
<param pos="4" name="postoffice.id"/>
|
1042
|
+
<param pos="5" name="system.time"/>
|
1043
|
+
</fingerprint>
|
1044
|
+
|
1045
|
+
<fingerprint pattern="^([^ ]+) ESMTP server \(P|post\.O|office v([^ ]+\.[^ ]+) (.+) ID# ([^ ]+)\) ready (.+) *$">
|
1046
|
+
<description>
|
1047
|
+
Post.Office lacking word "release" before release tag
|
1048
|
+
</description>
|
1049
|
+
<param pos="0" name="service.family" value="Post.Office"/>
|
1050
|
+
<param pos="0" name="service.product" value="Post.Office"/>
|
1051
|
+
<param pos="0" name="system.time.format" value="EEE, dd MMM yyyy HH:mm:ss zzz"/>
|
1052
|
+
<param pos="1" name="host.name"/>
|
1053
|
+
<param pos="2" name="service.version"/>
|
1054
|
+
<param pos="3" name="postoffice.build"/>
|
1055
|
+
<param pos="4" name="postoffice.id"/>
|
1056
|
+
<param pos="5" name="system.time"/>
|
1057
|
+
</fingerprint>
|
1058
|
+
|
1059
|
+
<fingerprint pattern="^([^ ]+) Generic SMTP handler *$">
|
1060
|
+
<description>
|
1061
|
+
Raptor Firewall
|
1062
|
+
example: 220 foo.bar.com Generic SMTP handler
|
1063
|
+
</description>
|
1064
|
+
<param pos="0" name="service.product" value="raptor"/>
|
1065
|
+
<param pos="1" name="host.name"/>
|
1066
|
+
</fingerprint>
|
1067
|
+
|
1068
|
+
<fingerprint pattern="^([^ ]+) +ESMTP +Sendmail +([^ ]+) \(PHNE_([^ ]+)\) */ *(.+); *(.+) \(.+\)$">
|
1069
|
+
<description>
|
1070
|
+
sendmail on HPUX with a PHNE (HP Networking patch) installed
|
1071
|
+
</description>
|
1072
|
+
<example>foo.bar.com ESMTP Sendmail 8.8.6 (PHNE_14041)/8.7.1; Tue, 6 Feb 2001 10:04:32 -0300 (SAT)</example>
|
1073
|
+
<param pos="0" name="service.family" value="Sendmail"/>
|
1074
|
+
<param pos="0" name="service.product" value="Sendmail"/>
|
1075
|
+
<param pos="0" name="os.vendor" value="HP"/>
|
1076
|
+
<param pos="0" name="os.family" value="HP-UX"/>
|
1077
|
+
<param pos="0" name="os.device" value="General"/>
|
1078
|
+
<param pos="0" name="os.product" value="HP-UX"/>
|
1079
|
+
<param pos="0" name="system.time.format" value="EEE, dd MMM yyyy HH:mm:ss zzz"/>
|
1080
|
+
<param pos="1" name="host.name"/>
|
1081
|
+
<param pos="2" name="service.version"/>
|
1082
|
+
<param pos="3" name="sendmail.hpux.phne.version"/>
|
1083
|
+
<param pos="4" name="sendmail.config.version"/>
|
1084
|
+
<param pos="5" name="system.time"/>
|
1085
|
+
</fingerprint>
|
1086
|
+
|
1087
|
+
<fingerprint pattern="^([^ ]+) +ESMTP +Sendmail +([^ ]+)/UW([^ ]+) ready at *(.+) \(.+\) *$">
|
1088
|
+
<description>
|
1089
|
+
sendmail on unixware
|
1090
|
+
</description>
|
1091
|
+
<example>foo.bar.com ESMTP Sendmail 8.8.7/UW7.1.0 ready at Tue, 6 Feb 2001 16:39:30 -0300 (GMT-0300)</example>
|
1092
|
+
<param pos="0" name="service.family" value="Sendmail"/>
|
1093
|
+
<param pos="0" name="service.product" value="Sendmail"/>
|
1094
|
+
<param pos="0" name="os.vendor" value="SCO"/>
|
1095
|
+
<param pos="0" name="os.family" value="UnixWare"/>
|
1096
|
+
<param pos="0" name="os.device" value="General"/>
|
1097
|
+
<param pos="0" name="os.product" value="UnixWare"/>
|
1098
|
+
<param pos="0" name="system.time.format" value="EEE, dd MMM yyyy HH:mm:ss zzz"/>
|
1099
|
+
<param pos="1" name="host.name"/>
|
1100
|
+
<param pos="2" name="service.version"/>
|
1101
|
+
<param pos="3" name="os.version"/>
|
1102
|
+
<param pos="4" name="system.time"/>
|
1103
|
+
</fingerprint>
|
1104
|
+
|
1105
|
+
<fingerprint pattern="^([^ ]+) ESMTP Sendmail AIX([^/]+)/UCB ([^;]+); (.+) \(.+\)$">
|
1106
|
+
<description>
|
1107
|
+
sendmail on AIX
|
1108
|
+
</description>
|
1109
|
+
<example>foo.bar.com ESMTP Sendmail AIX4.2/UCB 8.7; Sun, 29 Jul 2001 22:34:37 -0400 (EDT)</example>
|
1110
|
+
<param pos="0" name="service.family" value="Sendmail"/>
|
1111
|
+
<param pos="0" name="service.product" value="Sendmail"/>
|
1112
|
+
<param pos="0" name="os.vendor" value="IBM"/>
|
1113
|
+
<param pos="0" name="os.family" value="AIX"/>
|
1114
|
+
<param pos="0" name="os.device" value="General"/>
|
1115
|
+
<param pos="0" name="os.product" value="AIX"/>
|
1116
|
+
<param pos="0" name="system.time.format" value="EEE, dd MMM yyyy HH:mm:ss zzz"/>
|
1117
|
+
<param pos="1" name="host.name"/>
|
1118
|
+
<param pos="2" name="os.version"/>
|
1119
|
+
<param pos="3" name="service.version"/>
|
1120
|
+
<param pos="4" name="system.time"/>
|
1121
|
+
</fingerprint>
|
1122
|
+
|
1123
|
+
<fingerprint pattern="^([^ ]+) Sendmail AIX([^/]+)/UCB ([^/]+)/([^ ]+) ready at (.+)$">
|
1124
|
+
<description>
|
1125
|
+
sendmail on AIX
|
1126
|
+
</description>
|
1127
|
+
<example>foo.bar.com Sendmail AIX 4.1/UCB 5.64/4.03 ready at Mon, 30 Jul 2001 00:42:21 -0500</example>
|
1128
|
+
<param pos="0" name="service.family" value="Sendmail"/>
|
1129
|
+
<param pos="0" name="service.product" value="Sendmail"/>
|
1130
|
+
<param pos="0" name="os.vendor" value="IBM"/>
|
1131
|
+
<param pos="0" name="os.family" value="AIX"/>
|
1132
|
+
<param pos="0" name="os.device" value="General"/>
|
1133
|
+
<param pos="0" name="os.product" value="AIX"/>
|
1134
|
+
<param pos="0" name="system.time.format" value="EEE, dd MMM yyyy HH:mm:ss zzz"/>
|
1135
|
+
<param pos="1" name="host.name"/>
|
1136
|
+
<param pos="2" name="os.version"/>
|
1137
|
+
<param pos="3" name="service.version"/>
|
1138
|
+
<param pos="4" name="sendmail.config.version"/>
|
1139
|
+
<param pos="5" name="system.time"/>
|
1140
|
+
</fingerprint>
|
1141
|
+
|
1142
|
+
<fingerprint pattern="^([^ ]+) ESMTP Sendmail AIX([^/]+)/([^/]+)/([^;]+); (.+) \(.+\)$">
|
1143
|
+
<description>
|
1144
|
+
sendmail on AIX
|
1145
|
+
</description>
|
1146
|
+
<example>foo.bar.com ESMTP Sendmail AIX4.2/8.7/8.7; Sun, 29 Jul 2001 22:34:37 -0400 (EDT)</example>
|
1147
|
+
<param pos="0" name="service.family" value="Sendmail"/>
|
1148
|
+
<param pos="0" name="service.product" value="Sendmail"/>
|
1149
|
+
<param pos="0" name="os.vendor" value="IBM"/>
|
1150
|
+
<param pos="0" name="os.family" value="AIX"/>
|
1151
|
+
<param pos="0" name="os.device" value="General"/>
|
1152
|
+
<param pos="0" name="os.product" value="AIX"/>
|
1153
|
+
<param pos="0" name="system.time.format" value="EEE, dd MMM yyyy HH:mm:ss zzz"/>
|
1154
|
+
<param pos="1" name="host.name"/>
|
1155
|
+
<param pos="2" name="os.version"/>
|
1156
|
+
<param pos="3" name="service.version"/>
|
1157
|
+
<param pos="4" name="sendmail.config.version"/>
|
1158
|
+
<param pos="5" name="system.time"/>
|
1159
|
+
</fingerprint>
|
1160
|
+
|
1161
|
+
<fingerprint pattern="^([^ ]+) ESMTP Sendmail ([^/]+)/([^/]+)/SuSE Linux ([^;]+); (.+)$">
|
1162
|
+
<description>
|
1163
|
+
sendmail on suse
|
1164
|
+
</description>
|
1165
|
+
<example>foo.bar.com ESMTP Sendmail 8.9.3/8.9.3/SuSE Linux 8.9.3-0.1; Mon, 30 Jul 2001 04:48:54 +0200</example>
|
1166
|
+
<param pos="0" name="service.family" value="Sendmail"/>
|
1167
|
+
<param pos="0" name="service.product" value="Sendmail"/>
|
1168
|
+
<param pos="0" name="os.vendor" value="SuSE"/>
|
1169
|
+
<param pos="0" name="os.family" value="Linux"/>
|
1170
|
+
<param pos="0" name="os.device" value="General"/>
|
1171
|
+
<param pos="0" name="os.product" value="Linux"/>
|
1172
|
+
<param pos="0" name="system.time.format" value="EEE, dd MMM yyyy HH:mm:ss zzz"/>
|
1173
|
+
<param pos="1" name="host.name"/>
|
1174
|
+
<param pos="2" name="service.version"/>
|
1175
|
+
<param pos="3" name="sendmail.config.version"/>
|
1176
|
+
<param pos="4" name="sendmail.vendor.version"/>
|
1177
|
+
<param pos="5" name="system.time"/>
|
1178
|
+
</fingerprint>
|
1179
|
+
|
1180
|
+
<fingerprint pattern="^([^ ]+) ESMTP Sendmail ([^ ]+)\+Sun/([^ ]+); (.+)$">
|
1181
|
+
<description>
|
1182
|
+
sendmail on Solaris
|
1183
|
+
</description>
|
1184
|
+
<example>foo.bar.com ESMTP Sendmail 8.9.3+Sun/8.9.1; Mon, 30 Jul 2001 02:50:22 GMT</example>
|
1185
|
+
<param pos="0" name="service.family" value="Sendmail"/>
|
1186
|
+
<param pos="0" name="service.product" value="Sendmail"/>
|
1187
|
+
<param pos="0" name="os.vendor" value="Sun"/>
|
1188
|
+
<param pos="0" name="os.family" value="Solaris"/>
|
1189
|
+
<param pos="0" name="os.device" value="General"/>
|
1190
|
+
<param pos="0" name="os.product" value="Solaris"/>
|
1191
|
+
<param pos="0" name="system.time.format" value="EEE, dd MMM yyyy HH:mm:ss zzz"/>
|
1192
|
+
<param pos="1" name="host.name"/>
|
1193
|
+
<param pos="2" name="service.version"/>
|
1194
|
+
<param pos="3" name="sendmail.config.version"/>
|
1195
|
+
<param pos="4" name="system.time"/>
|
1196
|
+
</fingerprint>
|
1197
|
+
|
1198
|
+
<fingerprint pattern="^([^ ]+) ESMTP Sendmail ([^ ]+)\+Sun/([^ ]+) ready at (.+) \(.+\)$">
|
1199
|
+
<description>
|
1200
|
+
sendmail on Solaris
|
1201
|
+
</description>
|
1202
|
+
<example>foo.bar.com ESMTP Sendmail 8.8.8+Sun/8.6.4 ready at Thu, 15 Nov 2000 11:40:32 -0800 (PST)</example>
|
1203
|
+
<param pos="0" name="service.family" value="Sendmail"/>
|
1204
|
+
<param pos="0" name="service.product" value="Sendmail"/>
|
1205
|
+
<param pos="0" name="os.vendor" value="Sun"/>
|
1206
|
+
<param pos="0" name="os.family" value="Solaris"/>
|
1207
|
+
<param pos="0" name="os.device" value="General"/>
|
1208
|
+
<param pos="0" name="os.product" value="Solaris"/>
|
1209
|
+
<param pos="0" name="system.time.format" value="EEE, dd MMM yyyy HH:mm:ss zzz"/>
|
1210
|
+
<param pos="1" name="host.name"/>
|
1211
|
+
<param pos="2" name="service.version"/>
|
1212
|
+
<param pos="3" name="sendmail.config.version"/>
|
1213
|
+
<param pos="4" name="system.time"/>
|
1214
|
+
</fingerprint>
|
1215
|
+
|
1216
|
+
<fingerprint pattern="^([^ ]+) ESMTP Debian Sendmail ([^/]+)/([^/]+)/Debian ([^/]+); (.+) *$">
|
1217
|
+
<description>
|
1218
|
+
sendmail on debian
|
1219
|
+
</description>
|
1220
|
+
<example>foo.bar.com ESMTP Debian Sendmail 8.12.0.Beta7/8.12.0.Beta7/Debian 8.12.0.Beta7-1; Sun, 29 Jul 2001 18:52:20 -0800</example>
|
1221
|
+
<param pos="0" name="service.family" value="Sendmail"/>
|
1222
|
+
<param pos="0" name="service.product" value="Sendmail"/>
|
1223
|
+
<param pos="0" name="os.vendor" value="Debian"/>
|
1224
|
+
<param pos="0" name="os.family" value="Linux"/>
|
1225
|
+
<param pos="0" name="os.device" value="General"/>
|
1226
|
+
<param pos="0" name="os.product" value="Linux"/>
|
1227
|
+
<param pos="0" name="system.time.format" value="EEE, dd MMM yyyy HH:mm:ss zzz"/>
|
1228
|
+
<param pos="1" name="host.name"/>
|
1229
|
+
<param pos="2" name="service.version"/>
|
1230
|
+
<param pos="3" name="sendmail.config.version"/>
|
1231
|
+
<param pos="4" name="sendmail.vendor.version"/>
|
1232
|
+
<param pos="5" name="system.time"/>
|
1233
|
+
</fingerprint>
|
1234
|
+
|
1235
|
+
<fingerprint pattern="^([^ ]+) ESMTP Sendmail ([^/]+)/([^/]+)/Debian ([^/]+); (.+) *$">
|
1236
|
+
<description>
|
1237
|
+
sendmail on debian
|
1238
|
+
</description>
|
1239
|
+
<example>foo.bar.com ESMTP Sendmail 8.11.0/8.9.3/Debian 8.9.3-21; Sun, 29 Jul 2001 19:51:00 -0700</example>
|
1240
|
+
<param pos="0" name="service.family" value="Sendmail"/>
|
1241
|
+
<param pos="0" name="service.product" value="Sendmail"/>
|
1242
|
+
<param pos="0" name="os.vendor" value="Debian"/>
|
1243
|
+
<param pos="0" name="os.family" value="Linux"/>
|
1244
|
+
<param pos="0" name="os.device" value="General"/>
|
1245
|
+
<param pos="0" name="os.product" value="Linux"/>
|
1246
|
+
<param pos="0" name="system.time.format" value="EEE, dd MMM yyyy HH:mm:ss zzz"/>
|
1247
|
+
<param pos="1" name="host.name"/>
|
1248
|
+
<param pos="2" name="service.version"/>
|
1249
|
+
<param pos="3" name="sendmail.config.version"/>
|
1250
|
+
<param pos="4" name="sendmail.vendor.version"/>
|
1251
|
+
<param pos="5" name="system.time"/>
|
1252
|
+
</fingerprint>
|
1253
|
+
|
1254
|
+
<fingerprint pattern="^([^ ]+) ESMTP Sendmail ([^/]+)/[^/]+/Debian-\dubuntu[^ ]*; (.+); .*$">
|
1255
|
+
<description>
|
1256
|
+
Sendmail for Ubuntu
|
1257
|
+
</description>
|
1258
|
+
<example>foo.bar.com ESMTP Sendmail 8.13.5.20060308/8.13.5/Debian-3ubuntu1.1; Fri, 24 Jul 2009 01:41:21 -0700; (No UCE/UBE) logging access from: xyz.example.com(OK)-xyz.example.com [10.0.0.1]</example>
|
1259
|
+
<param pos="0" name="service.family" value="Sendmail"/>
|
1260
|
+
<param pos="0" name="service.product" value="Sendmail"/>
|
1261
|
+
<param pos="0" name="os.vendor" value="Ubuntu"/>
|
1262
|
+
<param pos="0" name="os.family" value="Linux"/>
|
1263
|
+
<param pos="0" name="os.device" value="General"/>
|
1264
|
+
<param pos="0" name="os.product" value="Linux"/>
|
1265
|
+
<param pos="0" name="system.time.format" value="EEE, dd MMM yyyy HH:mm:ss zzz"/>
|
1266
|
+
<param pos="1" name="host.name"/>
|
1267
|
+
<param pos="2" name="service.version"/>
|
1268
|
+
<param pos="3" name="system.time"/>
|
1269
|
+
</fingerprint>
|
1270
|
+
|
1271
|
+
<fingerprint pattern="^([^ ]+) (?:E?SMTP )?Sendmail SMI-([^/]+)/(SMI-SVR4) ready at (.+)$">
|
1272
|
+
<description>
|
1273
|
+
unknown
|
1274
|
+
</description>
|
1275
|
+
<example>foo.bar.com Sendmail SMI-8.6/SMI-SVR4 ready at Sun, 29 Jul 2001 22:58:46 -0400</example>
|
1276
|
+
<param pos="0" name="service.family" value="Sendmail"/>
|
1277
|
+
<param pos="0" name="service.product" value="Sendmail"/>
|
1278
|
+
<param pos="0" name="os.vendor" value="Sun"/>
|
1279
|
+
<param pos="0" name="os.family" value="SunOS"/>
|
1280
|
+
<param pos="0" name="os.device" value="General"/>
|
1281
|
+
<param pos="0" name="os.product" value="Solaris"/>
|
1282
|
+
<param pos="0" name="system.time.format" value="EEE, dd MMM yyyy HH:mm:ss zzz"/>
|
1283
|
+
<param pos="1" name="host.name"/>
|
1284
|
+
<param pos="2" name="service.version"/>
|
1285
|
+
<param pos="3" name="sendmail.config.version"/>
|
1286
|
+
<param pos="4" name="system.time"/>
|
1287
|
+
</fingerprint>
|
1288
|
+
|
1289
|
+
<fingerprint pattern="^([^ ]+) ESMTP Sendmail ([^ ]+)/(linuxconf); (.+)$">
|
1290
|
+
<description>
|
1291
|
+
unknown
|
1292
|
+
</description>
|
1293
|
+
<example>foo.bar.com ESMTP Sendmail 8.9.3/linuxconf; Sun, 29 Jul 2001 22:48:28 -0400</example>
|
1294
|
+
<param pos="0" name="service.family" value="Sendmail"/>
|
1295
|
+
<param pos="0" name="service.product" value="Sendmail"/>
|
1296
|
+
<param pos="0" name="os.family" value="Linux"/>
|
1297
|
+
<param pos="0" name="os.device" value="General"/>
|
1298
|
+
<param pos="0" name="os.product" value="Linux"/>
|
1299
|
+
<param pos="0" name="system.time.format" value="EEE, dd MMM yyyy HH:mm:ss zzz"/>
|
1300
|
+
<param pos="1" name="host.name"/>
|
1301
|
+
<param pos="2" name="service.version"/>
|
1302
|
+
<param pos="3" name="sendmail.config.version"/>
|
1303
|
+
<param pos="4" name="system.time"/>
|
1304
|
+
</fingerprint>
|
1305
|
+
|
1306
|
+
<fingerprint pattern="^([^ ]+) ESMTP MetaInfo Sendmail ([^ ]+) Build ([^ ]+) \(Berkeley ([^ ]+)\)/([^;]+); (.+)$">
|
1307
|
+
<description>
|
1308
|
+
unknown
|
1309
|
+
</description>
|
1310
|
+
<example>foo.bar.com ESMTP MetaInfo Sendmail 2.5 Build 2630 (Berkeley 8.8.6)/8.8.4; Mon, 30 Jul</example>
|
1311
|
+
<param pos="0" name="service.vendor" value="MetaInfo"/>
|
1312
|
+
<param pos="0" name="service.family" value="Sendmail"/>
|
1313
|
+
<param pos="0" name="service.product" value="Sendmail"/>
|
1314
|
+
<param pos="0" name="os.vendor" value="Microsoft"/>
|
1315
|
+
<param pos="0" name="os.family" value="Windows"/>
|
1316
|
+
<param pos="0" name="os.device" value="General"/>
|
1317
|
+
<param pos="0" name="os.product" value="Windows NT"/>
|
1318
|
+
<param pos="0" name="system.time.format" value="EEE, dd MMM"/>
|
1319
|
+
<param pos="1" name="host.name"/>
|
1320
|
+
<param pos="2" name="metainfo.version"/>
|
1321
|
+
<param pos="3" name="metainfo.version.version"/>
|
1322
|
+
<param pos="4" name="service.version"/>
|
1323
|
+
<param pos="5" name="sendmail.config.version"/>
|
1324
|
+
<param pos="6" name="system.time"/>
|
1325
|
+
</fingerprint>
|
1326
|
+
|
1327
|
+
<fingerprint pattern="^([^ ]+) +ESMTP +Sendmail +([^ ]+\+[^ ]+) */ *([^ ]+\+[^ ]+); *(.+) \(.+\)$">
|
1328
|
+
<description>
|
1329
|
+
sendmail where both daemon and config file are patched
|
1330
|
+
</description>
|
1331
|
+
<example>foo.bar.com ESMTP Sendmail 8.9.3+3.4W/8.9.3+3.4W; Tue, 30 Jan 2001 20:40:09 -0500 (EST)</example>
|
1332
|
+
<param pos="0" name="service.family" value="Sendmail"/>
|
1333
|
+
<param pos="0" name="service.product" value="Sendmail"/>
|
1334
|
+
<param pos="0" name="system.time.format" value="EEE, dd MMM yyyy HH:mm:ss zzz"/>
|
1335
|
+
<param pos="1" name="host.name"/>
|
1336
|
+
<param pos="2" name="service.version"/>
|
1337
|
+
<param pos="3" name="sendmail.config.version"/>
|
1338
|
+
<param pos="4" name="system.time"/>
|
1339
|
+
</fingerprint>
|
1340
|
+
|
1341
|
+
<fingerprint pattern="^([^ ]+) +ESMTP .*Sendmail +([^ ]+) */ *([^ ]+); *(.+) \(.+\)$">
|
1342
|
+
<description>
|
1343
|
+
sendmail where neither daemon nor config file are patched (with timezone)
|
1344
|
+
</description>
|
1345
|
+
<example>mail.foo.bar ESMTP Sendmail 8.8.8/8.8.8; Wed, 21 Nov 2001 23:39:07 +0100 (CET)</example>
|
1346
|
+
<example>mail.foo.bar ESMTP blah Sendmail 8.8.8/8.8.8; Wed, 21 Nov 2001 23:39:07 +0100 (CET)</example>
|
1347
|
+
<param pos="0" name="service.family" value="Sendmail"/>
|
1348
|
+
<param pos="0" name="service.product" value="Sendmail"/>
|
1349
|
+
<param pos="0" name="system.time.format" value="EEE, dd MMM yyyy HH:mm:ss zzz"/>
|
1350
|
+
<param pos="1" name="host.name"/>
|
1351
|
+
<param pos="2" name="service.version"/>
|
1352
|
+
<param pos="3" name="sendmail.config.version"/>
|
1353
|
+
<param pos="4" name="system.time"/>
|
1354
|
+
</fingerprint>
|
1355
|
+
|
1356
|
+
<fingerprint pattern="^([^ ]+) +ESMTP .*Sendmail +([^ ]+) */ *([^ ]+) *; *(.+) *$">
|
1357
|
+
<description>
|
1358
|
+
sendmail where neither daemon nor config file are patched (without timezone)
|
1359
|
+
</description>
|
1360
|
+
<example>mail.foo.bar ESMTP Sendmail 8.10.2/8.10.2; Mon, 10 Sep 2001 08:37:14 -0400</example>
|
1361
|
+
<example>mail.foo.bar ESMTP Sendmail 8.8.7/8.8.7; Mon, 2 Jul 2001 14:19:18 -0700</example>
|
1362
|
+
<example>foo.example.com ESMTP foo-MTA Sendmail 8.13.8/8.13.8; Mon, 18 Apr 2011 08:52:38 -0700</example>
|
1363
|
+
<param pos="0" name="service.family" value="Sendmail"/>
|
1364
|
+
<param pos="0" name="service.product" value="Sendmail"/>
|
1365
|
+
<param pos="0" name="system.time.format" value="EEE, dd MMM yyyy HH:mm:ss zzz"/>
|
1366
|
+
<param pos="1" name="host.name"/>
|
1367
|
+
<param pos="2" name="service.version"/>
|
1368
|
+
<param pos="3" name="sendmail.config.version"/>
|
1369
|
+
<param pos="4" name="system.time"/>
|
1370
|
+
</fingerprint>
|
1371
|
+
|
1372
|
+
<fingerprint pattern="^([^ ]+) +Sendmail ready\. *$">
|
1373
|
+
<description>
|
1374
|
+
some old version of sendmail - TODO: figure out which versions this could be
|
1375
|
+
</description>
|
1376
|
+
<example>mail.foo.bar Sendmail ready.</example>
|
1377
|
+
<param pos="0" name="service.family" value="Sendmail"/>
|
1378
|
+
<param pos="0" name="service.product" value="Sendmail"/>
|
1379
|
+
<param pos="1" name="host.name"/>
|
1380
|
+
</fingerprint>
|
1381
|
+
|
1382
|
+
<fingerprint pattern="^([^ ]+) +ESMTP +Sendmail ([^ ]+) ready at *(.+) \(.+\)$">
|
1383
|
+
<description>
|
1384
|
+
sendmail with daemon version only
|
1385
|
+
</description>
|
1386
|
+
<example>mail.foo.bar ESMTP Sendmail 8.8.8 ready at Tue, 6 Feb 2001 14:37:14 +0100 (CET)</example>
|
1387
|
+
<param pos="0" name="service.family" value="Sendmail"/>
|
1388
|
+
<param pos="0" name="service.product" value="Sendmail"/>
|
1389
|
+
<param pos="0" name="system.time.format" value="EEE, dd MMM yyyy HH:mm:ss zzz"/>
|
1390
|
+
<param pos="1" name="host.name"/>
|
1391
|
+
<param pos="2" name="service.version"/>
|
1392
|
+
<param pos="3" name="system.time"/>
|
1393
|
+
</fingerprint>
|
1394
|
+
|
1395
|
+
<fingerprint pattern="^([^ ]+) +ESMTP +Sendmail ([^ /]+) \([^\)]+\) *(.+) \(.+\)$">
|
1396
|
+
<description>
|
1397
|
+
unknown
|
1398
|
+
</description>
|
1399
|
+
<example>mail.foo.bar ESMTP Sendmail 8.11.1 (1.1.2.11/12Jul01-1016AM) Wed, 8 Jan 2003 11:21:22 +0100 (MET)</example>
|
1400
|
+
<param pos="0" name="service.family" value="Sendmail"/>
|
1401
|
+
<param pos="0" name="service.product" value="Sendmail"/>
|
1402
|
+
<param pos="0" name="system.time.format" value="EEE, dd MMM yyyy HH:mm:ss zzz"/>
|
1403
|
+
<param pos="1" name="host.name"/>
|
1404
|
+
<param pos="2" name="service.version"/>
|
1405
|
+
<param pos="3" name="system.time"/>
|
1406
|
+
</fingerprint>
|
1407
|
+
|
1408
|
+
<fingerprint pattern="^([^ ]+) +ESMTP +Sendmail ([^ /]+) - \([^\)]+\)/[^ ]+;? *(.+) \(.+\)$">
|
1409
|
+
<description>
|
1410
|
+
unknown
|
1411
|
+
</description>
|
1412
|
+
<example>foo.example.com ESMTP Sendmail 8.11.1 - (Revision 1.010)/8.9.3; Sat, 22 Jan 2011 10:08:35 -0500 (EST)</example>
|
1413
|
+
<param pos="0" name="service.family" value="Sendmail"/>
|
1414
|
+
<param pos="0" name="service.product" value="Sendmail"/>
|
1415
|
+
<param pos="0" name="system.time.format" value="EEE, dd MMM yyyy HH:mm:ss zzz"/>
|
1416
|
+
<param pos="1" name="host.name"/>
|
1417
|
+
<param pos="2" name="service.version"/>
|
1418
|
+
<param pos="3" name="system.time"/>
|
1419
|
+
</fingerprint>
|
1420
|
+
|
1421
|
+
<fingerprint pattern="^([^ ]+) +ESMTP +Sendmail +(?:[^ ]+) +version +([^ ]+) +- +(?:[^;]+); +(.+) +\(.+\)$">
|
1422
|
+
<description>
|
1423
|
+
unknown
|
1424
|
+
</description>
|
1425
|
+
<example>foo.example.com ESMTP Sendmail @(#)Sendmail version 8.13.3 - Revision 2.007 - 8 December 2008/8.8.6; Wed, 21 Jul 2010 11:17:01 -0400 (EDT)</example>
|
1426
|
+
<param pos="0" name="service.family" value="Sendmail"/>
|
1427
|
+
<param pos="0" name="service.product" value="Sendmail"/>
|
1428
|
+
<param pos="0" name="system.time.format" value="EEE, dd MMM yyyy HH:mm:ss zzz"/>
|
1429
|
+
<param pos="1" name="host.name"/>
|
1430
|
+
<param pos="2" name="service.version"/>
|
1431
|
+
<param pos="3" name="system.time"/>
|
1432
|
+
</fingerprint>
|
1433
|
+
|
1434
|
+
<fingerprint pattern="^Sendmail ([^/]+)/([^/]+) ready on ([^ ]+)$">
|
1435
|
+
<description>
|
1436
|
+
catch all for other versions of sendmail
|
1437
|
+
</description>
|
1438
|
+
<param pos="0" name="service.family" value="Sendmail"/>
|
1439
|
+
<param pos="0" name="service.product" value="Sendmail"/>
|
1440
|
+
<param pos="1" name="service.version"/>
|
1441
|
+
<param pos="2" name="sendmail.config.version"/>
|
1442
|
+
<param pos="3" name="host.name"/>
|
1443
|
+
</fingerprint>
|
1444
|
+
|
1445
|
+
<fingerprint pattern="^([^ ]+) +ESMTP +Sendmail ready at (.+) \(.+\)$">
|
1446
|
+
<description>
|
1447
|
+
catch all for other versions of sendmail
|
1448
|
+
</description>
|
1449
|
+
<param pos="0" name="service.family" value="Sendmail"/>
|
1450
|
+
<param pos="0" name="service.product" value="Sendmail"/>
|
1451
|
+
<param pos="0" name="system.time.format" value="EEE, dd MMM yyyy HH:mm:ss zzz"/>
|
1452
|
+
<param pos="1" name="host.name"/>
|
1453
|
+
<param pos="2" name="system.time"/>
|
1454
|
+
</fingerprint>
|
1455
|
+
|
1456
|
+
<fingerprint pattern="^([^ ]+) +ESMTP +Sendmail ;.*$">
|
1457
|
+
<description>
|
1458
|
+
catch all for other versions of sendmail
|
1459
|
+
</description>
|
1460
|
+
<param pos="0" name="service.family" value="Sendmail"/>
|
1461
|
+
<param pos="0" name="service.product" value="Sendmail"/>
|
1462
|
+
<param pos="1" name="host.name"/>
|
1463
|
+
</fingerprint>
|
1464
|
+
|
1465
|
+
<fingerprint pattern="^([^ ]+) ESMTP Sendmail ready$">
|
1466
|
+
<description>
|
1467
|
+
catch all for other versions of sendmail
|
1468
|
+
</description>
|
1469
|
+
<param pos="0" name="service.family" value="Sendmail"/>
|
1470
|
+
<param pos="0" name="service.product" value="Sendmail"/>
|
1471
|
+
<param pos="1" name="host.name"/>
|
1472
|
+
</fingerprint>
|
1473
|
+
|
1474
|
+
<fingerprint pattern="^([^ ]+) Sendmail ([^/]+)/([^ ]+) ready at ([^;\.]+)$">
|
1475
|
+
<description>
|
1476
|
+
catch all for other versions of sendmail
|
1477
|
+
</description>
|
1478
|
+
<param pos="0" name="service.family" value="Sendmail"/>
|
1479
|
+
<param pos="0" name="service.product" value="Sendmail"/>
|
1480
|
+
<param pos="0" name="system.time.format" value="EEE, dd MMM yyyy HH:mm:ss zzz"/>
|
1481
|
+
<param pos="1" name="host.name"/>
|
1482
|
+
<param pos="2" name="service.version"/>
|
1483
|
+
<param pos="3" name="sendmail.config.version"/>
|
1484
|
+
<param pos="4" name="system.time"/>
|
1485
|
+
</fingerprint>
|
1486
|
+
|
1487
|
+
<fingerprint pattern="^([^ ]+) Sendmail ([^;]+); ([^;\.]+)$">
|
1488
|
+
<description>
|
1489
|
+
catch all for other versions of sendmail
|
1490
|
+
</description>
|
1491
|
+
<param pos="0" name="service.family" value="Sendmail"/>
|
1492
|
+
<param pos="0" name="service.product" value="Sendmail"/>
|
1493
|
+
<param pos="0" name="system.time.format" value="EEE, dd MMM yyyy HH:mm:ss zzz"/>
|
1494
|
+
<param pos="1" name="host.name"/>
|
1495
|
+
<param pos="2" name="service.version"/>
|
1496
|
+
<param pos="3" name="system.time"/>
|
1497
|
+
</fingerprint>
|
1498
|
+
|
1499
|
+
<fingerprint pattern="^([^ ]+) ESMTP Sendmail$">
|
1500
|
+
<description>
|
1501
|
+
catch all for other versions of sendmail
|
1502
|
+
</description>
|
1503
|
+
<param pos="0" name="service.family" value="Sendmail"/>
|
1504
|
+
<param pos="0" name="service.product" value="Sendmail"/>
|
1505
|
+
<param pos="1" name="host.name"/>
|
1506
|
+
</fingerprint>
|
1507
|
+
|
1508
|
+
<!-- Sun Internet Mail Server -->
|
1509
|
+
<!-- Sun Internet Mail Server sims\.([^\.]+)([^\.]+)([^\.]+)([^\.]+)([^\.]+)([^\.]+)([^\.]+)([^\.]+) -->
|
1510
|
+
|
1511
|
+
<!-- these suckers can have LOTS of version numbers -->
|
1512
|
+
<fingerprint pattern="^([^ ]+) -- Server ESMTP \(Sun Internet Mail Server sims\.([^\.]+\.[^\.]+\.[^\.]+\.[^\.]+\.[^\.]+\.[^\.]+\.[^\.]+\.[^\.]+)\)$">
|
1513
|
+
<description>
|
1514
|
+
220 smtp.foo.bar -- Server ESMTP (Sun Internet Mail Server sims.4.0.2000.10.12.16.25.p8)
|
1515
|
+
</description>
|
1516
|
+
<param pos="0" name="service.vendor" value="Sun"/>
|
1517
|
+
<param pos="0" name="service.family" value="Internet Mail Server"/>
|
1518
|
+
<param pos="0" name="service.product" value="Internet Mail Server"/>
|
1519
|
+
<param pos="0" name="os.vendor" value="Sun"/>
|
1520
|
+
<param pos="0" name="os.family" value="Solaris"/>
|
1521
|
+
<param pos="0" name="os.device" value="General"/>
|
1522
|
+
<param pos="0" name="os.product" value="Solaris"/>
|
1523
|
+
<param pos="1" name="host.name"/>
|
1524
|
+
<param pos="2" name="service.version"/>
|
1525
|
+
</fingerprint>
|
1526
|
+
|
1527
|
+
<!-- these suckers can have LOTS of version numbers -->
|
1528
|
+
<fingerprint pattern="^([^ ]+) -- Server ESMTP \(Sun Internet Mail Server sims\.([^\.]+\.[^\.]+\.[^\.]+\.[^\.]+\.[^\.]+\.[^\.]+\.[^\.]+)\)$">
|
1529
|
+
<description>
|
1530
|
+
220 mercury.doc.ntu.ac.uk -- Server ESMTP (Sun Internet Mail Server sims.4.0.1999.06.13.00.20)
|
1531
|
+
</description>
|
1532
|
+
<param pos="0" name="service.vendor" value="Sun"/>
|
1533
|
+
<param pos="0" name="service.family" value="Internet Mail Server"/>
|
1534
|
+
<param pos="0" name="service.product" value="Internet Mail Server"/>
|
1535
|
+
<param pos="0" name="os.vendor" value="Sun"/>
|
1536
|
+
<param pos="0" name="os.family" value="Solaris"/>
|
1537
|
+
<param pos="0" name="os.device" value="General"/>
|
1538
|
+
<param pos="0" name="os.product" value="Solaris"/>
|
1539
|
+
<param pos="1" name="host.name"/>
|
1540
|
+
<param pos="2" name="service.version"/>
|
1541
|
+
</fingerprint>
|
1542
|
+
|
1543
|
+
<!-- SLMail with two version numbers -->
|
1544
|
+
<fingerprint pattern="^([^ ]+) S[mM][tT][pP] Server SL[mM]ail v?([^ ]+\.[^ ]+) Ready ESMTP spoken here *$">
|
1545
|
+
<description>
|
1546
|
+
Seattle Labs SLMail server for Windows NT/2k (v2.7 runs on Win9x)
|
1547
|
+
http://serverwatch.internet.com/reviews/mail-slmail.html
|
1548
|
+
http://www.seattlelab.com/
|
1549
|
+
example: 220 mail2.webgeneral.com Smtp Server SLMail v2.7 Ready ESMTP spoken here
|
1550
|
+
</description>
|
1551
|
+
<param pos="0" name="service.vendor" value="Seattle Labs"/>
|
1552
|
+
<param pos="0" name="service.family" value="SLMail"/>
|
1553
|
+
<param pos="0" name="service.product" value="SLMail"/>
|
1554
|
+
<param pos="1" name="host.name"/>
|
1555
|
+
<param pos="2" name="service.version"/>
|
1556
|
+
</fingerprint>
|
1557
|
+
|
1558
|
+
<!-- SLMail with three version numbers -->
|
1559
|
+
<fingerprint pattern="^([^ ]+) S[mM][tT][pP] Server SL[mM]ail v?([^ ]+\.[^ ]+\.[^ ]+) Ready ESMTP spoken here *$">
|
1560
|
+
<description>
|
1561
|
+
Seattle Labs SLMail server for Windows NT/2k (v2.7 runs on Win9x)
|
1562
|
+
http://serverwatch.internet.com/reviews/mail-slmail.html
|
1563
|
+
http://www.seattlelab.com/
|
1564
|
+
example: 220 wl004.pbx.web-light.net SMTP Server SLmail 3.2.3113 Ready ESMTP spoken here
|
1565
|
+
</description>
|
1566
|
+
<param pos="0" name="service.vendor" value="Seattle Labs"/>
|
1567
|
+
<param pos="0" name="service.family" value="SLMail"/>
|
1568
|
+
<param pos="0" name="service.product" value="SLMail"/>
|
1569
|
+
<param pos="1" name="host.name"/>
|
1570
|
+
<param pos="2" name="service.version"/>
|
1571
|
+
</fingerprint>
|
1572
|
+
|
1573
|
+
<!-- SLMail with four version numbers -->
|
1574
|
+
<fingerprint pattern="^([^ ]+) S[mM][tT][pP] Server SL[mM]ail v?([^ ]+\.[^ ]+\.[^ ]+\.[^ ]+) Ready ESMTP spoken here *$">
|
1575
|
+
<description>
|
1576
|
+
Seattle Labs SLMail server for Windows NT/2k (v2.7 runs on Win9x)
|
1577
|
+
http://serverwatch.internet.com/reviews/mail-slmail.html
|
1578
|
+
http://www.seattlelab.com/
|
1579
|
+
example: 220 mail2.webgeneral.com Smtp Server SLMail v2.7 Ready ESMTP spoken here
|
1580
|
+
</description>
|
1581
|
+
<param pos="0" name="service.vendor" value="Seattle Labs"/>
|
1582
|
+
<param pos="0" name="service.family" value="SLMail"/>
|
1583
|
+
<param pos="0" name="service.product" value="SLMail"/>
|
1584
|
+
<param pos="1" name="host.name"/>
|
1585
|
+
<param pos="2" name="service.version"/>
|
1586
|
+
</fingerprint>
|
1587
|
+
|
1588
|
+
<fingerprint pattern="^([^ ]+) +ESMTP Symantec Mail Security$">
|
1589
|
+
<description>
|
1590
|
+
Symantec Mail Security for SMTP
|
1591
|
+
</description>
|
1592
|
+
<param pos="0" name="service.vendor" value="Symantec"/>
|
1593
|
+
<param pos="0" name="service.product" value="Symantec Mail Security for SMTP"/>
|
1594
|
+
<param pos="1" name="host.name"/>
|
1595
|
+
</fingerprint>
|
1596
|
+
|
1597
|
+
<fingerprint pattern="^([^ ]+) +VOPmail ESMTP Receiver Version ([^ ]+\.[^ ]+\.[^ ]+\.[^ ]+) Ready *$">
|
1598
|
+
<description>
|
1599
|
+
VOPMail http://www.vircom.com/en/products/vopmail/vopmail.shtml
|
1600
|
+
example: 220 compudata.com.ar VOPmail ESMTP Receiver Version 4.0.179.0 Ready
|
1601
|
+
</description>
|
1602
|
+
<param pos="0" name="service.vendor" value="Vircom"/>
|
1603
|
+
<param pos="0" name="service.family" value="VOPMail"/>
|
1604
|
+
<param pos="0" name="service.product" value="VOPMail"/>
|
1605
|
+
<param pos="1" name="host.name"/>
|
1606
|
+
<param pos="2" name="service.version"/>
|
1607
|
+
</fingerprint>
|
1608
|
+
|
1609
|
+
<fingerprint pattern="^([^ ]+) VPOP3 SMTP Server Ready *$">
|
1610
|
+
<description>
|
1611
|
+
VPOP3 Email server: http://www.pscs.co.uk/products/vpop3/index.html
|
1612
|
+
example: 220 mail.sbm.com.ar VPOP3 SMTP Server Ready
|
1613
|
+
</description>
|
1614
|
+
<param pos="0" name="service.vendor" value="Paul Smith Computer Services"/>
|
1615
|
+
<param pos="0" name="service.family" value="VPOP3"/>
|
1616
|
+
<param pos="0" name="service.product" value="VPOP3"/>
|
1617
|
+
<param pos="1" name="host.name"/>
|
1618
|
+
</fingerprint>
|
1619
|
+
|
1620
|
+
<fingerprint pattern="^([^ ]+) WebShield SMTP V([^ ]+\.[^ ]+) Network Associates.*Ready at (.+) *$">
|
1621
|
+
<description>
|
1622
|
+
http://www.mcafeeb2b.com/products/webshield-smtp/default.asp
|
1623
|
+
example:220 smtp.foo.bar WebShield SMTP V4.5 Network Associates, Inc. Ready at Fri Jun 22 02:36:23 2001
|
1624
|
+
</description>
|
1625
|
+
<param pos="0" name="service.vendor" value="McAfee"/>
|
1626
|
+
<param pos="0" name="service.family" value="WebShield"/>
|
1627
|
+
<param pos="0" name="service.product" value="WebShield"/>
|
1628
|
+
<param pos="0" name="system.time.format" value="EEE dd MMM yyyy HH:mm:ss zzz"/>
|
1629
|
+
<param pos="1" name="host.name"/>
|
1630
|
+
<param pos="2" name="service.version"/>
|
1631
|
+
<param pos="3" name="system.time"/>
|
1632
|
+
</fingerprint>
|
1633
|
+
|
1634
|
+
<fingerprint pattern="^([^ ]+) WebShield SMTP V([^ ]+\.[^ ]+) ([^ ]+) Network Associates.*Ready at (.+) *$">
|
1635
|
+
<description>
|
1636
|
+
http://www.mcafeeb2b.com/products/webshield-smtp/default.asp
|
1637
|
+
example:220 wsigate WebShield SMTP V4.5 MR1 Network Associates, Inc. Ready at Sun Jul 29 22:47:44 2001
|
1638
|
+
</description>
|
1639
|
+
<param pos="0" name="service.vendor" value="McAfee"/>
|
1640
|
+
<param pos="0" name="service.family" value="WebShield"/>
|
1641
|
+
<param pos="0" name="service.product" value="WebShield"/>
|
1642
|
+
<param pos="0" name="system.time.format" value="EEE dd MMM yyyy HH:mm:ss zzz"/>
|
1643
|
+
<param pos="1" name="host.name"/>
|
1644
|
+
<param pos="2" name="service.version"/>
|
1645
|
+
<param pos="3" name="service.version.version"/>
|
1646
|
+
<param pos="4" name="system.time"/>
|
1647
|
+
</fingerprint>
|
1648
|
+
|
1649
|
+
<fingerprint pattern="^([^ ]+) McAfee WebShield ASaP v([^ ]+\.[^ ]+\.[^ ]+): (.+) *$">
|
1650
|
+
<description>
|
1651
|
+
McAfee Webshield ASaP is a combination hardware/software platform,
|
1652
|
+
basically consisting of a 1U Linux rackmount box with McAfee's filtering software
|
1653
|
+
http://www.mcafeeb2b.com/services/webshield-asap/faq.asp
|
1654
|
+
example: 220 smtp.foo.bar McAfee WebShield ASaP v1.0.1: Sun, 29 Jul 2001 22:46:18 -0700
|
1655
|
+
</description>
|
1656
|
+
<param pos="0" name="service.vendor" value="McAfee"/>
|
1657
|
+
<param pos="0" name="service.family" value="WebShield"/>
|
1658
|
+
<param pos="0" name="service.product" value="WebShield"/>
|
1659
|
+
<param pos="0" name="system.time.format" value="EEE, dd MMM yyyy HH:mm:ss zzz"/>
|
1660
|
+
<param pos="0" name="os.vendor" value="McAfee"/>
|
1661
|
+
<param pos="0" name="os.family" value="Linux"/>
|
1662
|
+
<param pos="0" name="os.device" value="General"/>
|
1663
|
+
<param pos="0" name="os.product" value="Linux"/>
|
1664
|
+
<param pos="1" name="host.name"/>
|
1665
|
+
<param pos="2" name="service.version"/>
|
1666
|
+
<param pos="3" name="system.time"/>
|
1667
|
+
</fingerprint>
|
1668
|
+
|
1669
|
+
<fingerprint pattern="^([^ ]+) McAfee VirusScreen ASaP v([^ ]+\.[^ ]+): (.+) *$">
|
1670
|
+
<description>
|
1671
|
+
example: 220 smtp.foo.bar McAfee VirusScreen ASaP v1.1: Sun, 20 Jul 2003 09:20:52 -0700
|
1672
|
+
</description>
|
1673
|
+
<param pos="0" name="service.vendor" value="McAfee"/>
|
1674
|
+
<param pos="0" name="service.family" value="WebShield"/>
|
1675
|
+
<param pos="0" name="service.product" value="WebShield"/>
|
1676
|
+
<param pos="0" name="system.time.format" value="EEE, dd MMM yyyy HH:mm:ss zzz"/>
|
1677
|
+
<param pos="0" name="os.vendor" value="McAfee"/>
|
1678
|
+
<param pos="0" name="os.family" value="Linux"/>
|
1679
|
+
<param pos="0" name="os.device" value="General"/>
|
1680
|
+
<param pos="0" name="os.product" value="Linux"/>
|
1681
|
+
<param pos="1" name="host.name"/>
|
1682
|
+
<param pos="2" name="service.version"/>
|
1683
|
+
<param pos="3" name="system.time"/>
|
1684
|
+
</fingerprint>
|
1685
|
+
|
1686
|
+
<fingerprint pattern="^([^ ]+) ESMTP - WinRoute Pro ([^ ]+\.[^ ]+) *$">
|
1687
|
+
<description>
|
1688
|
+
WinRoute Pro, runs on 9x/NT/2k
|
1689
|
+
http://www.tinysoftware.com/winpro.php
|
1690
|
+
example: 220 unspecified.host ESMTP - WinRoute Pro 4.0
|
1691
|
+
</description>
|
1692
|
+
<param pos="0" name="service.family" value="WinRoute"/>
|
1693
|
+
<param pos="0" name="service.product" value="WinRoute"/>
|
1694
|
+
<param pos="1" name="host.name"/>
|
1695
|
+
<param pos="2" name="service.version"/>
|
1696
|
+
</fingerprint>
|
1697
|
+
|
1698
|
+
<fingerprint pattern="^([^ ]+) ZMailer Server ([^ ]+\.[^ ]+\.[^ ]+) #([^ ]) ESMTP ready at (.+) *$">
|
1699
|
+
<description>
|
1700
|
+
ZMailer http://www.zmailer.org/technical.html
|
1701
|
+
example: 220 dedos.pert.com.ar ZMailer Server 2.99.54 #2 ESMTP ready at Tue, 6 Feb 2001 10:42:08 -0300
|
1702
|
+
</description>
|
1703
|
+
<param pos="0" name="service.vendor" value="ZMailer"/>
|
1704
|
+
<param pos="0" name="service.family" value="ZMailer"/>
|
1705
|
+
<param pos="0" name="service.product" value="ZMailer"/>
|
1706
|
+
<param pos="0" name="system.time.format" value="EEE, dd MMM yyyy HH:mm:ss zzz"/>
|
1707
|
+
<param pos="1" name="host.name"/>
|
1708
|
+
<param pos="2" name="service.version"/>
|
1709
|
+
<param pos="3" name="service.version.version"/>
|
1710
|
+
<param pos="4" name="system.time"/>
|
1711
|
+
</fingerprint>
|
1712
|
+
|
1713
|
+
<fingerprint pattern="^([^ ]+) ZMailer Server ([^ ]+\.[^ ]+\.[^ ]+) #([^ ]) ESMTP\+IDENT ready at (.+) *$">
|
1714
|
+
<description>
|
1715
|
+
ZMailer server that supports IDENT
|
1716
|
+
</description>
|
1717
|
+
<param pos="0" name="service.vendor" value="ZMailer"/>
|
1718
|
+
<param pos="0" name="service.family" value="ZMailer"/>
|
1719
|
+
<param pos="0" name="service.product" value="ZMailer"/>
|
1720
|
+
<param pos="0" name="system.time.format" value="EEE, dd MMM yyyy HH:mm:ss zzz"/>
|
1721
|
+
<param pos="0" name="zmailer.ident" value="yes"/>
|
1722
|
+
<param pos="1" name="host.name"/>
|
1723
|
+
<param pos="2" name="service.version"/>
|
1724
|
+
<param pos="3" name="service.version.version"/>
|
1725
|
+
<param pos="4" name="system.time"/>
|
1726
|
+
</fingerprint>
|
1727
|
+
|
1728
|
+
<fingerprint pattern="^([^ ]+) E?SMTP(?: Ready\.?)?$">
|
1729
|
+
<description>
|
1730
|
+
catch all for daemons that have no distinguishing fingerprint whatsoever
|
1731
|
+
</description>
|
1732
|
+
<example>foo.example.com ESMTP</example>
|
1733
|
+
<example>foo.example.com ESMTP Ready</example>
|
1734
|
+
<example>foo.example.com SMTP</example>
|
1735
|
+
<param pos="0" name="service.product" value="Unknown"/>
|
1736
|
+
<param pos="1" name="host.name"/>
|
1737
|
+
</fingerprint>
|
1738
|
+
</fingerprints>
|