recog 2.0.13 → 2.0.14

data/xml/mysql_error.xml

@@ -1,4 +1,4 @@
-<?xml version="1.0"?>
+<?xml version="1.0" encoding="UTF-8"?>
 <!--
      Upon successful connection to a MySQL/derivative TCP endpoint, if the
      connecting client is not allowed to speak to the MySQL service (for
@@ -160,7 +160,6 @@
     <param pos="0" name="service.family" value="MySQL"/>
     <param pos="0" name="service.product" value="MySQL"/>
   </fingerprint>
-
   <!-- ER_HOST_IS_BLOCKED -->
   <fingerprint pattern="Stroj '[^']+' je zablokován kvůli mnoha chybám při připojování. Odblokujete použitím 'mysqladmin flush-hosts'">
     <description>Oracle MySQL error ER_HOST_IS_BLOCKED (cze)</description>
@@ -295,7 +294,6 @@
     <param pos="0" name="service.family" value="MySQL"/>
     <param pos="0" name="service.product" value="MySQL"/>
   </fingerprint>
-
   <!-- ER_CANT_CREATE_THREAD -->
   <fingerprint pattern="Nemohu vytvořit nový thread \(errno -?\d+\). Pokud je ještě nějaká volná paměť, podívejte se do manuálu na část o chybách specifických pro jednotlivé operační systémy">
     <description>Oracle MySQL error ER_CANT_CREATE_THREAD (cze)</description>
@@ -423,7 +421,6 @@
     <param pos="0" name="service.family" value="MySQL"/>
     <param pos="0" name="service.product" value="MySQL"/>
   </fingerprint>
-
   <!-- ER_CON_COUNT_ERROR -->
   <fingerprint pattern="Příliš mnoho spojení">
     <description>Oracle MySQL error ER_CON_COUNT_ERROR (cze)</description>
@@ -586,7 +583,6 @@
     <param pos="0" name="service.family" value="MySQL"/>
     <param pos="0" name="service.product" value="MySQL"/>
   </fingerprint>
-
   <!-- ER_BAD_HOST_ERROR -->
   <fingerprint pattern="Nemohu zjistit jméno stroje pro Vaši adresu">
     <description>Oracle MySQL error ER_BAD_HOST_ERROR (cze)</description>
@@ -749,26 +745,23 @@
     <param pos="0" name="service.family" value="MySQL"/>
     <param pos="0" name="service.product" value="MySQL"/>
   </fingerprint>
-
   <fingerprint pattern="^Host '[^']+' is not allowed to connect to this MariaDB server$">
-    <example>Host '10.10.10.10' is not allowed to connect to this MariaDB server</example>
     <description>MariaDB MariaDB - Error: Host not allowed to connect (English) </description>
+    <example>Host '10.10.10.10' is not allowed to connect to this MariaDB server</example>
     <param pos="0" name="service.vendor" value="MariaDB"/>
     <param pos="0" name="service.family" value="MySQL"/>
     <param pos="0" name="service.product" value="MariaDB"/>
   </fingerprint>
-
   <fingerprint pattern="^#07000Proxy Warning - IP Forbidden$">
-    <example>#07000Proxy Warning - IP Forbidden</example>
     <description>Oracle MySQL Proxy - Error: Host not allowed to connect</description>
+    <example>#07000Proxy Warning - IP Forbidden</example>
     <param pos="0" name="service.vendor" value="Oracle"/>
     <param pos="0" name="service.family" value="MySQL"/>
     <param pos="0" name="service.product" value="MySQL Proxy"/>
   </fingerprint>
-
   <fingerprint pattern="^\(proxy\) all backends are down$">
-    <example>(proxy) all backends are down</example>
     <description>Oracle MySQL Proxy - Error: Backends down</description>
+    <example>(proxy) all backends are down</example>
     <param pos="0" name="service.vendor" value="Oracle"/>
     <param pos="0" name="service.family" value="MySQL"/>
     <param pos="0" name="service.product" value="MySQL Proxy"/>

data/xml/nntp_banners.xml

@@ -1,51 +1,48 @@
-<?xml version="1.0"?>
+<?xml version="1.0" encoding="UTF-8"?>
 <!--
 NNTP greeting messages (part of the banner after the response code) are matched
 against these patterns to fingerprint NNTP servers.
 -->
-
 <fingerprints matches="nntp.banner">
-   <fingerprint pattern="^NNTP Service (?:.*) Version: (5.0.2195.[0-9]+) .*$">
-      <example>NNTP Service 5.00.0984 Version: 5.0.2195.7034 Posting Allowed</example>
-      <example>NNTP Service 5.00.0984 Version: 5.0.2195.5329 Posting Allowed</example>
-      <description>Microsoft IIS NNTP Server on Windows 2000</description>
-      <param pos="0" name="service.vendor" value="Microsoft"/>
-      <param pos="0" name="service.product" value="IIS"/>
-      <param pos="0" name="service.family" value="IIS"/>
-      <param pos="1" name="service.version"/>
-      <param pos="0" name="os.vendor" value="Microsoft"/>
-      <param pos="0" name="os.device" value="General"/>
-      <param pos="0" name="os.family" value="Windows"/>
-      <param pos="0" name="os.product" value="Windows 2000"/>
-      <param pos="1" name="ms.nttp.version"/>
-   </fingerprint>
-
-   <fingerprint pattern="^NNTP Service (?:.*) Version: (6.0.3790.[0-9]+) .*$">
-     <example>NNTP Service 6.0.3790.3959 Version: 6.0.3790.3959 Posting Allowed</example>
-      <example>NNTP Service 6.0.3790.206 Version: 6.0.3790.206 Posting Allowed</example>
-      <description>Microsoft IIS NNTP Server on Windows Server 2003</description>
-      <param pos="0" name="service.vendor" value="Microsoft"/>
-      <param pos="0" name="service.product" value="IIS"/>
-      <param pos="0" name="service.family" value="IIS"/>
-      <param pos="1" name="service.version"/>
-      <param pos="0" name="os.vendor" value="Microsoft"/>
-      <param pos="0" name="os.device" value="General"/>
-      <param pos="0" name="os.family" value="Windows"/>
-      <param pos="0" name="os.product" value="Windows Server 2003"/>
-      <param pos="1" name="ms.nttp.version"/>
-   </fingerprint>
-
-   <fingerprint pattern="^NNTP Service Microsoft. Internet Services (?:.*) Version: (?:[^ ]+) .*$">
-      <example>NNTP Service Microsoft. Internet Services 5.00 Version: 5.0.2068.0 Posting Allowed</example>
-      <example>NNTP Service Microsoft. Internet Services 5.00.7515. Version: 5.0.0.7515 Posting Allowed</example>
-      <example>NNTP Service Microsoft. Internet Services 5.5 Version: 5.5.1726.0 Posting Allowed</example>
-      <description>Older Microsoft IIS NNTP Servers</description>
-      <param pos="0" name="service.vendor" value="Microsoft"/>
-      <param pos="0" name="service.family" value="Exchange Server"/>
-      <param pos="0" name="service.product" value="Exchange Server"/>
-      <param pos="0" name="os.vendor" value="Microsoft"/>
-      <param pos="0" name="os.device" value="General"/>
-      <param pos="0" name="os.family" value="Windows"/>
-      <param pos="0" name="os.product" value="Windows"/>
-   </fingerprint>
+  <fingerprint pattern="^NNTP Service (?:.*) Version: (5.0.2195.[0-9]+) .*$">
+    <description>Microsoft IIS NNTP Server on Windows 2000</description>
+    <example>NNTP Service 5.00.0984 Version: 5.0.2195.7034 Posting Allowed</example>
+    <example>NNTP Service 5.00.0984 Version: 5.0.2195.5329 Posting Allowed</example>
+    <param pos="0" name="service.vendor" value="Microsoft"/>
+    <param pos="0" name="service.product" value="IIS"/>
+    <param pos="0" name="service.family" value="IIS"/>
+    <param pos="1" name="service.version"/>
+    <param pos="0" name="os.vendor" value="Microsoft"/>
+    <param pos="0" name="os.device" value="General"/>
+    <param pos="0" name="os.family" value="Windows"/>
+    <param pos="0" name="os.product" value="Windows 2000"/>
+    <param pos="1" name="ms.nttp.version"/>
+  </fingerprint>
+  <fingerprint pattern="^NNTP Service (?:.*) Version: (6.0.3790.[0-9]+) .*$">
+    <description>Microsoft IIS NNTP Server on Windows Server 2003</description>
+    <example>NNTP Service 6.0.3790.3959 Version: 6.0.3790.3959 Posting Allowed</example>
+    <example>NNTP Service 6.0.3790.206 Version: 6.0.3790.206 Posting Allowed</example>
+    <param pos="0" name="service.vendor" value="Microsoft"/>
+    <param pos="0" name="service.product" value="IIS"/>
+    <param pos="0" name="service.family" value="IIS"/>
+    <param pos="1" name="service.version"/>
+    <param pos="0" name="os.vendor" value="Microsoft"/>
+    <param pos="0" name="os.device" value="General"/>
+    <param pos="0" name="os.family" value="Windows"/>
+    <param pos="0" name="os.product" value="Windows Server 2003"/>
+    <param pos="1" name="ms.nttp.version"/>
+  </fingerprint>
+  <fingerprint pattern="^NNTP Service Microsoft. Internet Services (?:.*) Version: (?:[^ ]+) .*$">
+    <description>Older Microsoft IIS NNTP Servers</description>
+    <example>NNTP Service Microsoft. Internet Services 5.00 Version: 5.0.2068.0 Posting Allowed</example>
+    <example>NNTP Service Microsoft. Internet Services 5.00.7515. Version: 5.0.0.7515 Posting Allowed</example>
+    <example>NNTP Service Microsoft. Internet Services 5.5 Version: 5.5.1726.0 Posting Allowed</example>
+    <param pos="0" name="service.vendor" value="Microsoft"/>
+    <param pos="0" name="service.family" value="Exchange Server"/>
+    <param pos="0" name="service.product" value="Exchange Server"/>
+    <param pos="0" name="os.vendor" value="Microsoft"/>
+    <param pos="0" name="os.device" value="General"/>
+    <param pos="0" name="os.family" value="Windows"/>
+    <param pos="0" name="os.product" value="Windows"/>
+  </fingerprint>
 </fingerprints>

data/xml/ntp_banners.xml

@@ -1,4 +1,4 @@
-<?xml version="1.0"?>
+<?xml version="1.0" encoding="UTF-8"?>
 <!--
 NTP "banners", taken from a readvar response
 -->
@@ -79,7 +79,6 @@ NTP "banners", taken from a readvar response
     <param pos="0" name="os.product" value="Windows 7"/>
     <param pos="3" name="os.arch"/>
   </fingerprint>
-
   <fingerprint pattern="^.*version=&quot;ntpd (\S+)[^&quot;]+&quot;,.*system=&quot;Equallogic \(R\) storage array&quot;" flags="REG_DOT_NEWLINE,REG_ICASE">
     <description>ntpd running on an EqualLogic Storage Array that includes the NTP version</description>
     <example>
@@ -231,7 +230,7 @@ NTP "banners", taken from a readvar response
     <param pos="0" name="os.product" value="BSD/OS"/>
     <param pos="1" name="os.arch"/>
     <param pos="2" name="os.version"/>
-  </fingerprint>-->
+  </fingerprint>
   <fingerprint pattern="^.*system=&quot;BSD/OS&quot;" flags="REG_DOT_NEWLINE,REG_ICASE">
     <description>BSD/OS without a version or arch</description>
     <example>

data/xml/pop_banners.xml

@@ -1,254 +1,222 @@
-<?xml version="1.0"?>
+<?xml version="1.0" encoding="UTF-8"?>
 <!--
 POP3 greeting messages (part of the banner after the status indicator +OK or -ERR) are
 matched against these patterns to fingerprint POP3 servers.
 -->
-
 <fingerprints matches="pop3.banner">
-
-   <fingerprint pattern="^([^ ]+) +Cyrus POP3 v(\d+\.\d+.*)-OS X(?: Server)? ([\d\.]+).* server ready">
-      <description>OSX Cyrus POP</description>
-      <example host.domain="8.8.8.8" service.version="2.3.8" os.version="10.5">8.8.8.8 Cyrus POP3 v2.3.8-OS X Server 10.5: 9A562 server ready &lt;1999107648.1324502155@8.8.8.8&gt;</example>
-      <param pos="0" name="service.vendor" value="Carnegie Mellon University"/>
-      <param pos="0" name="service.family" value="Cyrus MTA"/>
-      <param pos="0" name="service.product" value="Cyrus POP"/>
-      <param pos="2" name="service.version"/>
-      <param pos="0" name="os.vendor" value="Apple"/>
-      <param pos="0" name="os.family" value="Mac OS X"/>
-      <param pos="0" name="os.product" value="Mac OS X"/>
-      <param pos="0" name="os.device" value="General"/>
-      <param pos="3" name="os.version"/>
-      <param pos="1" name="host.domain"/>
-    </fingerprint>
-
-   <fingerprint pattern="^([^ ]+) +Cyrus POP3 v([\d\.]+)">
-      <description>CMU Cyrus POP</description>
-      <example host.domain="foo" service.version="2.3">foo Cyrus POP3 v2.3</example>
-      <example host.domain="foo" service.version="2.3.14">foo Cyrus POP3 v2.3.14 server ready &lt;13087751828270990591.1301068892@foo&gt;</example>
-      <param pos="0" name="service.vendor" value="Carnegie Mellon University"/>
-      <param pos="0" name="service.family" value="Cyrus MTA"/>
-      <param pos="0" name="service.product" value="Cyrus POP"/>
-      <param pos="2" name="service.version"/>
-      <param pos="1" name="host.domain"/>
-    </fingerprint>
-
-    <fingerprint pattern="^Lotus Notes POP3 server version X[^ ]+ ready on .*$">
-      <example>Lotus Notes POP3 server version X2.0 ready on foo/bar.</example>
-      <description>IBM Lotus Notes/Domino</description>
-      <param pos="0" name="service.vendor" value="IBM"/>
-      <param pos="0" name="service.family" value="Lotus Domino"/>
-      <param pos="0" name="service.product" value="Lotus Domino"/>
-   </fingerprint>
-
-    <fingerprint pattern="^Lotus Notes POP3 server version Release ([^ ]+) ready on .*$">
-      <example>Lotus Notes POP3 server version Release 8.5.1FP5 ready on foo/US.</example>
-      <description>IBM Lotus Notes/Domino</description>
-      <param pos="0" name="service.vendor" value="IBM"/>
-      <param pos="0" name="service.family" value="Lotus Domino"/>
-      <param pos="0" name="service.product" value="Lotus Domino"/>
-      <param pos="1" name="service.version"/>
-   </fingerprint>
-
-   <fingerprint pattern="^Qpopper \(version (\d+\.\d+\.\d+), modified by Sphera Technologies\) at (.+) starting\..*$">
-      <description>Qpopper with Sphera mods</description>
-      <example>Qpopper (version 4.0.3, modified by Sphera Technologies) at domain starting.  &lt;xxx@domain&gt;</example>
-      <param pos="0" name="service.vendor" value="Sphera"/>
-      <param pos="0" name="service.family" value="Qpopper"/>
-      <param pos="0" name="service.product" value="Qpopper"/>
-      <param pos="1" name="service.version"/>
-      <param pos="2" name="host.domain"/>
-   </fingerprint>
-
-   <fingerprint pattern="^Qpopper \(version (\d+\.\d+\.\d+)-mysql-(.+)\) at (.+) starting\..*$">
-      <description>Qpopper with MySQL auth module</description>
-      <example>Qpopper (version 4.0.3-mysql-0.13) at domain starting.  &lt;xxx@domain&gt;</example>
-      <param pos="0" name="service.vendor" value="Qualcomm"/>
-      <param pos="0" name="service.family" value="Qpopper"/>
-      <param pos="0" name="service.product" value="Qpopper"/>
-      <param pos="1" name="service.version"/>
-      <param pos="0" name="service.component.family" value="qpopper-mysql"/>
-      <param pos="0" name="service.component.product" value="qpopper-mysql"/>
-      <param pos="2" name="service.component.version"/>
-      <param pos="3" name="host.domain"/>
-   </fingerprint>
-
-   <fingerprint pattern="^Qpop(?:per)? \(version ([\d\.]+)\) at (.+)(?: starting\.)?.*$" flags="REG_ICASE">
-      <description>Qpopper missing version info</description>
-      <example>Qpopper (version 4.0.16) at foo.example.com</example>
-      <example>QPOP (version 2.53) at domain starting.  &lt;xxx@domain&gt;</example>
-      <example>Qpopper (version 4.0.3) at domain starting.  &lt;xxx@domain&gt;</example>
-      <param pos="0" name="service.vendor" value="Qualcomm"/>
-      <param pos="0" name="service.family" value="Qpopper"/>
-      <param pos="0" name="service.product" value="Qpopper"/>
-      <param pos="1" name="service.version"/>
-      <param pos="2" name="host.domain"/>
-   </fingerprint>
-
-   <fingerprint pattern="^QPOP \(version (.*)\) at (.+) starting\..*$">
-      <description>Qpopper with missing version info</description>
-      <example>QPOP (version ?) at domain starting.  &lt;xxx@domain&gt;</example>
-      <param pos="0" name="service.vendor" value="Qualcomm"/>
-      <param pos="0" name="service.family" value="Qpopper"/>
-      <param pos="0" name="service.product" value="Qpopper"/>
-      <param pos="1" name="qpopper.version"/>
-      <param pos="2" name="host.domain"/>
-   </fingerprint>
-
-   <fingerprint pattern="^Microsoft Exchange Server 2003 POP3 server version (\d+\.\d+\.\d+\.\d+) (.+) ready.$">
-      <description>Microsoft Exchange Server 2003</description>
-      <example>Microsoft Exchange Server 2003 POP3 server version 6.5.6944.0 (host) ready.</example>
-      <param pos="0" name="service.vendor" value="Microsoft"/>
-      <param pos="0" name="service.family" value="Exchange Server"/>
-      <param pos="0" name="service.product" value="Exchange 2003 Server"/>
-      <param pos="1" name="service.version"/>
-      <param pos="2" name="host.name"/>
-      <param pos="0" name="os.vendor" value="Microsoft"/>
-      <param pos="0" name="os.device" value="General"/>
-      <param pos="0" name="os.family" value="Windows"/>
-      <param pos="0" name="os.product" value="Windows"/>
-   </fingerprint>
-
-   <fingerprint pattern="^Microsoft Exchange 2000 POP3 server version (\d+\.\d+\.\d+\.\d+) (.+) ready.$">
-      <description>Microsoft Exchange Server 2000</description>
-      <example>Microsoft Exchange 2000 POP3 server version 6.0.6603.0 (host) ready.</example>
-      <param pos="0" name="service.vendor" value="Microsoft"/>
-      <param pos="0" name="service.family" value="Exchange Server"/>
-      <param pos="0" name="service.product" value="Exchange 2000 Server"/>
-      <param pos="1" name="service.version"/>
-      <param pos="2" name="host.name"/>
-      <param pos="0" name="os.vendor" value="Microsoft"/>
-      <param pos="0" name="os.device" value="General"/>
-      <param pos="0" name="os.family" value="Windows"/>
-      <param pos="0" name="os.product" value="Windows"/>
-   </fingerprint>
-
-   <fingerprint pattern="^Microsoft Exchange POP3 server version (\d+\.\d+\.\d+\.\d+) ready$">
-      <description>Microsoft Exchange Server</description>
-      <example>Microsoft Exchange POP3 server version 5.5.2654.50 ready</example>
-      <param pos="0" name="service.vendor" value="Microsoft"/>
-      <param pos="0" name="service.family" value="Exchange Server"/>
-      <param pos="0" name="service.product" value="Exchange Server"/>
-      <param pos="1" name="service.version"/>
-      <param pos="0" name="os.vendor" value="Microsoft"/>
-      <param pos="0" name="os.device" value="General"/>
-      <param pos="0" name="os.family" value="Windows"/>
-      <param pos="0" name="os.product" value="Windows"/>
-   </fingerprint>
-
-   <fingerprint pattern="^Microsoft Windows POP3 Service Version 1.0 &lt;.+@(.+)&gt; ready.$">
-      <description>Microsoft POP3 Services on Windows 2003</description>
-      <example>Microsoft Windows POP3 Service Version 1.0 &lt;xxx@host&gt; ready.</example>
-      <param pos="0" name="service.vendor" value="Microsoft"/>
-      <param pos="0" name="service.family" value="E-mail Services"/>
-      <param pos="0" name="service.product" value="E-mail Services"/>
-      <param pos="1" name="host.name"/>
-      <param pos="0" name="os.vendor" value="Microsoft"/>
-      <param pos="0" name="os.device" value="General"/>
-      <param pos="0" name="os.family" value="Windows"/>
-      <param pos="0" name="os.product" value="Windows Server 2003"/>
-   </fingerprint>
-
-   <fingerprint pattern="^Microsoft Exchange Server 2007 POP3 service ready\.?$">
-     <description>Microsoft Exchange Server 2007</description>
-      <example>Microsoft Exchange Server 2007 POP3 service ready</example>
-      <param pos="0" name="service.vendor" value="Microsoft"/>
-      <param pos="0" name="service.family" value="Exchange Server"/>
-      <param pos="0" name="service.product" value="Exchange 2007 Server"/>
-      <param pos="0" name="os.vendor" value="Microsoft"/>
-      <param pos="0" name="os.device" value="General"/>
-      <param pos="0" name="os.family" value="Windows"/>
-      <param pos="0" name="os.product" value="Windows"/>
-    </fingerprint>
-
-    <fingerprint pattern="^The? Microsoft Exchange POP3 service is ready\.?$">
-      <description>Microsoft Exchange Server, generic</description>
-      <example>The Microsoft Exchange POP3 service is ready.</example>
-      <param pos="0" name="service.vendor" value="Microsoft"/>
-      <param pos="0" name="service.family" value="Exchange Server"/>
-      <param pos="0" name="service.product" value="Exchange Server"/>
-      <param pos="0" name="os.vendor" value="Microsoft"/>
-      <param pos="0" name="os.device" value="General"/>
-      <param pos="0" name="os.family" value="Windows"/>
-      <param pos="0" name="os.product" value="Windows"/>
-    </fingerprint>
-
-   <fingerprint pattern="^[dD]ovecot (?:DA )?ready\.(?: &lt;.+@(.+)&gt;)?$">
-      <!--  Dovecot DA ready.
-            dovecot ready.
-            Dovecot ready.
-            Dovecot ready. <xxx@host>
-        -->
-      <description>Dovecot Secure POP Server</description>
-      <param pos="0" name="service.family" value="Dovecot"/>
-      <param pos="0" name="service.product" value="Dovecot"/>
-      <param pos="1" name="host.name"/>
-    </fingerprint>
-
-    <fingerprint pattern="^(\S+) Zimbra POP3 server ready\.?$">
-      <example>catfood.example.com Zimbra POP3 server ready</example>
-      <example>dogfood.example.com Zimbra POP3 server ready</example>
-      <description>VMware Zimbra POP</description>
-      <param pos="0" name="service.vendor" value="VMware"/>
-      <param pos="0" name="service.product" value="Zimbra"/>
-      <param pos="1" name="host.name"/>
-    </fingerprint>
-
-    <fingerprint pattern="^(\S+) Zimbra (\S+) POP3 server ready\.?$">
-      <example>example.com Zimbra 7.0.0_GA_3079 POP3 server ready</example>
-      <description>VMware Zimbra POP</description>
-      <param pos="0" name="service.vendor" value="VMware"/>
-      <param pos="0" name="service.product" value="Zimbra"/>
-      <param pos="2" name="service.version"/>
-      <param pos="1" name="host.name"/>
-   </fingerprint>
-
-    <fingerprint pattern="^(?:S?POP3? server ready |Hello there.? )?&lt;.*@([^&gt;]+)&gt;$">
-      <example>POP3 server ready &lt;58c29ae4-7316-429e-8109-060444ab1a28@foo.example.com&gt;</example>
-      <example>&lt;84427.1298535083@foo.example.com&gt;</example>
-      <description>Generic masked POP3 server</description>
-      <param pos="1" name="host.name"/>
-   </fingerprint>
-
-   <fingerprint pattern="^ApplePasswordServer ([\d\.]+) password">
-      <description>Apple Open Directory</description>
-      <example>ApplePasswordServer 10.6.0.0 password server at 10.2.90.228 ready.</example>
-      <example>ApplePasswordServer 10.5.0.1 password serv</example>
-      <param pos="0" name="service.vendor" value="Apple"/>
-      <param pos="0" name="service.product" value="Open Directory"/>
-      <param pos="0" name="os.vendor" value="Apple"/>
-      <param pos="0" name="os.family" value="Mac OS X"/>
-      <param pos="0" name="os.product" value="Mac OS X"/>
-      <param pos="1" name="os.version"/>
-      <!-- the version coming from this service is usually accurate for the major version
-           but horribly wrong for the minor and patch levels, therefore drop the certainty
-           in lieu of a "quality" attribute for fingerprints -->
-      <param pos="0" name="os.certainty" value="0.5"/>
-   </fingerprint>
-
-   <fingerprint pattern="^TCPIP POP server V\d\.\d\S-\S{3}, OpenVMS V(\d\.\d-\d)(?:\s+\S+)?\s+at\s+(\S+), .*$">
-      <description>TCP/IP Services for OpenVMS POP server</description>
-      <example os.version="7.3-2" host.name="example.com">TCPIP POP server V5.4J-15A, OpenVMS V7.3-2 Alpha at example.com, up since 2015-02-12 08:44:53 20400434.2</example>
-      <!--V5.4J-15A refers to TCP/IP Services for OpenVMS version-->
-      <param pos="0" name="service.family" value="OpenVMS"/>
-      <param pos="0" name="service.product" value="TCPIP POP server"/>
-      <param pos="0" name="service.vendor" value="HP"/>
-      <param pos="0" name="os.vendor" value="HP"/>
-      <param pos="0" name="os.family" value="OpenVMS"/>
-      <param pos="0" name="os.product" value="OpenVMS"/>
-      <param pos="0" name="os.device" value="General"/>
-      <param pos="1" name="os.version"/>
-      <param pos="2" name="host.name"/>
-    </fingerprint>
-
-    <fingerprint pattern="^Hello there\.$">
-      <example>Hello there.</example>
-      <description>Courier MTA POP</description>
-      <param pos="0" name="service.vendor" value="Double Precision"/>
-      <param pos="0" name="service.family" value="Courier MTA"/>
-      <param pos="0" name="service.product" value="Courier POP"/>
-    </fingerprint>
-
-<!--
+  <fingerprint pattern="^([^ ]+) +Cyrus POP3 v(\d+\.\d+.*)-OS X(?: Server)? ([\d\.]+).* server ready">
+    <description>OSX Cyrus POP</description>
+    <example host.domain="8.8.8.8" service.version="2.3.8" os.version="10.5">8.8.8.8 Cyrus POP3 v2.3.8-OS X Server 10.5: 9A562 server ready &lt;1999107648.1324502155@8.8.8.8&gt;</example>
+    <param pos="0" name="service.vendor" value="Carnegie Mellon University"/>
+    <param pos="0" name="service.family" value="Cyrus MTA"/>
+    <param pos="0" name="service.product" value="Cyrus POP"/>
+    <param pos="2" name="service.version"/>
+    <param pos="0" name="os.vendor" value="Apple"/>
+    <param pos="0" name="os.family" value="Mac OS X"/>
+    <param pos="0" name="os.product" value="Mac OS X"/>
+    <param pos="0" name="os.device" value="General"/>
+    <param pos="3" name="os.version"/>
+    <param pos="1" name="host.domain"/>
+  </fingerprint>
+  <fingerprint pattern="^([^ ]+) +Cyrus POP3 v([\d\.]+)">
+    <description>CMU Cyrus POP</description>
+    <example host.domain="foo" service.version="2.3">foo Cyrus POP3 v2.3</example>
+    <example host.domain="foo" service.version="2.3.14">foo Cyrus POP3 v2.3.14 server ready &lt;13087751828270990591.1301068892@foo&gt;</example>
+    <param pos="0" name="service.vendor" value="Carnegie Mellon University"/>
+    <param pos="0" name="service.family" value="Cyrus MTA"/>
+    <param pos="0" name="service.product" value="Cyrus POP"/>
+    <param pos="2" name="service.version"/>
+    <param pos="1" name="host.domain"/>
+  </fingerprint>
+  <fingerprint pattern="^Lotus Notes POP3 server version X[^ ]+ ready on .*$">
+    <description>IBM Lotus Notes/Domino</description>
+    <example>Lotus Notes POP3 server version X2.0 ready on foo/bar.</example>
+    <param pos="0" name="service.vendor" value="IBM"/>
+    <param pos="0" name="service.family" value="Lotus Domino"/>
+    <param pos="0" name="service.product" value="Lotus Domino"/>
+  </fingerprint>
+  <fingerprint pattern="^Lotus Notes POP3 server version Release ([^ ]+) ready on .*$">
+    <description>IBM Lotus Notes/Domino</description>
+    <example>Lotus Notes POP3 server version Release 8.5.1FP5 ready on foo/US.</example>
+    <param pos="0" name="service.vendor" value="IBM"/>
+    <param pos="0" name="service.family" value="Lotus Domino"/>
+    <param pos="0" name="service.product" value="Lotus Domino"/>
+    <param pos="1" name="service.version"/>
+  </fingerprint>
+  <fingerprint pattern="^Qpopper \(version (\d+\.\d+\.\d+), modified by Sphera Technologies\) at (.+) starting\..*$">
+    <description>Qpopper with Sphera mods</description>
+    <example>Qpopper (version 4.0.3, modified by Sphera Technologies) at domain starting.  &lt;xxx@domain&gt;</example>
+    <param pos="0" name="service.vendor" value="Sphera"/>
+    <param pos="0" name="service.family" value="Qpopper"/>
+    <param pos="0" name="service.product" value="Qpopper"/>
+    <param pos="1" name="service.version"/>
+    <param pos="2" name="host.domain"/>
+  </fingerprint>
+  <fingerprint pattern="^Qpopper \(version (\d+\.\d+\.\d+)-mysql-(.+)\) at (.+) starting\..*$">
+    <description>Qpopper with MySQL auth module</description>
+    <example>Qpopper (version 4.0.3-mysql-0.13) at domain starting.  &lt;xxx@domain&gt;</example>
+    <param pos="0" name="service.vendor" value="Qualcomm"/>
+    <param pos="0" name="service.family" value="Qpopper"/>
+    <param pos="0" name="service.product" value="Qpopper"/>
+    <param pos="1" name="service.version"/>
+    <param pos="0" name="service.component.family" value="qpopper-mysql"/>
+    <param pos="0" name="service.component.product" value="qpopper-mysql"/>
+    <param pos="2" name="service.component.version"/>
+    <param pos="3" name="host.domain"/>
+  </fingerprint>
+  <fingerprint pattern="^Qpop(?:per)? \(version ([\d\.]+)\) at (.+)(?: starting\.)?.*$" flags="REG_ICASE">
+    <description>Qpopper missing version info</description>
+    <example>Qpopper (version 4.0.16) at foo.example.com</example>
+    <example>QPOP (version 2.53) at domain starting.  &lt;xxx@domain&gt;</example>
+    <example>Qpopper (version 4.0.3) at domain starting.  &lt;xxx@domain&gt;</example>
+    <param pos="0" name="service.vendor" value="Qualcomm"/>
+    <param pos="0" name="service.family" value="Qpopper"/>
+    <param pos="0" name="service.product" value="Qpopper"/>
+    <param pos="1" name="service.version"/>
+    <param pos="2" name="host.domain"/>
+  </fingerprint>
+  <fingerprint pattern="^QPOP \(version (.*)\) at (.+) starting\..*$">
+    <description>Qpopper with missing version info</description>
+    <example>QPOP (version ?) at domain starting.  &lt;xxx@domain&gt;</example>
+    <param pos="0" name="service.vendor" value="Qualcomm"/>
+    <param pos="0" name="service.family" value="Qpopper"/>
+    <param pos="0" name="service.product" value="Qpopper"/>
+    <param pos="1" name="qpopper.version"/>
+    <param pos="2" name="host.domain"/>
+  </fingerprint>
+  <fingerprint pattern="^Microsoft Exchange Server 2003 POP3 server version (\d+\.\d+\.\d+\.\d+) (.+) ready.$">
+    <description>Microsoft Exchange Server 2003</description>
+    <example>Microsoft Exchange Server 2003 POP3 server version 6.5.6944.0 (host) ready.</example>
+    <param pos="0" name="service.vendor" value="Microsoft"/>
+    <param pos="0" name="service.family" value="Exchange Server"/>
+    <param pos="0" name="service.product" value="Exchange 2003 Server"/>
+    <param pos="1" name="service.version"/>
+    <param pos="2" name="host.name"/>
+    <param pos="0" name="os.vendor" value="Microsoft"/>
+    <param pos="0" name="os.device" value="General"/>
+    <param pos="0" name="os.family" value="Windows"/>
+    <param pos="0" name="os.product" value="Windows"/>
+  </fingerprint>
+  <fingerprint pattern="^Microsoft Exchange 2000 POP3 server version (\d+\.\d+\.\d+\.\d+) (.+) ready.$">
+    <description>Microsoft Exchange Server 2000</description>
+    <example>Microsoft Exchange 2000 POP3 server version 6.0.6603.0 (host) ready.</example>
+    <param pos="0" name="service.vendor" value="Microsoft"/>
+    <param pos="0" name="service.family" value="Exchange Server"/>
+    <param pos="0" name="service.product" value="Exchange 2000 Server"/>
+    <param pos="1" name="service.version"/>
+    <param pos="2" name="host.name"/>
+    <param pos="0" name="os.vendor" value="Microsoft"/>
+    <param pos="0" name="os.device" value="General"/>
+    <param pos="0" name="os.family" value="Windows"/>
+    <param pos="0" name="os.product" value="Windows"/>
+  </fingerprint>
+  <fingerprint pattern="^Microsoft Exchange POP3 server version (\d+\.\d+\.\d+\.\d+) ready$">
+    <description>Microsoft Exchange Server</description>
+    <example>Microsoft Exchange POP3 server version 5.5.2654.50 ready</example>
+    <param pos="0" name="service.vendor" value="Microsoft"/>
+    <param pos="0" name="service.family" value="Exchange Server"/>
+    <param pos="0" name="service.product" value="Exchange Server"/>
+    <param pos="1" name="service.version"/>
+    <param pos="0" name="os.vendor" value="Microsoft"/>
+    <param pos="0" name="os.device" value="General"/>
+    <param pos="0" name="os.family" value="Windows"/>
+    <param pos="0" name="os.product" value="Windows"/>
+  </fingerprint>
+  <fingerprint pattern="^Microsoft Windows POP3 Service Version 1.0 &lt;.+@(.+)&gt; ready.$">
+    <description>Microsoft POP3 Services on Windows 2003</description>
+    <example>Microsoft Windows POP3 Service Version 1.0 &lt;xxx@host&gt; ready.</example>
+    <param pos="0" name="service.vendor" value="Microsoft"/>
+    <param pos="0" name="service.family" value="E-mail Services"/>
+    <param pos="0" name="service.product" value="E-mail Services"/>
+    <param pos="1" name="host.name"/>
+    <param pos="0" name="os.vendor" value="Microsoft"/>
+    <param pos="0" name="os.device" value="General"/>
+    <param pos="0" name="os.family" value="Windows"/>
+    <param pos="0" name="os.product" value="Windows Server 2003"/>
+  </fingerprint>
+  <fingerprint pattern="^Microsoft Exchange Server 2007 POP3 service ready\.?$">
+    <description>Microsoft Exchange Server 2007</description>
+    <example>Microsoft Exchange Server 2007 POP3 service ready</example>
+    <param pos="0" name="service.vendor" value="Microsoft"/>
+    <param pos="0" name="service.family" value="Exchange Server"/>
+    <param pos="0" name="service.product" value="Exchange 2007 Server"/>
+    <param pos="0" name="os.vendor" value="Microsoft"/>
+    <param pos="0" name="os.device" value="General"/>
+    <param pos="0" name="os.family" value="Windows"/>
+    <param pos="0" name="os.product" value="Windows"/>
+  </fingerprint>
+  <fingerprint pattern="^The? Microsoft Exchange POP3 service is ready\.?$">
+    <description>Microsoft Exchange Server, generic</description>
+    <example>The Microsoft Exchange POP3 service is ready.</example>
+    <param pos="0" name="service.vendor" value="Microsoft"/>
+    <param pos="0" name="service.family" value="Exchange Server"/>
+    <param pos="0" name="service.product" value="Exchange Server"/>
+    <param pos="0" name="os.vendor" value="Microsoft"/>
+    <param pos="0" name="os.device" value="General"/>
+    <param pos="0" name="os.family" value="Windows"/>
+    <param pos="0" name="os.product" value="Windows"/>
+  </fingerprint>
+  <fingerprint pattern="^[dD]ovecot (?:DA )?ready\.(?: &lt;.+@(.+)&gt;)?$">
+    <description>Dovecot Secure POP Server</description>
+    <param pos="0" name="service.family" value="Dovecot"/>
+    <param pos="0" name="service.product" value="Dovecot"/>
+    <param pos="1" name="host.name"/>
+  </fingerprint>
+  <fingerprint pattern="^(\S+) Zimbra POP3 server ready\.?$">
+    <description>VMware Zimbra POP</description>
+    <example>catfood.example.com Zimbra POP3 server ready</example>
+    <example>dogfood.example.com Zimbra POP3 server ready</example>
+    <param pos="0" name="service.vendor" value="VMware"/>
+    <param pos="0" name="service.product" value="Zimbra"/>
+    <param pos="1" name="host.name"/>
+  </fingerprint>
+  <fingerprint pattern="^(\S+) Zimbra (\S+) POP3 server ready\.?$">
+    <description>VMware Zimbra POP</description>
+    <example>example.com Zimbra 7.0.0_GA_3079 POP3 server ready</example>
+    <param pos="0" name="service.vendor" value="VMware"/>
+    <param pos="0" name="service.product" value="Zimbra"/>
+    <param pos="2" name="service.version"/>
+    <param pos="1" name="host.name"/>
+  </fingerprint>
+  <fingerprint pattern="^(?:S?POP3? server ready |Hello there.? )?&lt;.*@([^&gt;]+)&gt;$">
+    <description>Generic masked POP3 server</description>
+    <example>POP3 server ready &lt;58c29ae4-7316-429e-8109-060444ab1a28@foo.example.com&gt;</example>
+    <example>&lt;84427.1298535083@foo.example.com&gt;</example>
+    <param pos="1" name="host.name"/>
+  </fingerprint>
+  <fingerprint pattern="^ApplePasswordServer ([\d\.]+) password">
+    <description>Apple Open Directory</description>
+    <example>ApplePasswordServer 10.6.0.0 password server at 10.2.90.228 ready.</example>
+    <example>ApplePasswordServer 10.5.0.1 password serv</example>
+    <param pos="0" name="service.vendor" value="Apple"/>
+    <param pos="0" name="service.product" value="Open Directory"/>
+    <param pos="0" name="os.vendor" value="Apple"/>
+    <param pos="0" name="os.family" value="Mac OS X"/>
+    <param pos="0" name="os.product" value="Mac OS X"/>
+    <param pos="1" name="os.version"/>
+    <param pos="0" name="os.certainty" value="0.5"/>
+  </fingerprint>
+  <fingerprint pattern="^TCPIP POP server V\d\.\d\S-\S{3}, OpenVMS V(\d\.\d-\d)(?:\s+\S+)?\s+at\s+(\S+), .*$">
+    <description>TCP/IP Services for OpenVMS POP server</description>
+    <example os.version="7.3-2" host.name="example.com">TCPIP POP server V5.4J-15A, OpenVMS V7.3-2 Alpha at example.com, up since 2015-02-12 08:44:53 20400434.2</example>
+    <param pos="0" name="service.family" value="OpenVMS"/>
+    <param pos="0" name="service.product" value="TCPIP POP server"/>
+    <param pos="0" name="service.vendor" value="HP"/>
+    <param pos="0" name="os.vendor" value="HP"/>
+    <param pos="0" name="os.family" value="OpenVMS"/>
+    <param pos="0" name="os.product" value="OpenVMS"/>
+    <param pos="0" name="os.device" value="General"/>
+    <param pos="1" name="os.version"/>
+    <param pos="2" name="host.name"/>
+  </fingerprint>
+  <fingerprint pattern="^Hello there\.$">
+    <description>Courier MTA POP</description>
+    <example>Hello there.</example>
+    <param pos="0" name="service.vendor" value="Double Precision"/>
+    <param pos="0" name="service.family" value="Courier MTA"/>
+    <param pos="0" name="service.product" value="Courier POP"/>
+  </fingerprint>
+  <!--
 
 ; Mandrake 8.1 - uses UW IMAP
 ; +OK POP3 mandrake81-f540k v2000.70mdk server ready
@@ -471,5 +439,4 @@ matched against these patterns to fingerprint POP3 servers.
 Oops, that would loop!
 
 -->
-
 </fingerprints>