recog 2.3.17 → 2.3.21

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (51) hide show
  1. checksums.yaml +4 -4
  2. data/.github/workflows/ci.yml +26 -0
  3. data/bin/recog_standardize +6 -0
  4. data/cpe-remap.yaml +342 -200
  5. data/identifiers/README.md +24 -10
  6. data/identifiers/fields.txt +104 -0
  7. data/identifiers/hw_device.txt +2 -0
  8. data/identifiers/hw_family.txt +11 -0
  9. data/identifiers/hw_product.txt +71 -0
  10. data/identifiers/os_device.txt +2 -1
  11. data/identifiers/os_family.txt +2 -0
  12. data/identifiers/os_product.txt +36 -8
  13. data/identifiers/service_family.txt +10 -1
  14. data/identifiers/service_product.txt +78 -2
  15. data/identifiers/vendor.txt +55 -0
  16. data/lib/recog/nizer.rb +1 -82
  17. data/lib/recog/version.rb +1 -1
  18. data/requirements.txt +1 -1
  19. data/update_cpes.py +18 -5
  20. data/xml/apache_modules.xml +60 -0
  21. data/xml/apache_os.xml +1 -1
  22. data/xml/dns_versionbind.xml +11 -1
  23. data/xml/favicons.xml +122 -3
  24. data/xml/ftp_banners.xml +62 -51
  25. data/xml/html_title.xml +553 -41
  26. data/xml/http_cookies.xml +262 -61
  27. data/xml/http_servers.xml +478 -108
  28. data/xml/http_wwwauth.xml +36 -9
  29. data/xml/imap_banners.xml +5 -5
  30. data/xml/ldap_searchresult.xml +1 -0
  31. data/xml/mdns_device-info_txt.xml +340 -10
  32. data/xml/mysql_banners.xml +2 -1
  33. data/xml/nntp_banners.xml +1 -1
  34. data/xml/ntp_banners.xml +16 -2
  35. data/xml/operating_system.xml +4 -4
  36. data/xml/pop_banners.xml +4 -4
  37. data/xml/rtsp_servers.xml +7 -0
  38. data/xml/sip_banners.xml +347 -9
  39. data/xml/sip_user_agents.xml +323 -4
  40. data/xml/smb_native_lm.xml +32 -1
  41. data/xml/smb_native_os.xml +160 -33
  42. data/xml/smtp_banners.xml +167 -128
  43. data/xml/smtp_expn.xml +1 -0
  44. data/xml/smtp_vrfy.xml +1 -0
  45. data/xml/snmp_sysdescr.xml +205 -36
  46. data/xml/ssh_banners.xml +139 -25
  47. data/xml/telnet_banners.xml +92 -48
  48. data/xml/tls_jarm.xml +140 -0
  49. data/xml/x509_issuers.xml +201 -2
  50. data/xml/x509_subjects.xml +251 -32
  51. metadata +5 -2
data/xml/smtp_banners.xml CHANGED
@@ -44,9 +44,9 @@
44
44
  <param pos="1" name="host.name"/>
45
45
  </fingerprint>
46
46
 
47
- <fingerprint pattern="^([^ ]+) \(IMail (\d+\.[^ ]+) \d+-\d+\) NT-ESMTP Server X1$">
47
+ <fingerprint pattern="^([^ ]{1,512}) \(IMail (\d+\.[^ ]+) \d+-\d+\) NT-ESMTP Server X1$">
48
48
  <description>IMail - non-EVAL version, NT-ESMTP at end</description>
49
- <example service.version="12.4.2.27">foo.bar (IMail 12.4.2.27 21349-1) NT-ESMTP Server X1</example>
49
+ <example host.name="foo.bar" service.version="12.4.2.27">foo.bar (IMail 12.4.2.27 21349-1) NT-ESMTP Server X1</example>
50
50
  <param pos="0" name="service.vendor" value="Ipswitch"/>
51
51
  <param pos="0" name="service.family" value="IMail Server"/>
52
52
  <param pos="0" name="service.product" value="IMail Server"/>
@@ -55,7 +55,7 @@
55
55
  <param pos="1" name="host.name"/>
56
56
  </fingerprint>
57
57
 
58
- <fingerprint pattern="^([^ ]+) SMTP AnalogX Proxy ([^ ]+\.[^ ]+) \(Release\) ready *$">
58
+ <fingerprint pattern="^([^ ]{1,512}) SMTP AnalogX Proxy ([^ ]+\.[^ ]+) \(Release\) ready *$">
59
59
  <description>AnalogX proxy (http://www.analogx.com/contents/download/network/proxy.htm)</description>
60
60
  <example host.name="192.168.1.1" service.version="4.15">192.168.1.1 SMTP AnalogX Proxy 4.15 (Release) ready</example>
61
61
  <param pos="0" name="service.vendor" value="AnalogX"/>
@@ -80,7 +80,7 @@
80
80
  <param pos="0" name="service.cpe23" value="cpe:/a:argosoft:mail_server:{service.version}"/>
81
81
  </fingerprint>
82
82
 
83
- <fingerprint pattern="^^(?:(\S+) +)?ArGoSoft Mail Server Freeware, Version [^ ]+ \(([^ ]+\.[^ ]+\.[^ ]+\.[^ ]+)\) *$">
83
+ <fingerprint pattern="^(?:(\S{1,512}) {1,8})?ArGoSoft Mail Server Freeware, Version [^ ]+ \(([^ ]+\.[^ ]+\.[^ ]+\.[^ ]+)\) *$">
84
84
  <description>ArGoSoft Mail Server - freeware version</description>
85
85
  <example host.name="foo.bar" service.version="1.8.8.8">foo.bar ArGoSoft Mail Server Freeware, Version 1.8 (1.8.8.8)</example>
86
86
  <example service.version="1.8.8.8">ArGoSoft Mail Server Freeware, Version 1.8 (1.8.8.8)</example>
@@ -96,7 +96,7 @@
96
96
  <param pos="1" name="host.name"/>
97
97
  </fingerprint>
98
98
 
99
- <fingerprint pattern="^(?:(\S+) +)?ArGoSoft Mail Server Pro for WinNT\/2000(?:\/XP)?, Version [^ ]+ \(([^ ]+\.[^ ]+\.[^ ]+\.[^ ]+)\) *$">
99
+ <fingerprint pattern="^(?:(\S{1,512}) {1,8})?ArGoSoft Mail Server Pro for WinNT\/2000(?:\/XP)?, Version [^ ]+ \(([^ ]+\.[^ ]+\.[^ ]+\.[^ ]+)\) *$">
100
100
  <description>ArGoSoft Mail Server - Pro version</description>
101
101
  <example service.version="1.6.1.8">ArGoSoft Mail Server Pro for WinNT/2000, Version 1.61 (1.6.1.8)</example>
102
102
  <example service.version="1.8.9.5">ArGoSoft Mail Server Pro for WinNT/2000/XP, Version 1.8 (1.8.9.5)</example>
@@ -113,7 +113,7 @@
113
113
  <param pos="0" name="service.cpe23" value="cpe:/a:argosoft:mail_server:{service.version}"/>
114
114
  </fingerprint>
115
115
 
116
- <fingerprint pattern="^([^ ]+) +AppleShare IP Mail Server ([^ ]+\.[\d.]+) SMTP Server Ready *$">
116
+ <fingerprint pattern="^([^ ]{1,512}) +AppleShare IP Mail Server ([^ ]+\.[\d.]+) SMTP Server Ready *$">
117
117
  <description>AppleShare IP Mail Server</description>
118
118
  <example service.version="6.2.1">foo.bar AppleShare IP Mail Server 6.2.1 SMTP Server Ready</example>
119
119
  <example service.version="6.2">foo.bar AppleShare IP Mail Server 6.2 SMTP Server Ready</example>
@@ -162,7 +162,7 @@
162
162
  Search Cisco's documentation for "fixup protocol SMTP" for more information.
163
163
  -->
164
164
 
165
- <fingerprint pattern="^[\*20 ]+$">
165
+ <fingerprint pattern="^[\*20 ]{1,1024}$">
166
166
  <description>Cisco PIX firewall MailGuard banner stripping</description>
167
167
  <example os.product="PIX">***************************</example>
168
168
  <param pos="0" name="os.vendor" value="Cisco"/>
@@ -171,7 +171,7 @@
171
171
  <param pos="0" name="os.cpe23" value="cpe:/o:cisco:pix_firewall_software:-"/>
172
172
  </fingerprint>
173
173
 
174
- <fingerprint pattern="^([^ ]+) +ESMTP CPMTA-([^ ]+)_([^ ]+)_([^ ]+)_([^ ]+) - NO UCE *$">
174
+ <fingerprint pattern="^([^ ]{1,512}) +ESMTP CPMTA-([^ ]+)_([^ ]+)_([^ ]+)_([^ ]+) - NO UCE *$">
175
175
  <description>Critical Path (aka InScribe) Messaging Server on Windows NT4/2k, Solaris 2.6/2.7/2.8 Sparc/Intel, SGI IRIX 6.5.3 or later, or AIX </description>
176
176
  <param pos="0" name="service.vendor" value="Critical Path"/>
177
177
  <param pos="0" name="service.family" value="Messaging Server"/>
@@ -192,7 +192,7 @@
192
192
  <param pos="0" name="service.product" value="Internet Mail Scanner"/>
193
193
  </fingerprint>
194
194
 
195
- <fingerprint pattern="^([^ ]+) +IMS SMTP Receiver Version ([^ ]+\.[^ ]+) Ready *$">
195
+ <fingerprint pattern="^([^ ]{1,512}) +IMS SMTP Receiver Version ([^ ]+\.[^ ]+) Ready *$">
196
196
  <description>EMWAC Internet Mail Services (http://emwac.ed.ac.uk/html/internet_toolchest/ims/ims.htm)</description>
197
197
  <example service.version="0.83" host.name="foo.bar">foo.bar IMS SMTP Receiver Version 0.83 Ready</example>
198
198
  <param pos="0" name="service.vendor" value="EMWAC"/>
@@ -202,7 +202,7 @@
202
202
  <param pos="2" name="service.version"/>
203
203
  </fingerprint>
204
204
 
205
- <fingerprint pattern="^([^ ]+) running Eudora Internet Mail Server (\d\.[\d.]+) *$">
205
+ <fingerprint pattern="^([^ ]{1,512}) running Eudora Internet Mail Server (\d\.[\d.]+) *$">
206
206
  <description>Eudora Internet Mail Server</description>
207
207
  <example service.version="3.0.2" host.name="foo.bar">foo.bar running Eudora Internet Mail Server 3.0.2</example>
208
208
  <example service.version="2.2" host.name="foo.bar">foo.bar running Eudora Internet Mail Server 2.2</example>
@@ -217,7 +217,7 @@
217
217
  <param pos="2" name="service.version"/>
218
218
  </fingerprint>
219
219
 
220
- <fingerprint pattern="^([^ ]+) +ESMTP Server \(Microsoft Exchange Internet Mail Service (\d+\.\d+\.\d+\.\d+)\) ready *$">
220
+ <fingerprint pattern="^([^ ]{1,512}) +ESMTP Server \(Microsoft Exchange Internet Mail Service (\d+\.\d+\.\d+\.\d+)\) ready *$">
221
221
  <description>Microsoft Exchange Server 5.5 and above (for sure, can't be confused with the IIS builtin SMTP service)</description>
222
222
  <example host.name="foo.bar" service.version="5.5.2653.13">foo.bar ESMTP Server (Microsoft Exchange Internet Mail Service 5.5.2653.13) ready</example>
223
223
  <param pos="0" name="service.vendor" value="Microsoft"/>
@@ -232,7 +232,7 @@
232
232
  <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows:-"/>
233
233
  </fingerprint>
234
234
 
235
- <fingerprint pattern="^([^ ]+) Microsoft Exchange Internet Mail Service (\d+\.\d+\.\d+\.\d+) ready *$">
235
+ <fingerprint pattern="^([^ ]{1,512}) Microsoft Exchange Internet Mail Service (\d+\.\d+\.\d+\.\d+) ready *$">
236
236
  <description>Microsoft Exchange Server 5.0 (for sure, can't be confused with the IIS builtin SMTP service)</description>
237
237
  <example host.name="foo.bar" service.version="5.0.1460.8">foo.bar Microsoft Exchange Internet Mail Service 5.0.1460.8 ready</example>
238
238
  <param pos="0" name="service.vendor" value="Microsoft"/>
@@ -247,7 +247,7 @@
247
247
  <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows:-"/>
248
248
  </fingerprint>
249
249
 
250
- <fingerprint pattern="^([^ ]+) Microsoft ESMTP MAIL Service ready at .*$">
250
+ <fingerprint pattern="^([^ ]{1,512}) Microsoft ESMTP MAIL Service ready at .*$">
251
251
  <description>Microsoft Exchange 2007/2010 (for sure, can't be confused with the IIS builtin SMTP service)</description>
252
252
  <example>foo.bar Microsoft ESMTP MAIL Service ready at Wed, 21 Jul 2010 19:04:24 -0700</example>
253
253
  <param pos="0" name="service.vendor" value="Microsoft"/>
@@ -261,9 +261,10 @@
261
261
  <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows:-"/>
262
262
  </fingerprint>
263
263
 
264
- <fingerprint pattern="^(:?[^ ]+)? ?Microsoft ESMTP MAIL Service, Version: +(10\.0\.14393\.[\d.]+) +ready +(?:at +)?(.+)$">
264
+ <fingerprint pattern="^([^ ]{1,512})? ?Microsoft ESMTP MAIL Service, Version: +(10\.0\.14393\.[\d.]+) +ready +(?:at +)?(.+)$">
265
265
  <description>Microsoft IIS builtin SMTP service - Windows Server 2016</description>
266
266
  <example host.name="foo.bar" service.version="10.0.14393.2608">foo.bar Microsoft ESMTP MAIL Service, Version: 10.0.14393.2608 ready at Sun, 19 May 2019 09:04:29 -0500</example>
267
+ <example service.version="10.0.14393.2608"> Microsoft ESMTP MAIL Service, Version: 10.0.14393.2608 ready at Sun, 19 May 2019 09:04:29 -0500</example>
267
268
  <param pos="0" name="service.vendor" value="Microsoft"/>
268
269
  <param pos="0" name="service.family" value="IIS"/>
269
270
  <param pos="0" name="service.product" value="IIS"/>
@@ -278,7 +279,7 @@
278
279
  <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows_server_2016:-"/>
279
280
  </fingerprint>
280
281
 
281
- <fingerprint pattern="^(:?[^ ]+)? ?Microsoft ESMTP MAIL Service, Version: +(10\.0\.17763\.[\d.]+) +ready +(?:at +)?(.+)$">
282
+ <fingerprint pattern="^([^ ]{1,512})? ?Microsoft ESMTP MAIL Service, Version: +(10\.0\.17763\.[\d.]+) +ready +(?:at +)?(.+)$">
282
283
  <description>Microsoft IIS builtin SMTP service - Windows Server 2019</description>
283
284
  <example host.name="foo.bar" service.version="10.0.17763.1">foo.bar Microsoft ESMTP MAIL Service, Version: 10.0.17763.1 ready at Sun, 19 May 2019 09:04:29 -0500</example>
284
285
  <param pos="0" name="service.vendor" value="Microsoft"/>
@@ -295,7 +296,7 @@
295
296
  <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows_server_2019:-"/>
296
297
  </fingerprint>
297
298
 
298
- <fingerprint pattern="^([^ ]+) Microsoft SMTP MAIL ready at (.+) Version: +(\d+\.\d+\.\d+\.\d+\.\d+) *$">
299
+ <fingerprint pattern="^([^ ]{1,512}) Microsoft SMTP MAIL ready at (.+) Version: +(\d+\.\d+\.\d+\.\d+\.\d+) *$">
299
300
  <description>Microsoft IIS builtin SMTP service, or Microsoft Exchange Server (they are differentiated from each other in smtp-iis.clp) - variant 1</description>
300
301
  <example host.name="foo.bar" service.version="5.5.1877.197.19">foo.bar Microsoft SMTP MAIL ready at Wed, 29 Nov 2017 23:48:59 +0000 Version: 5.5.1877.197.19</example>
301
302
  <param pos="0" name="service.vendor" value="Microsoft"/>
@@ -312,7 +313,7 @@
312
313
  <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows:-"/>
313
314
  </fingerprint>
314
315
 
315
- <fingerprint pattern="^(:?[^ ]+)? ?Microsoft ESMTP MAIL Service, Version: +(\d+\.\d+\.\d+\.\d+)(?: +ready)?(?: +(?:at +)?(\w\w\w, \d.+))?$">
316
+ <fingerprint pattern="^([^ ]{1,512})? ?Microsoft ESMTP MAIL Service, Version: +(\d+\.\d+\.\d+\.\d+)(?: +ready)?(?: +(?:at +)?(\w\w\w, \d.+))?$">
316
317
  <description>Microsoft IIS builtin SMTP service, or Microsoft Exchange Server (they are differentiated from each other in smtp-iis.clp) - variant 2 </description>
317
318
  <example service.version="5.0.2195.5329"> Microsoft ESMTP MAIL Service, Version: 5.0.2195.5329 ready Thu, 30 Nov 2017 11:40:25 +0200</example>
318
319
  <example service.version="6.0.3790.4675" host.name="foo.bar">foo.bar Microsoft ESMTP MAIL Service, Version: 6.0.3790.4675 ready at Wed, 21 Jul 2010 19:04:24 -0700</example>
@@ -333,17 +334,20 @@
333
334
  <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows:-"/>
334
335
  </fingerprint>
335
336
 
336
- <fingerprint pattern="^ESMTP Exim$">
337
- <description>Exim - without version string or hostname</description>
337
+ <fingerprint pattern="^ESMTP Exim ?((?:\w\w\w, \d+ \w\w\w \d\d\d\d [\d:]+ [-+]\d{3,4})?)$">
338
+ <description>Exim - without version string or hostname - timestamp optional</description>
338
339
  <example>ESMTP Exim</example>
340
+ <example system.time="Thu, 29 Apr 2021 06:46:16 +0200">ESMTP Exim Thu, 29 Apr 2021 06:46:16 +0200</example>
339
341
  <param pos="0" name="service.vendor" value="exim"/>
340
342
  <param pos="0" name="service.family" value="exim"/>
341
343
  <param pos="0" name="service.product" value="exim"/>
342
344
  <param pos="0" name="service.cpe23" value="cpe:/a:exim:exim:-"/>
345
+ <param pos="1" name="system.time"/>
343
346
  </fingerprint>
344
347
 
345
- <fingerprint pattern="^ ?([^, ]+)(?:,)? ESMTP \(?(?i:Exim) +(\d+\.[\d_.bRC-]+)\)?(?: +#\d)? ?.?((?:\w\w\w, \d+ \w\w\w \d\d\d\d [\d:]+ [-+]\d\d\d\d)?) *(?:We do not authorize the use of this system to transport unsolicited, and\/or bulk e-mail.)?$">
348
+ <fingerprint pattern="^ ?([^, ]{1,512}),? +ESMTP \(?(?i:Exim) +(\d+\.[\d_.bdRC-]+)\)?(?: +#\d+)? ?.?((?:\w\w\w, \d+ \w\w\w \d\d\d\d [\d:]+ [-+]\d{3,4})?) *(?:We do not authorize the use of this system to transport unsolicited, and\/or bulk e-mail.)?$">
346
349
  <description>Exim - with version string and optional timestamp</description>
350
+ <example service.version="4.91" host.name="foo.bar">foo.bar ESMTP Exim 4.91 Thu, 29 Apr 2021 05:41:36 +400</example>
347
351
  <example service.version="4.89" host.name="foo.bar">foo.bar ESMTP Exim 4.89 "</example>
348
352
  <example service.version="4.83" host.name="foo.bar">foo.bar, ESMTP EXIM 4.83</example>
349
353
  <example service.version="4.84_2" host.name="foo.bar">foo.bar ESMTP Exim 4.84_2 </example>
@@ -352,7 +356,7 @@
352
356
  <example service.version="4.89-122312">foo.bar ESMTP Exim 4.89-122312 Thu, 16 Nov 2017 10:33:38 +0200 </example>
353
357
  <example service.version="4.87">foo.bar ESMTP (Exim 4.87) Thu, 30 Nov 2017 03:25:58 -0800 </example>
354
358
  <example service.version="4.80" system.time="Thu, 16 Nov 2017 01:04:30 -0800">foo.bar ESMTP Exim 4.80 Thu, 16 Nov 2017 01:04:30 -0800 </example>
355
- <example service.version="3.12" system.time="Wed, 31 Jan 2001 15:47:23 +1100">foo.bar ESMTP Exim 3.12 #1 Wed, 31 Jan 2001 15:47:23 +1100 </example>
359
+ <example service.version="4.92.2" system.time="Thu, 29 Apr 2021 07:43:39 +0200">foo.bar ESMTP Exim 4.92.2 #89 Thu, 29 Apr 2021 07:43:39 +0200 </example>
356
360
  <example service.version="4.89" host.name="foo.bar"> foo.bar ESMTP Exim 4.89 #1 Thu, 16 Nov 2017 04:55:31 -0500 We do not authorize the use of this system to transport unsolicited, and/or bulk e-mail.</example>
357
361
  <param pos="0" name="service.vendor" value="exim"/>
358
362
  <param pos="0" name="service.family" value="exim"/>
@@ -364,7 +368,7 @@
364
368
  <param pos="3" name="system.time"/>
365
369
  </fingerprint>
366
370
 
367
- <fingerprint pattern="^([^, ]+)(?:,)? ESMTP (?i:Exim) +(\d+) ((?:\w\w\w, \d+ \w\w\w \d\d\d\d [\d:]+ [-+]\d\d\d\d)?) *$">
371
+ <fingerprint pattern="^([^, ]{1,512}),? ESMTP (?i:Exim) +(\d+) ((?:\w\w\w, \d+ \w\w\w \d\d\d\d [\d:]+ [-+]\d\d\d\d)?) *$">
368
372
  <description>Exim - with digit only version string and optional timestamp</description>
369
373
  <example service.version="125302" host.name="foo.bar">foo.bar ESMTP Exim 125302 Thu, 16 Nov 2017 04:55:11 -0500 </example>
370
374
  <param pos="0" name="service.vendor" value="exim"/>
@@ -377,7 +381,7 @@
377
381
  <param pos="3" name="system.time"/>
378
382
  </fingerprint>
379
383
 
380
- <fingerprint pattern="^([^, ]+)(?:,)? ESMTP (?i:Exim) +(\d+\.[\d_.]+)(?: +#\d)? Ubuntu ((?:\w\w\w, \d+ \w\w\w \d\d\d\d [\d:]+ [-+]\d\d\d\d)?) *$">
384
+ <fingerprint pattern="^([^, ]{1,512}),? ESMTP (?i:Exim) +(\d+\.[\d_.]+)(?: +#\d)? Ubuntu ((?:\w\w\w, \d+ \w\w\w \d\d\d\d [\d:]+ [-+]\d\d\d\d)?) *$">
381
385
  <description>Exim - with version string and optional timestamp (Ubuntu)</description>
382
386
  <example service.version="4.82" system.time="Thu, 16 Nov 2017 11:30:44 +0300">foo.bar ESMTP Exim 4.82 Ubuntu Thu, 16 Nov 2017 11:30:44 +0300 </example>
383
387
  <param pos="0" name="os.vendor" value="Ubuntu"/>
@@ -394,7 +398,7 @@
394
398
  <param pos="3" name="system.time"/>
395
399
  </fingerprint>
396
400
 
397
- <fingerprint pattern="^([^, ]+)(?:,)? ESMTP (?i:Exim)(?: +#\d)? *((?:\w\w\w, \d+ \w\w\w \d\d\d\d [\d:]+ [-+]\d\d\d\d)?) *$">
401
+ <fingerprint pattern="^([^, ]{1,512}),? ESMTP (?i:Exim)(?: +#\d)? *((?:\w\w\w, \d+ \w\w\w \d\d\d\d [\d:]+ [-+]\d\d\d\d)?) *$">
398
402
  <description>Exim - without version string and with optional timestamp</description>
399
403
  <example host.name="foo.bar">foo.bar ESMTP Exim</example>
400
404
  <example host.name="foo.bar" system.time="Thu, 16 Nov 2017 01:11:30 -0800">foo.bar ESMTP Exim Thu, 16 Nov 2017 01:11:30 -0800 </example>
@@ -422,7 +426,7 @@
422
426
  <param pos="2" name="system.time"/>
423
427
  </fingerprint>
424
428
 
425
- <fingerprint pattern="^ ?([^, ]+) Exim ESMTP Service ready$">
429
+ <fingerprint pattern="^ ?([^, ]{1,512}) Exim ESMTP Service ready$">
426
430
  <description>Exim - with hostname </description>
427
431
  <example host.name="foo.bar">foo.bar Exim ESMTP Service ready</example>
428
432
  <param pos="0" name="service.vendor" value="exim"/>
@@ -432,7 +436,17 @@
432
436
  <param pos="1" name="host.name"/>
433
437
  </fingerprint>
434
438
 
435
- <fingerprint pattern="^([^ ]+) FTGate server ready .*$">
439
+ <fingerprint pattern="^([\w.-]{1,512}) ESMTP \([a-z0-9]{32}\)$">
440
+ <description>Barracuda Email Security Gateway - physical or virtual appliance</description>
441
+ <example host.name="barracuda.foo.bar">barracuda.foo.bar ESMTP (0a8d40ef45300cc1bd0f16ced5c9e6f1)</example>
442
+ <param pos="0" name="service.vendor" value="Barracuda"/>
443
+ <param pos="0" name="service.product" value="Email Security Gateway"/>
444
+ <param pos="0" name="hw.vendor" value="Barracuda"/>
445
+ <param pos="0" name="hw.product" value="Email Security Gateway"/>
446
+ <param pos="1" name="host.name"/>
447
+ </fingerprint>
448
+
449
+ <fingerprint pattern="^([^ ]{1,512}) FTGate server ready .*$">
436
450
  <description>FTGate mail server, runs on Windows 9x/NT/2k (http://www.ftgate.com)</description>
437
451
  <example host.name="foo.bar">foo.bar FTGate server ready -attitude [C.o.r.E]</example>
438
452
  <param pos="0" name="service.vendor" value="Floosietek"/>
@@ -441,7 +455,7 @@
441
455
  <param pos="1" name="host.name"/>
442
456
  </fingerprint>
443
457
 
444
- <fingerprint pattern="^([^ ]+) +SMTP/smap Ready\.$">
458
+ <fingerprint pattern="^([^ ]{1,512}) +SMTP/smap Ready\.$">
445
459
  <description>TIS FWTK and derivatives (other firewalls, like Gauntlet, are derived from TIS)</description>
446
460
  <example host.name="foo.bar">foo.bar SMTP/smap Ready.</example>
447
461
  <param pos="0" name="service.vendor" value="TIS"/>
@@ -450,7 +464,7 @@
450
464
  <param pos="1" name="host.name"/>
451
465
  </fingerprint>
452
466
 
453
- <fingerprint pattern="^([^ ]+) GroupWise Internet Agent ([^ ]+\.[^ ]+\.[^ ]+) Ready \(C\).* Novell, Inc\. *$">
467
+ <fingerprint pattern="^([^ ]{1,512}) GroupWise Internet Agent ([^ ]+\.[^ ]+\.[^ ]+) Ready \(C\).* Novell, Inc\. *$">
454
468
  <description>Novell GroupWise Internet Agent - versions 5 and higher</description>
455
469
  <example service.version="5.5.1">foo.bar GroupWise Internet Agent 5.5.1 Ready (C)1993, 1998 Novell, Inc.</example>
456
470
  <param pos="0" name="service.vendor" value="Novell"/>
@@ -461,7 +475,7 @@
461
475
  <param pos="0" name="service.cpe23" value="cpe:/a:novell:groupwise:{service.version}"/>
462
476
  </fingerprint>
463
477
 
464
- <fingerprint pattern="^([^ ]+) GroupWise Internet Agent (\d+\.[\d.]+) Copyright .*\d{4}-\d{4} Novell, Inc..* All rights reserved. Ready *$">
478
+ <fingerprint pattern="^([^ ]{1,512}) GroupWise Internet Agent (\d+\.[\d.]+) Copyright .*\d{4}-\d{4} Novell, Inc..* All rights reserved. Ready *$">
465
479
  <description>Novell GroupWise Internet Agent - versions 5 and higher, second variant</description>
466
480
  <example service.version="8.0.3">foo.bar GroupWise Internet Agent 8.0.3 Copyright (c) 1993-2012 Novell, Inc. All rights reserved. Ready</example>
467
481
  <example service.version="14.2.1">foo.bar GroupWise Internet Agent 14.2.1 Copyright 1993-2016 Novell, Inc., a Micro Focus Company. All rights reserved. Ready</example>
@@ -473,7 +487,7 @@
473
487
  <param pos="0" name="service.cpe23" value="cpe:/a:novell:groupwise:{service.version}"/>
474
488
  </fingerprint>
475
489
 
476
- <fingerprint pattern="^([^ ]+) GroupWise SMTP/MIME Daemon ([^ ]+\.[^ ]+) v([^ ]+) Ready \(C\).* Novell, Inc\. *$">
490
+ <fingerprint pattern="^([^ ]{1,512}) GroupWise SMTP/MIME Daemon ([^ ]+\.[^ ]+) v([^ ]+) Ready \(C\).* Novell, Inc\. *$">
477
491
  <description>Novell GroupWise - versions below 5</description>
478
492
  <example host.name="foo.bar" service.version="4.1" service.version.version="3">foo.bar GroupWise SMTP/MIME Daemon 4.1 v3 Ready (C)1993, 1996 Novell, Inc.</example>
479
493
  <param pos="0" name="service.vendor" value="Novell"/>
@@ -485,7 +499,7 @@
485
499
  <param pos="0" name="service.cpe23" value="cpe:/a:novell:groupwise:{service.version}"/>
486
500
  </fingerprint>
487
501
 
488
- <fingerprint pattern="^([^ ]+) (?:ESMTP )?running IBM VM SMTP (.+)(?:; | on )(.+) *$">
502
+ <fingerprint pattern="^([^ ]{1,512}) (?:ESMTP )?running IBM VM SMTP (.+)(?:; | on )(.+) *$">
489
503
  <description>IBM SMTP server for VM/ESA on IBM S/390 and IBM eserver z/Series 900.</description>
490
504
  <example service.version="Level 640" system.time="Thu, 30 Nov 2017 01:08:59 PDT">foo.bar running IBM VM SMTP Level 640 on Thu, 30 Nov 2017 01:08:59 PDT</example>
491
505
  <example service.version="Level 3A0">foo.bar running IBM VM SMTP Level 3A0 on Mon, 10 Sep 2001 07:21:54 EDT</example>
@@ -499,7 +513,7 @@
499
513
  <param pos="3" name="system.time"/>
500
514
  </fingerprint>
501
515
 
502
- <fingerprint pattern="^([^ ]+) \(IntraStore TurboSendmail\) ESMTP Service ready *$">
516
+ <fingerprint pattern="^([^ ]{1,512}) \(IntraStore TurboSendmail\) ESMTP Service ready *$">
503
517
  <description>
504
518
  Syntegra/CDC IntraStore TurboSendmail, part of the IntraStore server which runs on
505
519
  the following platforms ONLY: Linux, HP-UX, Solaris, AIX, and Windows NT/2000
@@ -512,7 +526,7 @@
512
526
  <param pos="1" name="host.name"/>
513
527
  </fingerprint>
514
528
 
515
- <fingerprint pattern="^(\S+) E?SMTP Server \(JAMES E?SMTP Server ([\d\.]+)\) ready (\w\w\w, \d+ \w\w\w \d\d\d\d [\d:]+ [-+]\d\d\d\d) \(.+\)$">
529
+ <fingerprint pattern="^(\S{1,512}) E?SMTP Server \(JAMES E?SMTP Server ([\d\.]+)\) ready (\w\w\w, \d+ \w\w\w \d\d\d\d [\d:]+ [-+]\d\d\d\d) \(.+\)$">
516
530
  <description>JAMES SMTP Server</description>
517
531
  <example host.name="foo.bar" service.version="2.3.2">foo.bar SMTP Server (JAMES SMTP Server 2.3.2) ready Tue, 19 May 2015 00:36:13 +0200 (CEST)</example>
518
532
  <param pos="0" name="service.vendor" value="Apache"/>
@@ -524,7 +538,7 @@
524
538
  <param pos="0" name="system.time.format" value="EEE, d MMM yyyy HH:mm:ss Z"/>
525
539
  </fingerprint>
526
540
 
527
- <fingerprint pattern="^(?:(\S+) +)?ESMTP MailEnable Service, Version: ([\d.]+)$">
541
+ <fingerprint pattern="^(?:(\S{1,512}) {1,8})?ESMTP MailEnable Service, Version: ([\d.]+)$">
528
542
  <description>MailEnable - Simple</description>
529
543
  <example service.version="9.53">ESMTP MailEnable Service, Version: 9.53</example>
530
544
  <param pos="0" name="os.vendor" value="Microsoft"/>
@@ -541,10 +555,11 @@
541
555
 
542
556
  <!-- MailEnable has an odd, three version string. Not sure about the meaning the second and third version #s. -->
543
557
 
544
- <fingerprint pattern="^(?:(\S+) +)?ESMTP MailEnable Service, Version: (?:([\d.]+))?-[\d.]*-[\d.]* (?:ready|denied access) at (\d{2}/\d{2}/\d{2} \d{2}:\d{2}:\d{2})$">
558
+ <fingerprint pattern="^(?:(\S{1,512}) {1,8})?ESMTP MailEnable Service, Version: (?:([\d.]+))?-[\d.]*-[\d.]* (?:ready|denied access) at (\d{2}/\d{2}/\d{2} \d{2}:\d{2}:\d{2})$">
545
559
  <description>MailEnable - Complex</description>
546
560
  <example host.name="foo.bar" service.version="1.8">foo.bar ESMTP MailEnable Service, Version: 1.8-- ready at 05/20/15 08:50:22</example>
547
- <example host.name="foo.bar" service.version="9.53">foo.bar ESMTP MailEnable Service, Version: 9.53-9.53- ready at 11/30/17 00:57:37</example>
561
+ <example host.name="*.foo.bar" service.version="9.53">*.foo.bar ESMTP MailEnable Service, Version: 9.53-9.53- ready at 11/30/17 00:57:37</example>
562
+ <example host.name="%WPI_HOSTNAME%" service.version="10.27">%WPI_HOSTNAME% ESMTP MailEnable Service, Version: 10.27-- ready at 07/07/21 18:24:47</example>
548
563
  <example host.name="foo.bar" service.version="9.00" system.time="11/30/17 09:30:34">foo.bar ESMTP MailEnable Service, Version: 9.00--9.00 ready at 11/30/17 09:30:34</example>
549
564
  <example host.name="foo.bar" service.version="1.986" system.time="04/05/18 16:15:25">foo.bar ESMTP MailEnable Service, Version: 1.986-- denied access at 04/05/18 16:15:25</example>
550
565
  <param pos="0" name="os.vendor" value="Microsoft"/>
@@ -561,7 +576,7 @@
561
576
  <param pos="3" name="system.time"/>
562
577
  </fingerprint>
563
578
 
564
- <fingerprint pattern="^([^ ]+) \(Mail-Max Version (\d+\.[\d\.]+), (.+, .+)\) ESMTP Mail Server Ready. *$">
579
+ <fingerprint pattern="^([^ ]{1,512}) \(Mail-Max Version (\d+\.[\d\.]+), (.+, .+)\) ESMTP Mail Server Ready. *$">
565
580
  <description>Mail Max</description>
566
581
  <example host.name="foo.bar" service.version="4.2.4.7">foo.bar (Mail-Max Version 4.2.4.7, Wed, 31 Jan 2001 03:44:35 +0100 WST) ESMTP Mail Server Ready.</example>
567
582
  <example host.name="foo.bar" service.version="3.073">foo.bar (Mail-Max Version 3.073, Thu, 30 Nov 2017 17:24:59 +0800 ) ESMTP Mail Server Ready.</example>
@@ -574,7 +589,7 @@
574
589
  <param pos="3" name="system.time"/>
575
590
  </fingerprint>
576
591
 
577
- <fingerprint pattern="^([^ ]+) +MailSite E?SMTP Receiver Version (\d+\.[\d.]+) Ready *$">
592
+ <fingerprint pattern="^([^ ]{1,512}) {1,8}MailSite E?SMTP Receiver Version (\d+\.[\d.]+) Ready *$">
578
593
  <description>Rockliffe MailSite - with version (http://www.rockliffe.com)</description>
579
594
  <example host.name="foo.bar" service.version="3.4.6.0">foo.bar MailSite ESMTP Receiver Version 3.4.6.0 Ready</example>
580
595
  <example host.name="foo.bar" service.version="2.1.7">foo.bar MailSite SMTP Receiver Version 2.1.7 Ready</example>
@@ -585,7 +600,7 @@
585
600
  <param pos="2" name="service.version"/>
586
601
  </fingerprint>
587
602
 
588
- <fingerprint pattern="^([^ ]+) +MailSite E?SMTP Receiver Ready *$">
603
+ <fingerprint pattern="^([^ ]{1,512}) {1,8}MailSite E?SMTP Receiver Ready *$">
589
604
  <description>Rockliffe MailSite - without version (http://www.rockliffe.com)</description>
590
605
  <example host.name="foo.bar">foo.bar MailSite SMTP Receiver Ready</example>
591
606
  <param pos="0" name="service.vendor" value="Rockliffe"/>
@@ -603,7 +618,7 @@
603
618
  <param pos="1" name="service.version"/>
604
619
  </fingerprint>
605
620
 
606
- <fingerprint pattern="^([^ ]+) +MAILsweeper ESMTP Receiver Version (\d\.[\d.]+) Ready *$">
621
+ <fingerprint pattern="^([^ ]{1,512}) {1,8}MAILsweeper ESMTP Receiver Version (\d\.[\d.]+) Ready *$">
607
622
  <description>Content Security MAILsweeper for SMTP (http://www.contenttechnologies.com/products/msw4smtp/default.asp)</description>
608
623
  <example service.version="4.2.1.0">foo.bar MAILsweeper ESMTP Receiver Version 4.2.1.0 Ready</example>
609
624
  <param pos="0" name="service.vendor" value="Clearswift"/>
@@ -613,7 +628,7 @@
613
628
  <param pos="2" name="service.version"/>
614
629
  </fingerprint>
615
630
 
616
- <fingerprint pattern="^([^ ]+) +ESMTP MDaemon ([^ ]+\.[^ ]+\.[^ ]+) UNREGISTERED; *(.+) *$">
631
+ <fingerprint pattern="^([^ ]{1,512}) {1,8}ESMTP MDaemon ([^ ]+\.[^ ]+\.[^ ]+) UNREGISTERED; *(.+) *$">
617
632
  <description>MDaemon mail server - with timestamp, unregistered</description>
618
633
  <example service.version="4.0.5">foo.bar ESMTP MDaemon 4.0.5 UNREGISTERED; Sat, 06 Oct 2001 09:10:56 +0400</example>
619
634
  <param pos="0" name="service.vendor" value="Alt-N"/>
@@ -632,7 +647,7 @@
632
647
  <param pos="3" name="system.time"/>
633
648
  </fingerprint>
634
649
 
635
- <fingerprint pattern="^([^ ]+) +ESMTP MDaemon ([^ ]+\.[^ ]+\.[^ ]+); *(.+) *$">
650
+ <fingerprint pattern="^([^ ]{1,512}) {1,8}ESMTP MDaemon ([^ ]+\.[^ ]+\.[^ ]+); *(.+) *$">
636
651
  <description>MDaemon mail server - with timestamp</description>
637
652
  <example service.version="4.0.2">foo.bar ESMTP MDaemon 4.0.2; Sat, 06 Oct 2001 01:46:44 -0500</example>
638
653
  <param pos="0" name="service.vendor" value="Alt-N"/>
@@ -650,7 +665,7 @@
650
665
  <param pos="3" name="system.time"/>
651
666
  </fingerprint>
652
667
 
653
- <fingerprint pattern="^([^ ]+) +ESMTP MDaemon ([^ ]+\.[^ ]+\.[^ ]+) ready *$">
668
+ <fingerprint pattern="^([^ ]{1,512}) {1,8}ESMTP MDaemon ([^ ]+\.[^ ]+\.[^ ]+) ready *$">
654
669
  <description>MDaemon mail server - without timestamp</description>
655
670
  <example service.version="3.5.7">foo.bar ESMTP MDaemon 3.5.7 ready</example>
656
671
  <param pos="0" name="service.vendor" value="Alt-N"/>
@@ -666,7 +681,7 @@
666
681
  <param pos="0" name="service.cpe23" value="cpe:/a:altn:mdaemon:{service.version}"/>
667
682
  </fingerprint>
668
683
 
669
- <fingerprint pattern="^([^ ]+) +ESMTP service ready \[[0-9]+\] (?:using )?MDaemon v(\d+\.[\d.]+) ([^ ]+) *$">
684
+ <fingerprint pattern="^([^ ]{1,512}) {1,8}ESMTP service ready \[[0-9]+\] (?:using )?MDaemon v(\d+\.[\d.]+) ([^ ]+) *$">
670
685
  <description>MDaemon mail server - with version revision</description>
671
686
  <example service.version="2.84" service.version.version="R">foo.bar ESMTP service ready [1] MDaemon v2.84 R</example>
672
687
  <example service.version="3.0.3" service.version.version="R">foo.bar ESMTP service ready [1] using MDaemon v3.0.3 R</example>
@@ -685,7 +700,7 @@
685
700
  <param pos="0" name="service.cpe23" value="cpe:/a:altn:mdaemon:{service.version}"/>
686
701
  </fingerprint>
687
702
 
688
- <fingerprint pattern="^([^ ]+) +ESMTP service ready \[[0-9]+\] (?:\()?MDaemon v([\d.]+) ([^ ]+) ([^ )]+)(?:\))? *$">
703
+ <fingerprint pattern="^([^ ]{1,512}) {1,8}ESMTP service ready \[[0-9]+\] (?:\()?MDaemon v([\d.]+) ([^ ]+) ([^ )]+)(?:\))? *$">
689
704
  <description>MDaemon mail server - with service pack</description>
690
705
  <example service.version="2.7" service.version.version="SP5" service.version.version.version="R">foo.bar ESMTP service ready [1] MDaemon v2.7 SP5 R</example>
691
706
  <example service.version="2.7" service.version.version="SP4" service.version.version.version="R">foo.bar ESMTP service ready [1] (MDaemon v2.7 SP4 R)</example>
@@ -704,7 +719,7 @@
704
719
  <param pos="0" name="service.cpe23" value="cpe:/a:altn:mdaemon:{service.version}"/>
705
720
  </fingerprint>
706
721
 
707
- <fingerprint pattern="^([^ ]+) +ESMTP service ready \[[0-9]+\] \(MDaemon v([^ ]+\.[^ ]+) ([^ ]+) ([^ ]+) ([^ ]+)\) *$">
722
+ <fingerprint pattern="^([^ ]{1,512}) {1,8}ESMTP service ready \[[0-9]+\] \(MDaemon v([^ ]+\.[^ ]+) ([^ ]+) ([^ ]+) ([^ ]+)\) *$">
708
723
  <description>MDaemon mail server</description>
709
724
  <example service.version="2.5" service.version.version.version="b1">foo.bar ESMTP service ready [1] (MDaemon v2.5 rB b1 32-T)</example>
710
725
  <param pos="0" name="service.vendor" value="Alt-N"/>
@@ -725,7 +740,7 @@
725
740
 
726
741
  <!-- example: 220 mail.db-list.com ESMTP MERAK 3.00.140; Tue, 24 Jul 2001 21:30:47 -0700 -->
727
742
 
728
- <fingerprint pattern="^([^ ]+) +E?SMTP (?i:MERAK) ([^ ]+\.[^ ]+\.[^ ]+); *(.+) *$">
743
+ <fingerprint pattern="^([^ ]{1,512}) +E?SMTP (?i:MERAK) ([^ ]+\.[^ ]+\.[^ ]+); *(.+) *$">
729
744
  <description>Merak mail server - http://www.icewarp.com/merakmail/ (runs on 2000/NT/9x)</description>
730
745
  <example host.name="foo.bar" service.version="8.0.3">foo.bar SMTP Merak 8.0.3; Thu, 30 Nov 2017 20:01:41 +1000</example>
731
746
  <example host.name="foo.bar" service.version="8.0.3">foo.bar ESMTP Merak 8.0.3; Thu, 30 Nov 2017 12:08:09 +0200</example>
@@ -753,9 +768,9 @@
753
768
  <param pos="5" name="system.time"/>
754
769
  </fingerprint>
755
770
 
756
- <fingerprint pattern="^([^ ]+) Mercury ([^ ]+\.[^ ]+) ESMTP server ready.$">
771
+ <fingerprint pattern="^([^ ]{1,512}) Mercury ([^ ]+\.[^ ]+) ESMTP server ready.$">
757
772
  <description>Mercury NLM for Netware ( http://www.pmail.com/index.cfm )</description>
758
- <example service.version="1.43">foo.bar Mercury 1.43 ESMTP server ready.</example>
773
+ <example host.name="foo.bar" service.version="1.43">foo.bar Mercury 1.43 ESMTP server ready.</example>
759
774
  <param pos="0" name="service.family" value="Mercury Mail Transport System"/>
760
775
  <param pos="0" name="service.product" value="Mercury Mail Transport System"/>
761
776
  <param pos="0" name="os.vendor" value="Novell"/>
@@ -766,7 +781,7 @@
766
781
  <param pos="2" name="service.version"/>
767
782
  </fingerprint>
768
783
 
769
- <fingerprint pattern="^^([^ ]+) Mercury\/32 v([^ ]+\.[^ ]+) (?:SMTP\/)?ESMTP server ready.?$">
784
+ <fingerprint pattern="^^([^ ]{1,512}) Mercury\/32 v([^ ]+\.[^ ]+) (?:SMTP\/)?ESMTP server ready.?$">
770
785
  <description>Mercury/32 for Win9x/NT/2000 ( http://www.pmail.com/index.cfm )</description>
771
786
  <example service.version="3.01a">foo.bar Mercury/32 v3.01a SMTP/ESMTP server ready.</example>
772
787
  <example service.version="3.30">foo.bar Mercury/32 v3.30 ESMTP server ready.</example>
@@ -780,7 +795,7 @@
780
795
  <param pos="2" name="service.version"/>
781
796
  </fingerprint>
782
797
 
783
- <fingerprint pattern="^([^ ]+) SMTP NAVIEG ([^ ]+\.[^ ]+\.[^ ]+); (.+)* http.*$">
798
+ <fingerprint pattern="^([^ ]{1,512}) SMTP NAVIEG ([^ ]+\.[^ ]+\.[^ ]+); (.+)* http.*$">
784
799
  <description>Norton Antivirus for Internet Email Gateways (becomes NAVGW in 2.1)</description>
785
800
  <example host.name="foo.bar" service.version="2.0.1">foo.bar SMTP NAVIEG 2.0.1; Sun, 29 Jul 2001 22:02:16 -0500 http://www.symantec.com</example>
786
801
  <param pos="0" name="service.vendor" value="Norton"/>
@@ -792,7 +807,7 @@
792
807
  <param pos="3" name="system.time"/>
793
808
  </fingerprint>
794
809
 
795
- <fingerprint pattern="^([^ ]+) ESMTP service \(Netscape Messaging Server ([^ ]+\.[^ ]+) Patch ([^ ]+).*$">
810
+ <fingerprint pattern="^([^ ]{1,512}) ESMTP service \(Netscape Messaging Server ([^ ]+\.[^ ]+) Patch ([^ ]+).*$">
796
811
  <description>Netscape Messaging Server - with patch number</description>
797
812
  <example host.name="foo.bar" service.version="4.15" service.version.version="7">foo.bar ESMTP service (Netscape Messaging Server 4.15 Patch 7 (built Sep 12 2001))</example>
798
813
  <param pos="0" name="service.vendor" value="Netscape"/>
@@ -804,7 +819,7 @@
804
819
  <param pos="0" name="service.cpe23" value="cpe:/a:netscape:messaging_server:{service.version}"/>
805
820
  </fingerprint>
806
821
 
807
- <fingerprint pattern="^([^ ]+) ESMTP server \(Netscape Messaging Server - Version ([\d.]+)\) ready (\w\w\w, \d+ \w\w\w \d\d\d\d [\d:]+ [-+]\d\d\d\d) *$">
822
+ <fingerprint pattern="^([^ ]{1,512}) ESMTP server \(Netscape Messaging Server - Version ([\d.]+)\) ready (\w\w\w, \d+ \w\w\w \d\d\d\d [\d:]+ [-+]\d\d\d\d) *$">
808
823
  <description>Netscape Messaging Server - w/o patch number</description>
809
824
  <example host.name="foo.bar" service.version="3.6" system.time="Thu, 30 Nov 2017 04:19:10 -0500">foo.bar ESMTP server (Netscape Messaging Server - Version 3.6) ready Thu, 30 Nov 2017 04:19:10 -0500</example>
810
825
  <param pos="0" name="service.vendor" value="Netscape"/>
@@ -817,13 +832,14 @@
817
832
  <param pos="3" name="system.time"/>
818
833
  </fingerprint>
819
834
 
820
- <fingerprint pattern="^([^ ]+) Lotus SMTP MTA Service Ready *$">
835
+ <fingerprint pattern="^([^ ]{1,512}) Lotus SMTP MTA Service Ready *$">
821
836
  <description>Lotus Notes 4 SMTP MTA</description>
822
837
  <example host.name="foo.bar">foo.bar Lotus SMTP MTA Service Ready</example>
823
838
  <param pos="0" name="service.vendor" value="Lotus"/>
824
839
  <param pos="0" name="service.family" value="Lotus Domino"/>
825
840
  <param pos="0" name="service.product" value="Lotus Domino"/>
826
841
  <param pos="0" name="service.version" value="4"/>
842
+ <param pos="0" name="service.cpe23" value="cpe:/a:ibm:lotus_domino:4"/>
827
843
  <param pos="1" name="host.name"/>
828
844
  </fingerprint>
829
845
 
@@ -832,7 +848,7 @@
832
848
  called IBM Domino as of v9.0 on product and in banners.
833
849
  -->
834
850
 
835
- <fingerprint pattern="^ ?(?:([^ ]+))? *ESMTP Service \(Lotus Domino Release (\d+\.[\w.]+(?: FP\d+)?(?: HF\d+)?)(?: \(Intl\))?\) ready at (.+) *$">
851
+ <fingerprint pattern=" ?(?:([^ ]{1,512}))? {0,8}ESMTP Service \(Lotus Domino Release (\d+\.[\w.]+(?: FP\d+)?(?: HF\d+)?)(?: \(Intl\))?\) ready at (.+) *$">
836
852
  <description>Lotus Domino SMTP MTA</description>
837
853
  <example service.version="8.5">foo.bar ESMTP Service (Lotus Domino Release 8.5) ready at Thu, 30 Nov 2017 17:01:45 +0800</example>
838
854
  <example service.version="8.5.3FP6 HF1944">foo.bar ESMTP Service (Lotus Domino Release 8.5.3FP6 HF1944) ready at Thu, 30 Nov 2017 17:17:43 +0800</example>
@@ -853,7 +869,7 @@
853
869
  <param pos="3" name="system.time"/>
854
870
  </fingerprint>
855
871
 
856
- <fingerprint pattern="^ ?(?:([^ ]+))? *ESMTP Service \(IBM Domino Release (\d+\.[\w.]+(?: HF\d+)?)\) ready at (.+) *$">
872
+ <fingerprint pattern="^ ?(?:([^ ]{1,512}))? {0,8}ESMTP Service \(IBM Domino Release (\d+\.[\w.]+(?: HF\d+)?)\) ready at (.+) *$">
857
873
  <description>IBM Domino SMTP MTA</description>
858
874
  <example host.name="foo.bar" service.version="9.0.1FP8 HF475">foo.bar ESMTP Service (IBM Domino Release 9.0.1FP8 HF475) ready at Thu, 30 Nov 2017 17:55:48 +0900</example>
859
875
  <example host.name="foo.bar" service.version="9.0.1"> foo.bar ESMTP Service (IBM Domino Release 9.0.1) ready at Thu, 30 Nov 2017 10:12:26 +0100</example>
@@ -868,13 +884,14 @@
868
884
  <param pos="3" name="system.time"/>
869
885
  </fingerprint>
870
886
 
871
- <fingerprint pattern="^([^ ]+) ESMTP Service \(Lotus Domino Build (V?[\w.]+)\) ready at (.+) *$">
887
+ <fingerprint pattern="^([^ ]{1,512}) ESMTP Service \(Lotus Domino Build (V?[\w.]+)\) ready at (.+) *$">
872
888
  <description>Lotus Domino (some early build)</description>
873
889
  <example notes.build.version="166.1">foo.bar ESMTP Service (Lotus Domino Build 166.1) ready at Thu, 16 Nov 2017 10:39:22 +0200</example>
874
890
  <example notes.build.version="V85_M2_08202008">foo.bar ESMTP Service (Lotus Domino Build V85_M2_08202008) ready at Thu, 16 Nov 2017 03:57:40 -0500</example>
875
891
  <param pos="0" name="service.vendor" value="Lotus"/>
876
892
  <param pos="0" name="service.family" value="Lotus Domino"/>
877
893
  <param pos="0" name="service.product" value="Lotus Domino"/>
894
+ <param pos="0" name="service.cpe23" value="cpe:/a:ibm:lotus_domino:-"/>
878
895
  <param pos="1" name="host.name"/>
879
896
  <param pos="2" name="notes.build.version"/>
880
897
  <param pos="3" name="system.time"/>
@@ -886,12 +903,13 @@
886
903
  <param pos="0" name="service.vendor" value="Lotus"/>
887
904
  <param pos="0" name="service.family" value="Lotus Domino"/>
888
905
  <param pos="0" name="service.product" value="Lotus Domino"/>
906
+ <param pos="0" name="service.cpe23" value="cpe:/a:ibm:lotus_domino:-"/>
889
907
  <param pos="0" name="system.time.format" value="EEE, d MMM yyyy HH:mm:ss Z"/>
890
908
  <param pos="1" name="host.name"/>
891
909
  <param pos="2" name="system.time"/>
892
910
  </fingerprint>
893
911
 
894
- <fingerprint pattern="^([^ ]+) NTMail \(v(\d+\.\d+\.\d+)/([^ ]+)\) ready for ESMTP transfer *$">
912
+ <fingerprint pattern="^([^ ]{1,512}) NTMail \(v(\d+\.\d+\.\d+)/([^ ]+)\) ready for ESMTP transfer *$">
895
913
  <description>NTMail (http://www.gordano.com)</description>
896
914
  <example host.name="foo.bar" service.version="7.02.3037" ntmail.id="NU1319.01.5b000000">foo.bar NTMail (v7.02.3037/NU1319.01.5b000000) ready for ESMTP transfer </example>
897
915
  <param pos="0" name="service.vendor" value="Gordano"/>
@@ -902,7 +920,7 @@
902
920
  <param pos="3" name="ntmail.id"/>
903
921
  </fingerprint>
904
922
 
905
- <fingerprint pattern="^([^ ]+) WindowsNT SMTP Server v([^ ]+\.[^ ]+\.[^ ]+)/([^ ]+)/SP ESMTP ready at (.+) *$">
923
+ <fingerprint pattern="^([^ ]{1,512}) WindowsNT SMTP Server v([^ ]+\.[^ ]+\.[^ ]+)/([^ ]+)/SP ESMTP ready at (.+) *$">
906
924
  <description>NTMail - versions 3.x and earlier (it was called Internet Shopper's something or other)</description>
907
925
  <example host.name="foo.bar" service.version="3.03.0018" ntmail.id="7.aavn">foo.bar WindowsNT SMTP Server v3.03.0018/7.aavn/SP ESMTP ready at Thu, 30 Nov 2017 10:15:31 +0100</example>
908
926
  <param pos="0" name="service.vendor" value="Gordano"/>
@@ -915,7 +933,7 @@
915
933
  <param pos="4" name="system.time"/>
916
934
  </fingerprint>
917
935
 
918
- <fingerprint pattern="^(\S+)(?: UCX)? V\S+, OpenVMS V(\S+) (\S+) ready at .*$">
936
+ <fingerprint pattern="^([^ ]{1,512})(?: UCX)? V\S+, OpenVMS V(\S+) (\S+) ready at .*$">
919
937
  <description>Some unknown mail server on OpenVMS</description>
920
938
  <example host.name="foo.bar" os.arch="IA64" os.version="8.4">foo.bar V5.7-ECO4, OpenVMS V8.4 IA64 ready at Wed, 20 May 2015 01:22:32 +0100 (BST)</example>
921
939
  <example host.name="foo.bar" os.arch="Alpha" os.version="7.3-2">foo.bar V5.4-15E, OpenVMS V7.3-2 Alpha ready at Wed, 20 May 2015 01:22:18 +0100 (BST)</example>
@@ -930,7 +948,7 @@
930
948
  <param pos="0" name="os.cpe23" value="cpe:/o:hp:openvms:{os.version}"/>
931
949
  </fingerprint>
932
950
 
933
- <fingerprint pattern="^(\S+) E?SMTP PMailServer(?: \[Free Edition\])? ([\d\.]+); (\w\w\w, +\d+ \w\w\w \d\d\d\d [\d:]+)$">
951
+ <fingerprint pattern="^([^ ]{1,512}) E?SMTP PMailServer(?: \[Free Edition\])? ([\d\.]+); (\w\w\w, +\d+ \w\w\w \d\d\d\d [\d:]+)$">
934
952
  <description>A.K.I PMail</description>
935
953
  <example host.name="foo.bar" service.version="1.91">foo.bar ESMTP PMailServer [Free Edition] 1.91; Fri, 22 May 2015 02:04:56</example>
936
954
  <example host.name="foo.bar" service.version="1.78">foo.bar ESMTP PMailServer 1.78; Fri, 6 Apr 2018 04:34:11</example>
@@ -942,7 +960,7 @@
942
960
  <param pos="3" name="system.time"/>
943
961
  </fingerprint>
944
962
 
945
- <fingerprint pattern="^([^ ]+) Postfix \(Postfix-([^ ]+)-([^ ]+)\) \(([^ ]+)\) *$">
963
+ <fingerprint pattern="^([^ ]{1,512}) Postfix \(Postfix-([^ ]+)-([^ ]+)\) \(([^ ]+)\) *$">
946
964
  <description>Postfix - version + build, followed by os</description>
947
965
  <param pos="0" name="service.vendor" value="Postfix"/>
948
966
  <param pos="0" name="service.family" value="Postfix"/>
@@ -954,7 +972,7 @@
954
972
  <param pos="4" name="postfix.os.info"/>
955
973
  </fingerprint>
956
974
 
957
- <fingerprint pattern="^([^ ]+) ESMTP Postfix \(?([\d.]+)\)?$">
975
+ <fingerprint pattern="^([^ ]{1,512}) ESMTP Postfix \(?([\d.]+)\)?$">
958
976
  <description>Postfix - Std semantic versioning, w/ optional parens</description>
959
977
  <example service.version="3.1.4">foo.bar ESMTP Postfix (3.1.4)</example>
960
978
  <example service.version="2.7.1">foo.bar ESMTP Postfix 2.7.1</example>
@@ -966,7 +984,7 @@
966
984
  <param pos="0" name="service.cpe23" value="cpe:/a:postfix:postfix:{service.version}"/>
967
985
  </fingerprint>
968
986
 
969
- <fingerprint pattern="^([^ ]+) ESMTP Postfix \((?:Postfix-)?([\d.]+)-([^ ]+)\)$">
987
+ <fingerprint pattern="^([^ ]{1,512}) ESMTP Postfix \((?:Postfix-)?([\d.]+)-([^ ]+)\)$">
970
988
  <description>Postfix - version + build</description>
971
989
  <example service.version="2.8" service.version.version="20100306">foo.bar ESMTP Postfix (2.8-20100306)</example>
972
990
  <param pos="0" name="service.vendor" value="Postfix"/>
@@ -978,7 +996,7 @@
978
996
  <param pos="0" name="service.cpe23" value="cpe:/a:postfix:postfix:{service.version}"/>
979
997
  </fingerprint>
980
998
 
981
- <fingerprint pattern="^([^ ]+) +E?SMTP Postfix \(Ubuntu\)$">
999
+ <fingerprint pattern="^([^ ]{1,512}) +E?SMTP Postfix \(Ubuntu\)$">
982
1000
  <description>Postfix - Ubuntu</description>
983
1001
  <example>foo.bar ESMTP Postfix (Ubuntu)</example>
984
1002
  <param pos="0" name="service.vendor" value="Postfix"/>
@@ -992,9 +1010,9 @@
992
1010
  <param pos="0" name="os.cpe23" value="cpe:/o:canonical:ubuntu_linux:-"/>
993
1011
  </fingerprint>
994
1012
 
995
- <fingerprint pattern="^([^ ]+)(?: ESMTP)? Hi, I'm a Mail-in-a-Box \(Ubuntu/Postfix; see https://mailinabox.email/\)$">
1013
+ <fingerprint pattern="^([^ ]{1,512})(?: ESMTP)? Hi, I'm a Mail-in-a-Box \(Ubuntu/Postfix; see https://mailinabox.email/\)$">
996
1014
  <description>Postfix - Ubuntu, Mail-in-a-Box package</description>
997
- <example>foo.bar ESMTP Hi, I'm a Mail-in-a-Box (Ubuntu/Postfix; see https://mailinabox.email/)</example>
1015
+ <example host.name="foo.bar">foo.bar ESMTP Hi, I'm a Mail-in-a-Box (Ubuntu/Postfix; see https://mailinabox.email/)</example>
998
1016
  <example>foo.bar Hi, I'm a Mail-in-a-Box (Ubuntu/Postfix; see https://mailinabox.email/)</example>
999
1017
  <param pos="0" name="service.vendor" value="Postfix"/>
1000
1018
  <param pos="0" name="service.family" value="Postfix"/>
@@ -1007,7 +1025,7 @@
1007
1025
  <param pos="0" name="os.cpe23" value="cpe:/o:canonical:ubuntu_linux:-"/>
1008
1026
  </fingerprint>
1009
1027
 
1010
- <fingerprint pattern="^([^ ]+) +E?SMTP Postfix \(Debian/GNU\)$">
1028
+ <fingerprint pattern="^([^ ]{1,512}) +E?SMTP Postfix \(Debian/GNU\)$">
1011
1029
  <description>Postfix - Debian</description>
1012
1030
  <example>foo.bar ESMTP Postfix (Debian/GNU)</example>
1013
1031
  <param pos="0" name="service.vendor" value="Postfix"/>
@@ -1021,7 +1039,7 @@
1021
1039
  <param pos="0" name="os.cpe23" value="cpe:/o:debian:debian_linux:-"/>
1022
1040
  </fingerprint>
1023
1041
 
1024
- <fingerprint pattern="^([^ ]+) ESMTP.* Postfix *\(.+\) *$">
1042
+ <fingerprint pattern="^([^ ]{1,512}) ESMTP.* Postfix *\(.+\) *$">
1025
1043
  <description>Postfix - generic banner with amusing comments in parentheses</description>
1026
1044
  <example>foo.bar ESMTP Postfix (lol)</example>
1027
1045
  <param pos="0" name="service.vendor" value="Postfix"/>
@@ -1031,7 +1049,7 @@
1031
1049
  <param pos="1" name="host.name"/>
1032
1050
  </fingerprint>
1033
1051
 
1034
- <fingerprint pattern="^(?i)([^ ]+) +E?SMTP.* Postfix *$">
1052
+ <fingerprint pattern="(?i)^([^ ]{1,512}) {1,8}E?SMTP.* Postfix *$">
1035
1053
  <description>Postfix - generic banner</description>
1036
1054
  <example>foo.bar ESMTP Postfix</example>
1037
1055
  <example>foo.bar SMTP Postfix</example>
@@ -1042,7 +1060,7 @@
1042
1060
  <param pos="1" name="host.name"/>
1043
1061
  </fingerprint>
1044
1062
 
1045
- <fingerprint pattern="^ *ESMTP Postfix$">
1063
+ <fingerprint pattern="^ {0,512}ESMTP Postfix$">
1046
1064
  <description>Postfix - banner without hostname or version</description>
1047
1065
  <example>ESMTP Postfix</example>
1048
1066
  <param pos="0" name="service.vendor" value="Postfix"/>
@@ -1051,7 +1069,7 @@
1051
1069
  <param pos="0" name="service.cpe23" value="cpe:/a:postfix:postfix:-"/>
1052
1070
  </fingerprint>
1053
1071
 
1054
- <fingerprint pattern="^(?i)([^ ]+) POSTFIX$">
1072
+ <fingerprint pattern="(?i)^([^ ]{1,512}) POSTFIX$">
1055
1073
  <description>Postfix - generic w/o ESMTP</description>
1056
1074
  <example host.name="foo.bar">foo.bar Postfix</example>
1057
1075
  <param pos="0" name="service.vendor" value="Postfix"/>
@@ -1061,7 +1079,7 @@
1061
1079
  <param pos="1" name="host.name"/>
1062
1080
  </fingerprint>
1063
1081
 
1064
- <fingerprint pattern="^([^ ]+) ESMTP server \((?i:P)ost\.(?i:O)ffice v([^ ]+\.[^ ]+)(?: release)? (.+) ID# ([^ ]+)\) ready (.+) *$">
1082
+ <fingerprint pattern="^([^ ]{1,512}) ESMTP server \((?i:P)ost\.(?i:O)ffice v([^ ]+\.[^ ]+)(?: release)? (.+) ID# ([^ ]+)\) ready (.+) *$">
1065
1083
  <description>Post.Office</description>
1066
1084
  <example host.name="foo.bar" service.version="3.8.4" postoffice.build="116" postoffice.id="1001-65749U100L10S0V38" system.time="Thu, 30 Nov 2017 18:46:24 +0900">foo.bar ESMTP server (post.office v3.8.4 release 116 ID# 1001-65749U100L10S0V38) ready Thu, 30 Nov 2017 18:46:24 +0900</example>
1067
1085
  <example host.name="foo.bar" service.version="3.1" postoffice.build="PO205e" postoffice.id="0-42000U100L2S100" system.time="Tue, 6 Feb 2001 19:38:32 +0100">foo.bar ESMTP server (Post.Office v3.1 release PO205e ID# 0-42000U100L2S100) ready Tue, 6 Feb 2001 19:38:32 +0100</example>
@@ -1075,14 +1093,14 @@
1075
1093
  <param pos="5" name="system.time"/>
1076
1094
  </fingerprint>
1077
1095
 
1078
- <fingerprint pattern="^([^ ]+) Generic SMTP handler *$">
1096
+ <fingerprint pattern="^([^ ]{1,512}) Generic SMTP handler *$">
1079
1097
  <description>Raptor Firewall (low confidence)</description>
1080
1098
  <example host.name="foo.bar">foo.bar Generic SMTP handler</example>
1081
1099
  <param pos="0" name="service.product" value="raptor"/>
1082
1100
  <param pos="1" name="host.name"/>
1083
1101
  </fingerprint>
1084
1102
 
1085
- <fingerprint pattern="^(\S+) SAP (\S+) E?SMTP service ready$">
1103
+ <fingerprint pattern="^(\S{1,512}) SAP (\S+) E?SMTP service ready$">
1086
1104
  <description>SAP SMTP Server</description>
1087
1105
  <example host.name="foo.bar" service.version="8.04(53)">foo.bar SAP 8.04(53) ESMTP service ready</example>
1088
1106
  <param pos="0" name="service.vendor" value="SAP"/>
@@ -1100,7 +1118,7 @@
1100
1118
  <param pos="0" name="service.cpe23" value="cpe:/a:sendmail:sendmail:-"/>
1101
1119
  </fingerprint>
1102
1120
 
1103
- <fingerprint pattern="^([^ ]+) +ESMTP +Sendmail +([^ ]+) \(PHNE_([^ ]+)\) */ *(.+); *(.+) \(.+\)$">
1121
+ <fingerprint pattern="^([^ ]{1,512}) +ESMTP +Sendmail +([^ ]+) \(PHNE_([^ ]+)\) */ *(.+); *(.+) \(.+\)$">
1104
1122
  <description>Sendmail - HP-UX with a PHNE (HP Networking patch) installed</description>
1105
1123
  <example host.name="foo.bar" service.version="8.8.6" sendmail.config.version="8.7.1">foo.bar ESMTP Sendmail 8.8.6 (PHNE_14041)/8.7.1; Tue, 6 Feb 2001 10:04:32 -0300 (SAT)</example>
1106
1124
  <param pos="0" name="service.vendor" value="Sendmail"/>
@@ -1119,7 +1137,7 @@
1119
1137
  <param pos="5" name="system.time"/>
1120
1138
  </fingerprint>
1121
1139
 
1122
- <fingerprint pattern="^(\S+) ESMTP Sendmail \S+ version ([\d\.]+) - Revision \S+ HP-UX([\d\.]+).*(\w\w\w, \d+ \w\w\w \d\d\d\d [\d:]+ \w\w\w)$">
1140
+ <fingerprint pattern="^(\S{1,512}) ESMTP Sendmail \S+ version ([\d\.]+) - Revision \S+ HP-UX([\d\.]+).*(\w\w\w, \d+ \w\w\w \d\d\d\d [\d:]+ \w\w\w)$">
1123
1141
  <description>Sendmail - HP-UX</description>
1124
1142
  <example host.name="foo.bar" os.version="11.31" service.version="8.13.3">foo.bar ESMTP Sendmail @(#)Sendmail version 8.13.3 - Revision 1.004:: HP-UX11.31 - 03rd February,2010/8.11.1; Wed, 20 May 2015 23:35:38 GMT</example>
1125
1143
  <param pos="0" name="service.vendor" value="Sendmail"/>
@@ -1137,7 +1155,7 @@
1137
1155
  <param pos="4" name="system.time"/>
1138
1156
  </fingerprint>
1139
1157
 
1140
- <fingerprint pattern="^([^ ]+) +ESMTP +Sendmail +([^ ]+)/UW([^ ]+) ready at *(.+) \(.+\) *$">
1158
+ <fingerprint pattern="^([^ ]{1,512}) {1,8}ESMTP +Sendmail +([^ ]+)/UW([^ ]+) ready at *(.+) \(.+\) *$">
1141
1159
  <description>Sendmail - Unixware</description>
1142
1160
  <example service.version="8.8.7">foo.bar ESMTP Sendmail 8.8.7/UW7.1.0 ready at Tue, 6 Feb 2001 16:39:30 -0300 (GMT-0300)</example>
1143
1161
  <param pos="0" name="service.vendor" value="Sendmail"/>
@@ -1154,7 +1172,7 @@
1154
1172
  <param pos="4" name="system.time"/>
1155
1173
  </fingerprint>
1156
1174
 
1157
- <fingerprint pattern="^([^ ]+) ESMTP Sendmail AIX([^/]+)/UCB ([^;]+); (.+) \(.+\)$">
1175
+ <fingerprint pattern="^([^ ]{1,512}) ESMTP Sendmail AIX([^/]+)/UCB ([^;]+); (.+) \(.+\)$">
1158
1176
  <description>Sendmail - AIX (UCB variant)</description>
1159
1177
  <example os.version="4.2" service.version="8.7">foo.bar ESMTP Sendmail AIX4.2/UCB 8.7; Sun, 29 Jul 2001 22:34:37 -0400 (EDT)</example>
1160
1178
  <param pos="0" name="service.vendor" value="Sendmail"/>
@@ -1172,7 +1190,7 @@
1172
1190
  <param pos="4" name="system.time"/>
1173
1191
  </fingerprint>
1174
1192
 
1175
- <fingerprint pattern="^([^ ]+) Sendmail AIX([^/]+)/UCB ([^/]+)/([^ ]+) ready at (.+)$">
1193
+ <fingerprint pattern="^([^ ]{1,512}) Sendmail AIX([^/]+)/UCB ([^/]+)/([^ ]+) ready at (.+)$">
1176
1194
  <description>Sendmail - AIX (UCB/ready at variant)</description>
1177
1195
  <example>foo.bar Sendmail AIX 4.1/UCB 5.64/4.03 ready at Mon, 30 Jul 2001 00:42:21 -0500</example>
1178
1196
  <param pos="0" name="service.vendor" value="Sendmail"/>
@@ -1191,7 +1209,7 @@
1191
1209
  <param pos="5" name="system.time"/>
1192
1210
  </fingerprint>
1193
1211
 
1194
- <fingerprint pattern="^([^ ]+) ESMTP Sendmail AIX([^/]+)/([^/]+)/([^;]+); (.+)(?: \(.+\))?$">
1212
+ <fingerprint pattern="^([^ ]{1,512}) ESMTP Sendmail AIX([^/]+)/([^/]+)/([^;]+); (.+)(?: \(.+\))?$">
1195
1213
  <description>Sendmail - AIX</description>
1196
1214
  <example host.name="foo.bar" os.version="4.2" service.version="8.7" sendmail.config.version="8.8">foo.bar ESMTP Sendmail AIX4.2/8.7/8.8; Sun, 29 Jul 2001 22:34:37 -0400 (EDT)</example>
1197
1215
  <example host.name="foo.bar" os.version="5.1" service.version="8.11.6p2" sendmail.config.version="8.11.0">foo.bar ESMTP Sendmail AIX5.1/8.11.6p2/8.11.0; Fri, 28 Aug 1970 19:42:05 -0800</example>
@@ -1211,7 +1229,7 @@
1211
1229
  <param pos="5" name="system.time"/>
1212
1230
  </fingerprint>
1213
1231
 
1214
- <fingerprint pattern="^([^ ]+) ESMTP Sendmail ([^/]+)/([^/]+)/SuSE Linux ([^;]+); (.+)$">
1232
+ <fingerprint pattern="^([^ ]{1,512}) ESMTP Sendmail ([^/]+)/([^/]+)/SuSE Linux ([^;]+); (.+)$">
1215
1233
  <description>Sendmail - SuSE Linux</description>
1216
1234
  <example>foo.bar ESMTP Sendmail 8.9.3/8.9.3/SuSE Linux 8.9.3-0.1; Mon, 30 Jul 2001 04:48:54 +0200</example>
1217
1235
  <param pos="0" name="service.vendor" value="Sendmail"/>
@@ -1230,7 +1248,7 @@
1230
1248
  <param pos="5" name="system.time"/>
1231
1249
  </fingerprint>
1232
1250
 
1233
- <fingerprint pattern="^([^ ]+) ESMTP Sendmail ([^ ]+)\+Sun/([^ ]+); (.+)$">
1251
+ <fingerprint pattern="^([^ ]{1,512}) ESMTP Sendmail ([^ ]+)\+Sun/([^ ]+); (.+)$">
1234
1252
  <description>Sendmail - Solaris with date (no time offeset variant)</description>
1235
1253
  <example>foo.bar ESMTP Sendmail 8.9.3+Sun/8.9.1; Mon, 30 Jul 2001 02:50:22 GMT</example>
1236
1254
  <param pos="0" name="service.vendor" value="Sendmail"/>
@@ -1248,7 +1266,7 @@
1248
1266
  <param pos="4" name="system.time"/>
1249
1267
  </fingerprint>
1250
1268
 
1251
- <fingerprint pattern="^([^ ]+) ESMTP Sendmail ([^ ]+)\+Sun/([^ ]+) ready at (.+) \(.+\)$">
1269
+ <fingerprint pattern="^([^ ]{1,512}) ESMTP Sendmail ([^ ]+)\+Sun/([^ ]+) ready at (.+) \(.+\)$">
1252
1270
  <description>Sendmail - Solaris with date (ready variant)</description>
1253
1271
  <example>foo.bar ESMTP Sendmail 8.8.8+Sun/8.6.4 ready at Thu, 15 Nov 2000 11:40:32 -0800 (PST)</example>
1254
1272
  <param pos="0" name="service.vendor" value="Sendmail"/>
@@ -1266,7 +1284,7 @@
1266
1284
  <param pos="4" name="system.time"/>
1267
1285
  </fingerprint>
1268
1286
 
1269
- <fingerprint pattern="^([^ ]+) ESMTP (?:Debian )?Sendmail ([^/]+)/([^/]+)/Debian ([^/]+); (.+) *$">
1287
+ <fingerprint pattern="^([^ ]{1,512}) ESMTP (?:Debian )?Sendmail ([^/]+)/([^/]+)/Debian ([^/]+); (.+) *$">
1270
1288
  <description>Sendmail - Debian</description>
1271
1289
  <example service.version="8.12.0.Beta7" sendmail.config.version="8.12.0.Beta7" sendmail.vendor.version="8.12.0.Beta7-1">foo.bar ESMTP Debian Sendmail 8.12.0.Beta7/8.12.0.Beta7/Debian 8.12.0.Beta7-1; Sun, 29 Jul 2001 18:52:20 -0800</example>
1272
1290
  <example service.version="8.11.0" sendmail.config.version="8.9.3" sendmail.vendor.version="8.9.3-21">foo.bar ESMTP Sendmail 8.11.0/8.9.3/Debian 8.9.3-21; Sun, 29 Jul 2001 19:51:00 -0700</example>
@@ -1286,9 +1304,9 @@
1286
1304
  <param pos="5" name="system.time"/>
1287
1305
  </fingerprint>
1288
1306
 
1289
- <fingerprint pattern="^([^ ]+) ESMTP Sendmail ([^/]+)/([^/]+)/Debian-\d\+(?:wheezy|deb7u)\d; (.+); .*$">
1307
+ <fingerprint pattern="^([^ ]{1,512}) ESMTP Sendmail ([^/]+)/([^/]+)/Debian-\d\+(?:wheezy|deb7u)\d; (.+); .*$">
1290
1308
  <description>Sendmail - Debian 7.x (wheezy)</description>
1291
- <example service.version="8.14.4">foo.bar ESMTP Sendmail 8.14.4/8.14.4/Debian-4+wheezy1; Thu, 30 Nov 2017 10:33:05 +0100; (No UCE/UBE) logging access from: xyz.foo.bar(OK)-xyz.foo.bar [10.0.0.1]</example>
1309
+ <example host.name="foo.bar" service.version="8.14.4">foo.bar ESMTP Sendmail 8.14.4/8.14.4/Debian-4+wheezy1; Thu, 30 Nov 2017 10:33:05 +0100; (No UCE/UBE) logging access from: xyz.foo.bar(OK)-xyz.foo.bar [10.0.0.1]</example>
1292
1310
  <example service.version="8.14.4">foo.bar ESMTP Sendmail 8.14.4/8.14.4/Debian-4+deb7u1; Thu, 30 Nov 2017 11:00:33 +0100; (No UCE/UBE) logging access from: xyz.foo.bar(OK)-xyz.foo.bar [10.0.0.1]</example>
1293
1311
  <param pos="0" name="service.vendor" value="Sendmail"/>
1294
1312
  <param pos="0" name="service.family" value="Sendmail"/>
@@ -1306,7 +1324,7 @@
1306
1324
  <param pos="4" name="system.time"/>
1307
1325
  </fingerprint>
1308
1326
 
1309
- <fingerprint pattern="^([^ ]+) ESMTP Sendmail ([^/]+)/([^/]+)/Debian-\d\+deb8u\d; (.+); .*$">
1327
+ <fingerprint pattern="^([^ ]{1,512}) ESMTP Sendmail ([^/]+)/([^/]+)/Debian-\d\+deb8u\d; (.+); .*$">
1310
1328
  <description>Sendmail - Debian 8.x (jessie)</description>
1311
1329
  <example service.version="8.14.4">foo.bar ESMTP Sendmail 8.14.4/8.14.4/Debian-8+deb8u2; Thu, 30 Nov 2017 10:25:48 +0100; (No UCE/UBE) logging access from: xyz.foo.bar(OK)-xyz.foo.bar [10.0.0.1]</example>
1312
1330
  <param pos="0" name="service.vendor" value="Sendmail"/>
@@ -1325,7 +1343,26 @@
1325
1343
  <param pos="4" name="system.time"/>
1326
1344
  </fingerprint>
1327
1345
 
1328
- <fingerprint pattern="^([^ ]+) ESMTP Sendmail ([^/]+)/([^/]+)/Debian-\d\+lenny\d; (.+); .*$">
1346
+ <fingerprint pattern="^([^ ]{1,512}) ESMTP Sendmail ([^/]+)/([^/]+)/Debian-\d\+deb9u1; (.+); .*$">
1347
+ <description>Sendmail - Debian 9.1 (stretch)</description>
1348
+ <example host.name="foo.bar" service.version="8.15.2">foo.bar ESMTP Sendmail 8.15.2/8.15.2/Debian-8+deb9u1; Thu, 29 Apr 2021 06:45:02 +0200; (No UCE/UBE) logging access from: xyz.foo.bar(OK)-xyz.foo.bar [10.0.0.1]</example>
1349
+ <param pos="0" name="service.vendor" value="Sendmail"/>
1350
+ <param pos="0" name="service.family" value="Sendmail"/>
1351
+ <param pos="0" name="service.product" value="Sendmail"/>
1352
+ <param pos="0" name="os.vendor" value="Debian"/>
1353
+ <param pos="0" name="os.family" value="Linux"/>
1354
+ <param pos="0" name="os.product" value="Linux"/>
1355
+ <param pos="0" name="os.version" value="9.1"/>
1356
+ <param pos="0" name="os.cpe23" value="cpe:/o:debian:debian_linux:9.1"/>
1357
+ <param pos="0" name="system.time.format" value="EEE, d MMM yyyy HH:mm:ss Z"/>
1358
+ <param pos="1" name="host.name"/>
1359
+ <param pos="2" name="service.version"/>
1360
+ <param pos="0" name="service.cpe23" value="cpe:/a:sendmail:sendmail:{service.version}"/>
1361
+ <param pos="3" name="sendmail.config.version"/>
1362
+ <param pos="4" name="system.time"/>
1363
+ </fingerprint>
1364
+
1365
+ <fingerprint pattern="^([^ ]{1,512}) ESMTP Sendmail ([^/]+)/([^/]+)/Debian-\d\+lenny\d; (.+); .*$">
1329
1366
  <description>Sendmail - Debian 5.x (lenny)</description>
1330
1367
  <example service.version="8.14.3">foo.bar ESMTP Sendmail 8.14.3/8.14.3/Debian-5+lenny1; Thu, 30 Nov 2017 12:29:40 +0300; (No UCE/UBE) logging access from: xyz.foo.bar(OK)-xyz.foo.bar [10.0.0.1]</example>
1331
1368
  <param pos="0" name="service.vendor" value="Sendmail"/>
@@ -1344,7 +1381,7 @@
1344
1381
  <param pos="4" name="system.time"/>
1345
1382
  </fingerprint>
1346
1383
 
1347
- <fingerprint pattern="^([^ ]+) ESMTP Sendmail ([^/]+)/([^/]+)/Debian-\d\+etch\d; (.+); .*$">
1384
+ <fingerprint pattern="^([^ ]{1,512}) ESMTP Sendmail ([^/]+)/([^/]+)/Debian-\d\+etch\d; (.+); .*$">
1348
1385
  <description>Sendmail - Debian 4.x (etch)</description>
1349
1386
  <example service.version="8.13.8" sendmail.config.version="8.13.8">foo.bar ESMTP Sendmail 8.13.8/8.13.8/Debian-3+etch1; Thu, 30 Nov 2017 10:28:23 +0100; (No UCE/UBE) logging access from: xyz.foo.bar(OK)-xyz.foo.bar [10.0.0.1]</example>
1350
1387
  <param pos="0" name="service.vendor" value="Sendmail"/>
@@ -1363,7 +1400,7 @@
1363
1400
  <param pos="4" name="system.time"/>
1364
1401
  </fingerprint>
1365
1402
 
1366
- <fingerprint pattern="^([^ ]+) ESMTP Sendmail ([^/]+)/([^/]+)/Debian-\dsarge\d; (.+); .*$">
1403
+ <fingerprint pattern="^([^ ]{1,512}) ESMTP Sendmail ([^/]+)/([^/]+)/Debian-\dsarge\d; (.+); .*$">
1367
1404
  <description>Sendmail - Debian 3.1 (sarge)</description>
1368
1405
  <example service.version="8.13.4">foo.bar ESMTP Sendmail 8.13.4/8.13.4/Debian-3sarge1; Thu, 30 Nov 2017 10:55:47 +0100; (No UCE/UBE) logging access from: xyz.foo.bar(OK)-xyz.foo.bar [10.0.0.1]</example>
1369
1406
  <param pos="0" name="service.vendor" value="Sendmail"/>
@@ -1382,7 +1419,7 @@
1382
1419
  <param pos="4" name="system.time"/>
1383
1420
  </fingerprint>
1384
1421
 
1385
- <fingerprint pattern="^([^ ]+) ESMTP Sendmail ([^/]+)/([^/]+)/Debian-\d(?:\.\d)?(?:build\d)?;+ (.+); .*$">
1422
+ <fingerprint pattern="^([^ ]{1,512}) ESMTP Sendmail ([^/]+)/([^/]+)/Debian-\d(?:\.\d)?(?:build\d)?;+ (.+); .*$">
1386
1423
  <description>Sendmail - Debian patch only</description>
1387
1424
  <example service.version="8.15.2">foo.bar ESMTP Sendmail 8.15.2/8.15.2/Debian-3; Thu, 30 Nov 2017 10:55:50 +0200; (No UCE/UBE) logging access from: xyz.foo.bar(OK)-xyz.foo.bar [10.0.0.1]</example>
1388
1425
  <example service.version="8.14.3">foo.bar ESMTP Sendmail 8.14.3/8.14.3/Debian-9.4; Thu, 30 Nov 2017 10:11:54 +0100; (No UCE/UBE) logging access from: xyz.foo.bar(OK)-xyz.foo.bar [10.0.0.1]</example>
@@ -1402,7 +1439,7 @@
1402
1439
  <param pos="4" name="system.time"/>
1403
1440
  </fingerprint>
1404
1441
 
1405
- <fingerprint pattern="^([^ ]+) ESMTP Sendmail ([^/]+)/[^/]+/Debian-[\d.]+ubuntu[^ ]*; (.+); .*$">
1442
+ <fingerprint pattern="^([^ ]{1,512}) ESMTP Sendmail ([^/]+)/[^/]+/Debian-[\d.]+ubuntu[^ ]*; (.+); .*$">
1406
1443
  <description>Sendmail - Ubuntu</description>
1407
1444
  <example service.version="8.13.5.20060308">foo.bar ESMTP Sendmail 8.13.5.20060308/8.13.5/Debian-3ubuntu1.1; Fri, 24 Jul 2009 01:41:21 -0700; (No UCE/UBE) logging access from: xyz.foo.bar(OK)-xyz.foo.bar [10.0.0.1]</example>
1408
1445
  <example service.version="8.14.4">foo.bar ESMTP Sendmail 8.14.4/8.14.4/Debian-4.1ubuntu1; Thu, 30 Nov 2017 11:00:30 +0100; (No UCE/UBE) logging access from: xyz.foo.bar(OK)-xyz.foo.bar [10.0.0.1]</example>
@@ -1420,7 +1457,7 @@
1420
1457
  <param pos="3" name="system.time"/>
1421
1458
  </fingerprint>
1422
1459
 
1423
- <fingerprint pattern="^([^ ]+) (?:E?SMTP )?Sendmail SMI-([^/]+)/(SMI-SVR4) ready at (.+)$">
1460
+ <fingerprint pattern="^([^ ]{1,512}) (?:E?SMTP )?Sendmail SMI-([^/]+)/(SMI-SVR4) ready at (.+)$">
1424
1461
  <description>Sendmail - Solaris (SMI variant)</description>
1425
1462
  <example>foo.bar Sendmail SMI-8.6/SMI-SVR4 ready at Sun, 29 Jul 2001 22:58:46 -0400</example>
1426
1463
  <param pos="0" name="service.vendor" value="Sendmail"/>
@@ -1438,7 +1475,7 @@
1438
1475
  <param pos="4" name="system.time"/>
1439
1476
  </fingerprint>
1440
1477
 
1441
- <fingerprint pattern="^([^ ]+) ESMTP Sendmail ([^ ]+)/(linuxconf); (.+)$">
1478
+ <fingerprint pattern="^([^ ]{1,512}) ESMTP Sendmail ([^ ]+)/(linuxconf); (.+)$">
1442
1479
  <description>Sendmail - unknown platform (linuxconf variant)</description>
1443
1480
  <example>foo.bar ESMTP Sendmail 8.9.3/linuxconf; Sun, 29 Jul 2001 22:48:28 -0400</example>
1444
1481
  <param pos="0" name="service.vendor" value="Sendmail"/>
@@ -1454,7 +1491,7 @@
1454
1491
  <param pos="4" name="system.time"/>
1455
1492
  </fingerprint>
1456
1493
 
1457
- <fingerprint pattern="^([^ ]+) ESMTP MetaInfo Sendmail ([^ ]+) Build ([^ ]+) \(Berkeley ([^ ]+)\)/([^;]+); (.+)$">
1494
+ <fingerprint pattern="^([^ ]{1,512}) ESMTP MetaInfo Sendmail ([^ ]+) Build ([^ ]+) \(Berkeley ([^ ]+)\)/([^;]+); (.+)$">
1458
1495
  <description>Sendmail - MetaInfo</description>
1459
1496
  <example host.name="foo.bar" service.version="8.8.6">foo.bar ESMTP MetaInfo Sendmail 2.5 Build 2630 (Berkeley 8.8.6)/8.8.4; Mon, 30 Jul</example>
1460
1497
  <param pos="0" name="service.vendor" value="MetaInfo"/>
@@ -1473,7 +1510,7 @@
1473
1510
  <param pos="6" name="system.time"/>
1474
1511
  </fingerprint>
1475
1512
 
1476
- <fingerprint pattern="^([^ ]+) +ESMTP .*Sendmail +([^/ ]+) */ *([^/ ]+); *((?:\w\w\w, \d+ \w\w\w \d\d\d\d [\d:]+ [-+]\d\d\d\d)?)(?: \(.+\))?$">
1513
+ <fingerprint pattern="^([^ ]{1,512}) +ESMTP .*Sendmail +([^/ ]+) */ *([^/ ]+); *((?:\w\w\w, \d+ \w\w\w \d\d\d\d [\d:]+ [-+]\d\d\d\d)?)(?: \(.+\))?$">
1477
1514
  <description>Sendmail - optional timezone and timestamp, w/o OS</description>
1478
1515
  <example host.name="foo.bar" service.version="8.9.3+3.4W" sendmail.config.version="8.9.3+3.4W" system.time="Tue, 30 Jan 2001 20:40:09 -0500">foo.bar ESMTP Sendmail 8.9.3+3.4W/8.9.3+3.4W; Tue, 30 Jan 2001 20:40:09 -0500 (EST)</example>
1479
1516
  <example host.name="foo.bar" service.version="8.12.10" sendmail.config.version="8.12.10">foo.bar ESMTP Sendmail 8.12.10/8.12.10;</example>
@@ -1491,7 +1528,7 @@
1491
1528
  <param pos="4" name="system.time"/>
1492
1529
  </fingerprint>
1493
1530
 
1494
- <fingerprint pattern="^([^ ]+) +ESMTP .*Sendmail +([^/ ]+) */ *([^/ ]+); *(\w\w\w, \d+ \w\w\w \d\d\d\d [\d:]+ \w+)\.?$">
1531
+ <fingerprint pattern="^([^ ]{1,512}) +ESMTP .*Sendmail +([^/ ]+) */ *([^/ ]+); *(\w\w\w, \d+ \w\w\w \d\d\d\d [\d:]+ \w+)\.?$">
1495
1532
  <description>Sendmail - with timezone and timestamp, w/o timezone offset or OS</description>
1496
1533
  <example host.name="foo.bar" service.version="8.14.4" sendmail.config.version="8.14.4" system.time="Thu, 5 Apr 2018 19:30:58 GMT">foo.bar ESMTP Sendmail 8.14.4/8.14.4; Thu, 5 Apr 2018 19:30:58 GMT</example>
1497
1534
  <param pos="0" name="service.vendor" value="Sendmail"/>
@@ -1504,7 +1541,7 @@
1504
1541
  <param pos="4" name="system.time"/>
1505
1542
  </fingerprint>
1506
1543
 
1507
- <fingerprint pattern="^([^ ]+) +ESMTP +Sendmail ([^ ]+) ready at *(\w\w\w, \d+ \w\w\w \d\d\d\d [\d:]+ [-+]\d\d\d\d)(?: \(.+\))$">
1544
+ <fingerprint pattern="^([^ ]{1,512}) +ESMTP +Sendmail ([^ ]+) ready at *(\w\w\w, \d+ \w\w\w \d\d\d\d [\d:]+ [-+]\d\d\d\d)(?: \(.+\))$">
1508
1545
  <description>Sendmail - with version and date (optional timezone), w/o config version</description>
1509
1546
  <example host.name="foo.bar" service.version="8.8.8" system.time="Tue, 6 Feb 2001 14:37:14 +0100">foo.bar ESMTP Sendmail 8.8.8 ready at Tue, 6 Feb 2001 14:37:14 +0100 (CET)</example>
1510
1547
  <param pos="0" name="service.vendor" value="Sendmail"/>
@@ -1517,7 +1554,7 @@
1517
1554
  <param pos="3" name="system.time"/>
1518
1555
  </fingerprint>
1519
1556
 
1520
- <fingerprint pattern="^([^ ]+) +ESMTP +Sendmail ([^ /]+) - \([^\)]+\)/[^ ]+;? *(\w\w\w, \d+ \w\w\w \d\d\d\d [\d:]+ [-+]\d\d\d\d)(?: \(.+\)) *$">
1557
+ <fingerprint pattern="^([^ ]{1,512}) +ESMTP +Sendmail ([^ /]+) - \([^\)]+\)/[^ ]+;? *(\w\w\w, \d+ \w\w\w \d\d\d\d [\d:]+ [-+]\d\d\d\d)(?: \(.+\)) *$">
1521
1558
  <description>Sendmail - revision variant 1</description>
1522
1559
  <example>foo.foo.bar ESMTP Sendmail 8.11.1 - (Revision 1.010)/8.9.3; Sat, 22 Jan 2011 10:08:35 -0500 (EST)</example>
1523
1560
  <param pos="0" name="service.vendor" value="Sendmail"/>
@@ -1530,7 +1567,7 @@
1530
1567
  <param pos="3" name="system.time"/>
1531
1568
  </fingerprint>
1532
1569
 
1533
- <fingerprint pattern="^([^ ]+) +ESMTP +Sendmail +(?:[^ ]+) +version +([^ ]+) +- +(?:[^;]+); *(\w\w\w, \d+ \w\w\w \d\d\d\d [\d:]+ [-+]\d\d\d\d)(?: \(.+\)) *$">
1570
+ <fingerprint pattern="^([^ ]{1,512}) +ESMTP +Sendmail +(?:[^ ]+) +version +([^ ]+) +- +(?:[^;]+); *(\w\w\w, \d+ \w\w\w \d\d\d\d [\d:]+ [-+]\d\d\d\d)(?: \(.+\)) *$">
1534
1571
  <description>Sendmail - revision variant 2</description>
1535
1572
  <example>foo.foo.bar ESMTP Sendmail @(#)Sendmail version 8.13.3 - Revision 2.007 - 8 December 2008/8.8.6; Wed, 21 Jul 2010 11:17:01 -0400 (EDT)</example>
1536
1573
  <param pos="0" name="service.vendor" value="Sendmail"/>
@@ -1543,7 +1580,7 @@
1543
1580
  <param pos="3" name="system.time"/>
1544
1581
  </fingerprint>
1545
1582
 
1546
- <fingerprint pattern="^(?i)([^ ]+) +(?:ESMTP +)?Sendmail *(?: Ready.? ?)?(?:;|at)? ?((?:\w\w\w, \d+ \w\w\w \d\d\d\d [\d:]+ [-+]\d\d\d\d)?)(?: \(.+\))?$">
1583
+ <fingerprint pattern="(?i)^([^ ]{1,512}) {1,8}(?:ESMTP +)?Sendmail *(?: Ready.? ?)?(?:;|at)? ?((?:\w\w\w, \d+ \w\w\w \d\d\d\d [\d:]+ [-+]\d\d\d\d)?)(?: \(.+\))?$">
1547
1584
  <description>Sendmail - with date, w/o version or platform, optional status string.</description>
1548
1585
  <example host.name="foo.bar">foo.bar ESMTP Sendmail ; Thu, 30 Nov 2017 17:50:14 +0900</example>
1549
1586
  <example host.name="foo.bar">foo.bar ESMTP Sendmail; Thu, 30 Nov 2017 17:50:14 +0900</example>
@@ -1563,9 +1600,10 @@
1563
1600
  <param pos="0" name="system.time.format" value="EEE, d MMM yyyy HH:mm:ss Z"/>
1564
1601
  </fingerprint>
1565
1602
 
1566
- <fingerprint pattern="^ESMTP Sendmail +([^/ ]+) */ *([^/ ]+); (\w\w\w, \d+ \w\w\w \d\d\d\d [\d:]+ [-+]\d\d\d\d)$">
1603
+ <fingerprint pattern="^\s?ESMTP Sendmail +([^/ ]+) */ *([^/ ]+); (\w\w\w, \d+ \w\w\w \d\d\d\d [\d:]+ [-+]\d\d\d\d)$">
1567
1604
  <description>Sendmail - with version and date, w/o hostname or platform (semicolon variant)</description>
1568
1605
  <example service.version="8.13.1" sendmail.config.version="8.13.1" system.time="Thu, 30 Nov 2017 01:58:22 -0700">ESMTP Sendmail 8.13.1/8.13.1; Thu, 30 Nov 2017 01:58:22 -0700</example>
1606
+ <example service.version="8.14.7" sendmail.config.version="8.14.7" system.time="Thu, 29 Apr 2021 14:07:54 +0900"> ESMTP Sendmail 8.14.7/8.14.7; Thu, 29 Apr 2021 14:07:54 +0900</example>
1569
1607
  <param pos="0" name="service.vendor" value="Sendmail"/>
1570
1608
  <param pos="0" name="service.family" value="Sendmail"/>
1571
1609
  <param pos="0" name="service.product" value="Sendmail"/>
@@ -1576,7 +1614,7 @@
1576
1614
  <param pos="3" name="system.time"/>
1577
1615
  </fingerprint>
1578
1616
 
1579
- <fingerprint pattern="^([^ ]+) +ESMTP +Sendmail ([^ /]+) \([^\)]+\) *(.+) \(.+\)$">
1617
+ <fingerprint pattern="^([^ ]{1,512}) +ESMTP +Sendmail ([^ /]+) \([^\)]+\) *(.+) \(.+\)$">
1580
1618
  <description>Sendmail - unknown (date in version string variant)</description>
1581
1619
  <example>mail.foo.bar ESMTP Sendmail 8.11.1 (1.1.2.11/12Jul01-1016AM) Wed, 8 Jan 2003 11:21:22 +0100 (MET)</example>
1582
1620
  <param pos="0" name="service.vendor" value="Sendmail"/>
@@ -1591,7 +1629,7 @@
1591
1629
 
1592
1630
  <!-- *Sendmail* fingerprints after this line had NO matches in 2017.11.30 Project Sonar data set-->
1593
1631
 
1594
- <fingerprint pattern="^([^ ]+) Sendmail ([^;]+); ([^;\.]+)$">
1632
+ <fingerprint pattern="^([^ ]{1,512}) Sendmail ([^;]+); ([^;\.]+)$">
1595
1633
  <description>Sendmail - unknown platform, variant 1</description>
1596
1634
  <param pos="0" name="service.vendor" value="Sendmail"/>
1597
1635
  <param pos="0" name="service.family" value="Sendmail"/>
@@ -1614,7 +1652,7 @@
1614
1652
  <param pos="3" name="host.name"/>
1615
1653
  </fingerprint>
1616
1654
 
1617
- <fingerprint pattern="^([^ ]+) -- Server ESMTP \(Sun Internet Mail Server sims\.(\d\.[\w.]+)\)$">
1655
+ <fingerprint pattern="^([^ ]{1,512}) -- Server ESMTP \(Sun Internet Mail Server sims\.(\d\.[\w.]+)\)$">
1618
1656
  <description>Sun Internet Mail Server</description>
1619
1657
  <example host.name="foo.bar" service.version="4.0.2000.10.12.16.25.p8">foo.bar -- Server ESMTP (Sun Internet Mail Server sims.4.0.2000.10.12.16.25.p8)</example>
1620
1658
  <param pos="0" name="service.vendor" value="Sun"/>
@@ -1628,7 +1666,7 @@
1628
1666
  <param pos="2" name="service.version"/>
1629
1667
  </fingerprint>
1630
1668
 
1631
- <fingerprint pattern="^(?:2.0.0 )?([^ ]+) ESMTP ecelerity (\d\.[\d.]+) r\(([^)]+)\) (\w\w\w, \d+ \w\w\w \d\d\d\d [\d:]+ [-+]\d\d\d\d) *$">
1669
+ <fingerprint pattern="^(?:2.0.0 )?([^ ]{1,512}) ESMTP ecelerity (\d\.[\d.]+) r\(([^)]+)\) (\w\w\w, \d+ \w\w\w \d\d\d\d [\d:]+ [-+]\d\d\d\d) *$">
1632
1670
  <description>Ecelerity</description>
1633
1671
  <example host.name="foo.bar" system.time="Thu, 30 Nov 2017 05:11:00 -0500">2.0.0 foo.bar ESMTP ecelerity 4.0.0.43760 r(Platform:4.0.0.1) Thu, 30 Nov 2017 05:11:00 -0500</example>
1634
1672
  <example>foo.bar ESMTP ecelerity 3.3.1.44388 r(44388) Thu, 30 Nov 2017 03:10:11 -0700</example>
@@ -1644,7 +1682,7 @@
1644
1682
  <param pos="4" name="system.time"/>
1645
1683
  </fingerprint>
1646
1684
 
1647
- <fingerprint pattern="^(?i)([^ ]+) SMTP Server SLMail v?(\d\.[\d.]+) Ready ESMTP spoken here *$">
1685
+ <fingerprint pattern="(?i)^([^ ]{1,512}) SMTP Server SLMail v?(\d\.[\d.]+) Ready ESMTP spoken here *$">
1648
1686
  <description>Seattle Labs SLMail server for Windows NT/2k (v2.7 runs on Win9x)</description>
1649
1687
  <example service.version="2.7">foo.bar Smtp Server SLMail v2.7 Ready ESMTP spoken here</example>
1650
1688
  <example service.version="3.2.3113">foo.bar SMTP Server SLmail 3.2.3113 Ready ESMTP spoken here</example>
@@ -1656,7 +1694,7 @@
1656
1694
  <param pos="2" name="service.version"/>
1657
1695
  </fingerprint>
1658
1696
 
1659
- <fingerprint pattern="^([^ ]+) +ESMTP Symantec Mail Security$">
1697
+ <fingerprint pattern="^([^ ]{1,512}) +ESMTP Symantec Mail Security$">
1660
1698
  <description>Symantec Mail Security for SMTP</description>
1661
1699
  <example host.name="foo.bar">foo.bar ESMTP Symantec Mail Security</example>
1662
1700
  <param pos="0" name="service.vendor" value="Symantec"/>
@@ -1665,7 +1703,7 @@
1665
1703
  <param pos="1" name="host.name"/>
1666
1704
  </fingerprint>
1667
1705
 
1668
- <fingerprint pattern="^([^ ]+) ESMTP Symantec Messaging Gateway$">
1706
+ <fingerprint pattern="^([^ ]{1,512}) ESMTP Symantec Messaging Gateway$">
1669
1707
  <description>Symantec Mail Gateway</description>
1670
1708
  <example host.name="foo.bar">foo.bar ESMTP Symantec Messaging Gateway</example>
1671
1709
  <param pos="0" name="service.vendor" value="Symantec"/>
@@ -1676,7 +1714,7 @@
1676
1714
 
1677
1715
  <!-- SonicWall makes hardware, virtual appliances, and Windows software. The banner doesn't indicate which. -->
1678
1716
 
1679
- <fingerprint pattern="^(?i)([^ ]+) ESMTP SonicWALL \(([\d.]+)\)$">
1717
+ <fingerprint pattern="(?i)^([^ ]{1,512}) ESMTP SonicWALL \(([\d.]+)\)$">
1680
1718
  <description>SonicWall Email Security</description>
1681
1719
  <example host.name="foo.bar" service.version="9.0.5.2077">foo.bar ESMTP SonicWALL (9.0.5.2077)</example>
1682
1720
  <example host.name="foo.bar" service.version="9.1.1.3113">foo.bar ESMTP SonicWall (9.1.1.3113)</example>
@@ -1685,9 +1723,10 @@
1685
1723
  <param pos="0" name="service.product" value="Email Security"/>
1686
1724
  <param pos="1" name="host.name"/>
1687
1725
  <param pos="2" name="service.version"/>
1726
+ <param pos="0" name="service.cpe23" value="cpe:/a:sonicwall:email_security:{service.version}"/>
1688
1727
  </fingerprint>
1689
1728
 
1690
- <fingerprint pattern="^([^ ]+) \(PowerMTA\(TM\) v([\d.r]+)\) ESMTP service ready$">
1729
+ <fingerprint pattern="^([^ ]{1,512}) \(PowerMTA\(TM\) v([\d.r]+)\) ESMTP service ready$">
1691
1730
  <description>PowerMTA</description>
1692
1731
  <example host.name="foo.bar" service.version="3.2r24">foo.bar (PowerMTA(TM) v3.2r24) ESMTP service ready</example>
1693
1732
  <param pos="0" name="service.vendor" value="port25"/>
@@ -1697,7 +1736,7 @@
1697
1736
  <param pos="2" name="service.version"/>
1698
1737
  </fingerprint>
1699
1738
 
1700
- <fingerprint pattern="^([^ ]+) +VOPmail ESMTP Receiver Version (\d\.[\d.]+) Ready$">
1739
+ <fingerprint pattern="^([^ ]{1,512}) +VOPmail ESMTP Receiver Version (\d\.[\d.]+) Ready$">
1701
1740
  <description>VOPMail http://www.vircom.com/en/products/vopmail/vopmail.shtml</description>
1702
1741
  <example host.name="foo.bar" service.version="4.0.179.0">foo.bar VOPmail ESMTP Receiver Version 4.0.179.0 Ready</example>
1703
1742
  <param pos="0" name="service.vendor" value="Vircom"/>
@@ -1707,7 +1746,7 @@
1707
1746
  <param pos="2" name="service.version"/>
1708
1747
  </fingerprint>
1709
1748
 
1710
- <fingerprint pattern="^([^ ]+) VPOP3 E?SMTP Server (?:Ready|access not allowed!)$">
1749
+ <fingerprint pattern="^([^ ]{1,512}) VPOP3 E?SMTP Server (?:Ready|access not allowed!)$">
1711
1750
  <description>VPOP3 Email server: http://www.pscs.co.uk/products/vpop3/index.html</description>
1712
1751
  <example>foo.bar VPOP3 ESMTP Server Ready</example>
1713
1752
  <example>foo.bar VPOP3 SMTP Server Ready</example>
@@ -1718,7 +1757,7 @@
1718
1757
  <param pos="1" name="host.name"/>
1719
1758
  </fingerprint>
1720
1759
 
1721
- <fingerprint pattern="^([^ ]+) WebShield SMTP V([^ ]+\.[^ ]+) (:?[^ ]+)? ?Network Associates.*Ready at (.+) *$">
1760
+ <fingerprint pattern="^([^ ]{1,512}) WebShield SMTP V([^ ]+\.[^ ]+) ([^ ]+)? ?Network Associates.*Ready at (.+) *$">
1722
1761
  <description>McAfee WebShield</description>
1723
1762
  <example host.name="foo.bar" service.version="4.5" service.version.version="MR1a">foo.bar WebShield SMTP V4.5 MR1a Network Associates, Inc. Ready at Thu Nov 30 09:15:32 2017</example>
1724
1763
  <example host.name="foo.bar" service.version="4.5" system.time="Thu Nov 30 09:15:32 2017">foo.bar WebShield SMTP V4.5 Network Associates, Inc. Ready at Thu Nov 30 09:15:32 2017</example>
@@ -1733,7 +1772,7 @@
1733
1772
  <param pos="4" name="system.time"/>
1734
1773
  </fingerprint>
1735
1774
 
1736
- <fingerprint pattern="^([^ ]+) McAfee WebShield ASaP v([^ ]+\.[^ ]+\.[^ ]+): (.+) *$">
1775
+ <fingerprint pattern="^([^ ]{1,512}) McAfee WebShield ASaP v([^ ]+\.[^ ]+\.[^ ]+): (.+) *$">
1737
1776
  <description>McAfee Webshield ASaP (bundled hardware / software)</description>
1738
1777
  <example host.name="foo.bar" service.version="1.0.1" system.time="Sun, 29 Jul 2001 22:46:18 -0700">foo.bar McAfee WebShield ASaP v1.0.1: Sun, 29 Jul 2001 22:46:18 -0700</example>
1739
1778
  <param pos="0" name="service.vendor" value="McAfee"/>
@@ -1749,7 +1788,7 @@
1749
1788
  <param pos="3" name="system.time"/>
1750
1789
  </fingerprint>
1751
1790
 
1752
- <fingerprint pattern="^([^ ]+) McAfee VirusScreen ASaP v([^ ]+\.[^ ]+): (.+) *$">
1791
+ <fingerprint pattern="^([^ ]{1,512}) McAfee VirusScreen ASaP v([^ ]+\.[^ ]+): (.+) *$">
1753
1792
  <description>McAfee VirusScreen</description>
1754
1793
  <example host.name="foo.bar" service.version="1.1" system.time="Sun, 20 Jul 2003 09:20:52 -0700">foo.bar McAfee VirusScreen ASaP v1.1: Sun, 20 Jul 2003 09:20:52 -0700</example>
1755
1794
  <param pos="0" name="service.vendor" value="McAfee"/>
@@ -1765,7 +1804,7 @@
1765
1804
  <param pos="3" name="system.time"/>
1766
1805
  </fingerprint>
1767
1806
 
1768
- <fingerprint pattern="^([^ ]+) ESMTP Lyris ListManager service ready$">
1807
+ <fingerprint pattern="^([^ ]{1,512}) ESMTP Lyris ListManager service ready$">
1769
1808
  <description>Lyris ListManager</description>
1770
1809
  <example host.name="foo.bar">foo.bar ESMTP Lyris ListManager service ready</example>
1771
1810
  <param pos="0" name="service.vendor" value="Lyris"/>
@@ -1774,7 +1813,7 @@
1774
1813
  <param pos="1" name="host.name"/>
1775
1814
  </fingerprint>
1776
1815
 
1777
- <fingerprint pattern="^([^ ]+) ESMTP - WinRoute Pro ([^ ]+\.[^ ]+)$">
1816
+ <fingerprint pattern="^([^ ]{1,512}) ESMTP - WinRoute Pro ([^ ]+\.[^ ]+)$">
1778
1817
  <description>WinRoute Pro, runs on 9x/NT/2k http://www.tinysoftware.com/winpro.php</description>
1779
1818
  <example host.name="foo.bar" service.version="4.2.4">foo.bar ESMTP - WinRoute Pro 4.2.4</example>
1780
1819
  <param pos="0" name="service.family" value="WinRoute"/>
@@ -1793,7 +1832,7 @@
1793
1832
  <param pos="2" name="system.time"/>
1794
1833
  </fingerprint>
1795
1834
 
1796
- <fingerprint pattern="^([^ ]+) ZMailer Server (\d\.[\d.]+) #([^ ]+) ESMTP ready at (.+) *$">
1835
+ <fingerprint pattern="^([^ ]{1,512}) ZMailer Server (\d\.[\d.]+) #([^ ]+) ESMTP ready at (.+) *$">
1797
1836
  <description>ZMailer http://www.zmailer.org/technical.html</description>
1798
1837
  <example service.version="2.99.57" service.version.version="1">foo.bar ZMailer Server 2.99.57 #1 ESMTP ready at Thu, 16 Nov 2017 12:00:12 +0300</example>
1799
1838
  <param pos="0" name="service.vendor" value="ZMailer"/>
@@ -1806,7 +1845,7 @@
1806
1845
  <param pos="4" name="system.time"/>
1807
1846
  </fingerprint>
1808
1847
 
1809
- <fingerprint pattern="^([^ ]+) ZMailer Server (\d\.[\d.]+) #([^ ]+) ESMTP\+IDENT ready at (.+) *$">
1848
+ <fingerprint pattern="^([^ ]{1,512}) ZMailer Server (\d\.[\d.]+) #([^ ]+) ESMTP\+IDENT ready at (.+) *$">
1810
1849
  <description>ZMailer server that supports IDENT</description>
1811
1850
  <example service.version="2.99.55" service.version.version="16">foo.bar ZMailer Server 2.99.55 #16 ESMTP+IDENT ready at Thu, 16 Nov 2017 06:51:42 -0300</example>
1812
1851
  <param pos="0" name="service.vendor" value="ZMailer"/>
@@ -1820,7 +1859,7 @@
1820
1859
  <param pos="4" name="system.time"/>
1821
1860
  </fingerprint>
1822
1861
 
1823
- <fingerprint pattern="^([^ ]+) Kerio Connect (\d\.[\d.]+) (?:patch (\d) )?ESMTP ready$">
1862
+ <fingerprint pattern="^([^ ]{1,512}) Kerio Connect (\d\.[\d.]+) (?:patch (\d) )?ESMTP ready$">
1824
1863
  <description>Kerio Connect ESMTP</description>
1825
1864
  <example host.name="foo.bar" service.version="8.0.2">foo.bar Kerio Connect 8.0.2 ESMTP ready</example>
1826
1865
  <example service.version="9.2.5" service.version.version="3">foo.bar Kerio Connect 9.2.5 patch 3 ESMTP ready</example>
@@ -1832,7 +1871,7 @@
1832
1871
  <param pos="3" name="service.version.version"/>
1833
1872
  </fingerprint>
1834
1873
 
1835
- <fingerprint pattern="^([^ ]+) ESMTP CommuniGate Pro (\d\.[\w.]+)(?:. It is you again :-\()?$">
1874
+ <fingerprint pattern="^([^ ]{1,512}) ESMTP CommuniGate Pro (\d\.[\w.]+)(?:. It is you again :-\()?$">
1836
1875
  <description>Communigate Pro</description>
1837
1876
  <example host.name="foo.bar" service.version="5.3.1">foo.bar ESMTP CommuniGate Pro 5.3.1</example>
1838
1877
  <example host.name="foo.bar" service.version="6.2c3">foo.bar ESMTP CommuniGate Pro 6.2c3</example>
@@ -1845,7 +1884,7 @@
1845
1884
  <param pos="0" name="service.cpe23" value="cpe:/a:communigate:communigate_pro:{service.version}"/>
1846
1885
  </fingerprint>
1847
1886
 
1848
- <fingerprint pattern="^(\S+) NO UCE NO UBE NO RELAY PROBES ESMTP">
1887
+ <fingerprint pattern="^(\S{1,512}) NO UCE NO UBE NO RELAY PROBES ESMTP">
1849
1888
  <description>Twisted SMTP server</description>
1850
1889
  <example host.name="foo.bar">foo.bar NO UCE NO UBE NO RELAY PROBES ESMTP</example>
1851
1890
  <param pos="0" name="service.vendor" value="Twisted Matrix Labs"/>
@@ -1873,7 +1912,7 @@
1873
1912
  <param pos="1" name="service.version"/>
1874
1913
  </fingerprint>
1875
1914
 
1876
- <fingerprint pattern="^([^ ]+) Service ready by David.fx \((\d+)\) ESMTP Server \(Tobit.Software, Germany\)$">
1915
+ <fingerprint pattern="^([^ ]{1,512}) Service ready by David.fx \((\d+)\) ESMTP Server \(Tobit.Software, Germany\)$">
1877
1916
  <description>Tobit Software David</description>
1878
1917
  <example service.version="0486">foo.bar Service ready by David.fx (0486) ESMTP Server (Tobit.Software, Germany)</example>
1879
1918
  <param pos="0" name="service.vendor" value="Tobit Software"/>
@@ -1883,14 +1922,14 @@
1883
1922
  <param pos="2" name="service.version"/>
1884
1923
  </fingerprint>
1885
1924
 
1886
- <fingerprint pattern="^(?i)(\S+) E?SMTP Perl">
1925
+ <fingerprint pattern="(?i)^(\S{1,512}) E?SMTP Perl">
1887
1926
  <description>Some simple PERL SMTP server</description>
1888
1927
  <example host.name="foo.bar">foo.bar ESMTP Perl</example>
1889
1928
  <param pos="0" name="service.product" value="Perl"/>
1890
1929
  <param pos="1" name="host.name"/>
1891
1930
  </fingerprint>
1892
1931
 
1893
- <fingerprint pattern="^(?i)(?:([^ ]+) )?E?SMTP(?: (?:Service )?Ready\.?)?$">
1932
+ <fingerprint pattern="(?i)^(?:([^ ]{1,512}) )?E?SMTP(?: (?:Service )?Ready\.?)?$">
1894
1933
  <description>Non-specific banner with optional hostname</description>
1895
1934
  <example host.name="foo.bar">foo.bar ESMTP</example>
1896
1935
  <example host.name="foo.bar">foo.bar ESMTP Ready</example>
@@ -1902,7 +1941,7 @@
1902
1941
  <param pos="1" name="host.name"/>
1903
1942
  </fingerprint>
1904
1943
 
1905
- <fingerprint pattern="^([^ ]+) ESMTP OpenSMTPD$">
1944
+ <fingerprint pattern="^([^ ]{1,512}) ESMTP OpenSMTPD$">
1906
1945
  <description>OpenSMPTD</description>
1907
1946
  <example host.name="foo.bar">foo.bar ESMTP OpenSMTPD</example>
1908
1947
  <param pos="0" name="service.vendor" value="OpenBSD"/>