recog 2.3.20 → 2.3.21

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (32) hide show
  1. checksums.yaml +4 -4
  2. data/cpe-remap.yaml +29 -1
  3. data/identifiers/fields.txt +1 -1
  4. data/identifiers/hw_product.txt +1 -0
  5. data/identifiers/os_product.txt +0 -1
  6. data/lib/recog/nizer.rb +1 -82
  7. data/lib/recog/version.rb +1 -1
  8. data/xml/apache_os.xml +1 -1
  9. data/xml/dns_versionbind.xml +10 -0
  10. data/xml/favicons.xml +1 -0
  11. data/xml/ftp_banners.xml +56 -44
  12. data/xml/html_title.xml +36 -12
  13. data/xml/http_cookies.xml +2 -3
  14. data/xml/http_servers.xml +28 -28
  15. data/xml/http_wwwauth.xml +3 -3
  16. data/xml/imap_banners.xml +5 -5
  17. data/xml/mdns_device-info_txt.xml +32 -0
  18. data/xml/mysql_banners.xml +2 -1
  19. data/xml/nntp_banners.xml +1 -1
  20. data/xml/ntp_banners.xml +1 -1
  21. data/xml/operating_system.xml +4 -4
  22. data/xml/pop_banners.xml +4 -4
  23. data/xml/sip_banners.xml +3 -3
  24. data/xml/sip_user_agents.xml +5 -0
  25. data/xml/smb_native_os.xml +3 -0
  26. data/xml/smtp_banners.xml +130 -127
  27. data/xml/snmp_sysdescr.xml +26 -26
  28. data/xml/ssh_banners.xml +12 -11
  29. data/xml/telnet_banners.xml +59 -44
  30. data/xml/x509_issuers.xml +32 -2
  31. data/xml/x509_subjects.xml +23 -13
  32. metadata +2 -2
data/xml/mysql_banners.xml CHANGED
@@ -1354,9 +1354,10 @@
1354
1354
  <param pos="0" name="os.cpe23" value="cpe:/o:canonical:ubuntu_linux:10.04"/>
1355
1355
  </fingerprint>
1356
1356
 
1357
- <fingerprint pattern="^(?:\d{1,2}\.\d{1,3}\.[a-f\d]{1,3}-)?(\d{1,2}\.\d{1,3}\.[a-f\d]{1,4})-MariaDB-\d\:.*\+maria\~focal$" flags="REG_ICASE">
1357
+ <fingerprint pattern="^(?:\d{1,2}\.\d{1,3}\.[a-f\d]{1,3}-)?(\d{1,2}\.\d{1,3}\.[a-f\d]{1,4})-MariaDB-\d\:.*\+maria\~focal(?:-log)?$" flags="REG_ICASE">
1358
1358
  <description>MariaDB MariaDB on Ubuntu 20.04 (Focal Fossa)</description>
1359
1359
  <example service.version="10.5.2">5.5.5-10.5.2-MariaDB-1:10.5.2+maria~focal</example>
1360
+ <example service.version="10.1.1">5.5.5-10.1.1-MariaDB-1:10.1.1+maria~focal-log</example>
1360
1361
  <param pos="1" name="service.version"/>
1361
1362
  <param pos="0" name="service.vendor" value="MariaDB"/>
1362
1363
  <param pos="0" name="service.family" value="MySQL"/>
data/xml/nntp_banners.xml CHANGED
@@ -13,7 +13,7 @@
13
13
  <param pos="0" name="service.product" value="CCProxy"/>
14
14
  </fingerprint>
15
15
 
16
- <fingerprint pattern="^(\S+) Lyris ListManager NNTP Service ready">
16
+ <fingerprint pattern="^(\S{1,512}) Lyris ListManager NNTP Service ready">
17
17
  <description>Lyris Listmanager</description>
18
18
  <example host.name="blah">blah Lyris ListManager NNTP Service ready (posting ok).</example>
19
19
  <param pos="0" name="service.vendor" value="Lyris"/>
data/xml/ntp_banners.xml CHANGED
@@ -341,7 +341,7 @@
341
341
  <param pos="0" name="os.cpe23" value="cpe:/o:apple:mac_os_x:10.10"/>
342
342
  </fingerprint>
343
343
 
344
- <fingerprint pattern="^.*version=&quot;ntpd ([^ p]+)(:?p[^ &quot;]+)?[^&quot;]+&quot;,.*processor=&quot;([^ ]+)&quot;,.*system=&quot;FreeBSD/?(?:[^ ]+-NETSCALER-([^ ]+))&quot;" flags="REG_DOT_NEWLINE,REG_ICASE">
344
+ <fingerprint pattern="^.*version=&quot;ntpd ([^ p]+)(p[^ &quot;]+)?[^&quot;]+&quot;,.*processor=&quot;([^ ]+)&quot;,.*system=&quot;FreeBSD/?(?:[^ ]+-NETSCALER-([^ ]+))&quot;" flags="REG_DOT_NEWLINE,REG_ICASE">
345
345
  <description>ntpd running on Citrix Netscaler, which is based on FreeBSD</description>
346
346
  <example service.version="4.2.6" service.version.version="p2@1.2194" os.arch="i386" os.version="9.3">
347
347
  version="ntpd 4.2.6p2@1.2194 Wed Nov 24 15:54:11 UTC 2010 (1)",
data/xml/operating_system.xml CHANGED
@@ -397,7 +397,7 @@
397
397
 
398
398
  <!-- Vendor-based distribution catch-call -->
399
399
 
400
- <fingerprint pattern="^(?i:(.*)\sLinux?\s(.*))$">
400
+ <fingerprint pattern="(?i)^(\S{0,256})\s{1,8}Linux\s+([\w.-]*)$">
401
401
  <description>Vendor-based Linux catch-all</description>
402
402
  <example os.vendor="Aurox" os.version="10.2">Aurox Linux 10.2</example>
403
403
  <param pos="0" name="os.family" value="Linux"/>
@@ -409,7 +409,7 @@
409
409
 
410
410
  <!-- Linux catch-all goes at the bottom-->
411
411
 
412
- <fingerprint pattern="^(?i:.*Linux?\s?(\d+?(?:\.\d+?)*?)?)$">
412
+ <fingerprint pattern="(?i)^.{0,1024}Linux?\s?(\d+?(?:\.\d+?)*?)?$">
413
413
  <description>Linux catch-all</description>
414
414
  <example os.version="2.42.6">Linux 2.42.6</example>
415
415
  <param pos="0" name="os.vendor" value="Linux"/>
@@ -588,7 +588,7 @@
588
588
 
589
589
  <!-- BSD begin -->
590
590
 
591
- <fingerprint pattern="^(?i:(.*?BSD)\s?(\d+?(?:\.\d+?)*?(?:[\-\/_ ]?\w+?)?(?:-[a-z]\d+?)?)?)$">
591
+ <fingerprint pattern="(?i)^(.{0,256}?BSD)\s?(\d+?(?:\.\d+?)*?(?:[\-\/_ ]?\w+?)?(?:-[a-z]\d+?)?)?$">
592
592
  <description>Many BSD family OSes</description>
593
593
  <example os.version="10.3-RELEASE" os.product="FreeBSD">FreeBSD 10.3-RELEASE</example>
594
594
  <example os.version="10.3-RELEASE-p4" os.product="FreeBSD">FreeBSD 10.3-RELEASE-p4</example>
@@ -605,7 +605,7 @@
605
605
 
606
606
  <!-- Other Unix-likes begin -->
607
607
 
608
- <fingerprint pattern="^(?i:(?:Oracle|Sun)?\s?OpenSolaris\s?(\d+?(?:\.\d+?)*?)?)$">
608
+ <fingerprint pattern="(?i)^(?:Oracle|Sun)?\s?OpenSolaris\s?(\d+?(?:\.\d+?)*?)?$">
609
609
  <description>OpenSolaris</description>
610
610
  <example os.version="2009.06">OpenSolaris 2009.06</example>
611
611
  <param pos="0" name="os.vendor" value="Sun"/>
data/xml/pop_banners.xml CHANGED
@@ -5,7 +5,7 @@
5
5
  matched against these patterns to fingerprint POP3 servers.
6
6
  -->
7
7
 
8
- <fingerprint pattern="^([^ ]+) +Cyrus POP3 v(\d+\.\d+.*)-OS X(?: Server)? ([\d\.]+).* server ready">
8
+ <fingerprint pattern="^([^ ]{1,512}) +Cyrus POP3 v(\d+\.\d+.*)-OS X(?: Server)? ([\d\.]+).* server ready">
9
9
  <description>OSX Cyrus POP</description>
10
10
  <example host.domain="8.8.8.8" service.version="2.3.8" os.version="10.5">8.8.8.8 Cyrus POP3 v2.3.8-OS X Server 10.5: 9A562 server ready &lt;1999107648.1324502155@8.8.8.8&gt;</example>
11
11
  <param pos="0" name="service.vendor" value="Carnegie Mellon University"/>
@@ -20,7 +20,7 @@
20
20
  <param pos="1" name="host.domain"/>
21
21
  </fingerprint>
22
22
 
23
- <fingerprint pattern="^([^ ]+) +Cyrus POP3 v([\d\.]+)">
23
+ <fingerprint pattern="^([^ ]{1,512}) +Cyrus POP3 v([\d\.]+)">
24
24
  <description>CMU Cyrus POP</description>
25
25
  <example host.domain="foo" service.version="2.3">foo Cyrus POP3 v2.3</example>
26
26
  <example host.domain="foo" service.version="2.3.14">foo Cyrus POP3 v2.3.14 server ready &lt;13087751828270990591.1301068892@foo&gt;</example>
@@ -229,7 +229,7 @@
229
229
  <param pos="0" name="hw.product" value="Raspberry Pi"/>
230
230
  </fingerprint>
231
231
 
232
- <fingerprint pattern="^(\S+) Zimbra POP3 server ready\.?$">
232
+ <fingerprint pattern="^(\S{1,512}) Zimbra POP3 server ready\.?$">
233
233
  <description>VMware Zimbra POP</description>
234
234
  <example host.name="foo.bar">foo.bar Zimbra POP3 server ready</example>
235
235
  <param pos="0" name="service.vendor" value="VMware"/>
@@ -238,7 +238,7 @@
238
238
  <param pos="1" name="host.name"/>
239
239
  </fingerprint>
240
240
 
241
- <fingerprint pattern="^(\S+) Zimbra (\S+) POP3 server ready\.?$">
241
+ <fingerprint pattern="^(\S{1,512}) Zimbra (\S+) POP3 server ready\.?$">
242
242
  <description>VMware Zimbra POP with version</description>
243
243
  <example host.name="foo.bar">foo.bar Zimbra 7.0.0_GA_3079 POP3 server ready</example>
244
244
  <param pos="0" name="service.vendor" value="VMware"/>
data/xml/sip_banners.xml CHANGED
@@ -62,7 +62,7 @@
62
62
 
63
63
  <!-- The next few Linksys fingerprints could be merged but are split to enable CPEs -->
64
64
 
65
- <fingerprint pattern="^(?:[\dA-F]+ )?Linksys/RT31P2-([\d.]+)\(\w+\)$">
65
+ <fingerprint pattern="^(?:[\dA-F]{1,64} )?Linksys/RT31P2-([\d.]+)\(\w+\)$">
66
66
  <description>Linksys RT31P2</description>
67
67
  <example os.version="3.1.9">Linksys/RT31P2-3.1.9(LId)</example>
68
68
  <example os.version="3.1.6">Linksys/RT31P2-3.1.6(LI)</example>
@@ -418,7 +418,7 @@
418
418
  <param pos="1" name="hw.product"/>
419
419
  </fingerprint>
420
420
 
421
- <fingerprint pattern="^(?:Audiocodes-Sip-Gateway-)?(\S+) FX[A-Z_]+/v.(\S+)$">
421
+ <fingerprint pattern="^(?:Audiocodes-Sip-Gateway-)?(\S{1,64}) FX[A-Z_]+/v.(\S+)$">
422
422
  <description>Audiocodes-Sip-Gateway</description>
423
423
  <example hw.product="MP-124" os.version="6.00A.034.003">Audiocodes-Sip-Gateway-MP-124 FXS/v.6.00A.034.003</example>
424
424
  <example hw.product="MP-124" os.version="6.60A.342.003">MP-124 FXS/v.6.60A.342.003</example>
@@ -575,7 +575,7 @@
575
575
  <param pos="0" name="os.arch" value="ARM"/>
576
576
  </fingerprint>
577
577
 
578
- <fingerprint pattern="^(?i)OpenSER \(([\d.]+)(?:-tls|-notls)? \(sh4/linux\)\)$">
578
+ <fingerprint pattern="(?i)^OpenSER \(([\d.]+)(?:-tls|-notls)? \(sh4/linux\)\)$">
579
579
  <description>OpenSER OpenSER - Linux on Renesas SH4</description>
580
580
  <example service.version="1.3.2">OpenSER (1.3.2-notls (sh4/linux))</example>
581
581
  <param pos="0" name="service.vendor" value="OpenSER"/>
data/xml/sip_user_agents.xml CHANGED
@@ -9,6 +9,9 @@
9
9
  <fingerprint pattern="^SIP/2.0$">
10
10
  <description>Generic SIP/2.0 response -- assert nothing.</description>
11
11
  <example>SIP/2.0</example>
12
+ <param pos="0" name="hw.certainty" value="0.0"/>
13
+ <param pos="0" name="os.certainty" value="0.0"/>
14
+ <param pos="0" name="service.certainty" value="0.0"/>
12
15
  </fingerprint>
13
16
 
14
17
  <fingerprint pattern="^TP-Link SIP Stack V1.0.0$">
@@ -44,6 +47,7 @@
44
47
  <param pos="0" name="hw.vendor" value="Technicolor"/>
45
48
  <param pos="0" name="hw.product" value="TG789vac"/>
46
49
  <param pos="0" name="hw.device" value="Router"/>
50
+ <param pos="0" name="hw.cpe23" value="cpe:/h:technicolor:tg789vac:-"/>
47
51
  </fingerprint>
48
52
 
49
53
  <fingerprint pattern="^Technicolor / VANT-6$">
@@ -54,6 +58,7 @@
54
58
  <param pos="0" name="hw.vendor" value="Technicolor"/>
55
59
  <param pos="0" name="hw.product" value="TG789vac"/>
56
60
  <param pos="0" name="hw.device" value="Router"/>
61
+ <param pos="0" name="hw.cpe23" value="cpe:/h:technicolor:tg789vac:-"/>
57
62
  </fingerprint>
58
63
 
59
64
  <fingerprint pattern="^(?:Technicolor|MediaAccess) (TG[\w]+) (?:v\d )?Build (\d+\.[\w.-]+)(?: CP\w+)?$">
data/xml/smb_native_os.xml CHANGED
@@ -45,6 +45,9 @@
45
45
  <fingerprint pattern="^Windows 6.1$">
46
46
  <description>Spoofed value often used by Samba -- assert nothing.</description>
47
47
  <example>Windows 6.1</example>
48
+ <param pos="0" name="hw.certainty" value="0.0"/>
49
+ <param pos="0" name="os.certainty" value="0.0"/>
50
+ <param pos="0" name="service.certainty" value="0.0"/>
48
51
  </fingerprint>
49
52
 
50
53
  <fingerprint pattern="^Windows XP (\d+) (Service Pack \d+)$">
data/xml/smtp_banners.xml CHANGED
@@ -44,9 +44,9 @@
44
44
  <param pos="1" name="host.name"/>
45
45
  </fingerprint>
46
46
 
47
- <fingerprint pattern="^([^ ]+) \(IMail (\d+\.[^ ]+) \d+-\d+\) NT-ESMTP Server X1$">
47
+ <fingerprint pattern="^([^ ]{1,512}) \(IMail (\d+\.[^ ]+) \d+-\d+\) NT-ESMTP Server X1$">
48
48
  <description>IMail - non-EVAL version, NT-ESMTP at end</description>
49
- <example service.version="12.4.2.27">foo.bar (IMail 12.4.2.27 21349-1) NT-ESMTP Server X1</example>
49
+ <example host.name="foo.bar" service.version="12.4.2.27">foo.bar (IMail 12.4.2.27 21349-1) NT-ESMTP Server X1</example>
50
50
  <param pos="0" name="service.vendor" value="Ipswitch"/>
51
51
  <param pos="0" name="service.family" value="IMail Server"/>
52
52
  <param pos="0" name="service.product" value="IMail Server"/>
@@ -55,7 +55,7 @@
55
55
  <param pos="1" name="host.name"/>
56
56
  </fingerprint>
57
57
 
58
- <fingerprint pattern="^([^ ]+) SMTP AnalogX Proxy ([^ ]+\.[^ ]+) \(Release\) ready *$">
58
+ <fingerprint pattern="^([^ ]{1,512}) SMTP AnalogX Proxy ([^ ]+\.[^ ]+) \(Release\) ready *$">
59
59
  <description>AnalogX proxy (http://www.analogx.com/contents/download/network/proxy.htm)</description>
60
60
  <example host.name="192.168.1.1" service.version="4.15">192.168.1.1 SMTP AnalogX Proxy 4.15 (Release) ready</example>
61
61
  <param pos="0" name="service.vendor" value="AnalogX"/>
@@ -80,7 +80,7 @@
80
80
  <param pos="0" name="service.cpe23" value="cpe:/a:argosoft:mail_server:{service.version}"/>
81
81
  </fingerprint>
82
82
 
83
- <fingerprint pattern="^^(?:(\S+) +)?ArGoSoft Mail Server Freeware, Version [^ ]+ \(([^ ]+\.[^ ]+\.[^ ]+\.[^ ]+)\) *$">
83
+ <fingerprint pattern="^(?:(\S{1,512}) {1,8})?ArGoSoft Mail Server Freeware, Version [^ ]+ \(([^ ]+\.[^ ]+\.[^ ]+\.[^ ]+)\) *$">
84
84
  <description>ArGoSoft Mail Server - freeware version</description>
85
85
  <example host.name="foo.bar" service.version="1.8.8.8">foo.bar ArGoSoft Mail Server Freeware, Version 1.8 (1.8.8.8)</example>
86
86
  <example service.version="1.8.8.8">ArGoSoft Mail Server Freeware, Version 1.8 (1.8.8.8)</example>
@@ -96,7 +96,7 @@
96
96
  <param pos="1" name="host.name"/>
97
97
  </fingerprint>
98
98
 
99
- <fingerprint pattern="^(?:(\S+) +)?ArGoSoft Mail Server Pro for WinNT\/2000(?:\/XP)?, Version [^ ]+ \(([^ ]+\.[^ ]+\.[^ ]+\.[^ ]+)\) *$">
99
+ <fingerprint pattern="^(?:(\S{1,512}) {1,8})?ArGoSoft Mail Server Pro for WinNT\/2000(?:\/XP)?, Version [^ ]+ \(([^ ]+\.[^ ]+\.[^ ]+\.[^ ]+)\) *$">
100
100
  <description>ArGoSoft Mail Server - Pro version</description>
101
101
  <example service.version="1.6.1.8">ArGoSoft Mail Server Pro for WinNT/2000, Version 1.61 (1.6.1.8)</example>
102
102
  <example service.version="1.8.9.5">ArGoSoft Mail Server Pro for WinNT/2000/XP, Version 1.8 (1.8.9.5)</example>
@@ -113,7 +113,7 @@
113
113
  <param pos="0" name="service.cpe23" value="cpe:/a:argosoft:mail_server:{service.version}"/>
114
114
  </fingerprint>
115
115
 
116
- <fingerprint pattern="^([^ ]+) +AppleShare IP Mail Server ([^ ]+\.[\d.]+) SMTP Server Ready *$">
116
+ <fingerprint pattern="^([^ ]{1,512}) +AppleShare IP Mail Server ([^ ]+\.[\d.]+) SMTP Server Ready *$">
117
117
  <description>AppleShare IP Mail Server</description>
118
118
  <example service.version="6.2.1">foo.bar AppleShare IP Mail Server 6.2.1 SMTP Server Ready</example>
119
119
  <example service.version="6.2">foo.bar AppleShare IP Mail Server 6.2 SMTP Server Ready</example>
@@ -162,7 +162,7 @@
162
162
  Search Cisco's documentation for "fixup protocol SMTP" for more information.
163
163
  -->
164
164
 
165
- <fingerprint pattern="^[\*20 ]+$">
165
+ <fingerprint pattern="^[\*20 ]{1,1024}$">
166
166
  <description>Cisco PIX firewall MailGuard banner stripping</description>
167
167
  <example os.product="PIX">***************************</example>
168
168
  <param pos="0" name="os.vendor" value="Cisco"/>
@@ -171,7 +171,7 @@
171
171
  <param pos="0" name="os.cpe23" value="cpe:/o:cisco:pix_firewall_software:-"/>
172
172
  </fingerprint>
173
173
 
174
- <fingerprint pattern="^([^ ]+) +ESMTP CPMTA-([^ ]+)_([^ ]+)_([^ ]+)_([^ ]+) - NO UCE *$">
174
+ <fingerprint pattern="^([^ ]{1,512}) +ESMTP CPMTA-([^ ]+)_([^ ]+)_([^ ]+)_([^ ]+) - NO UCE *$">
175
175
  <description>Critical Path (aka InScribe) Messaging Server on Windows NT4/2k, Solaris 2.6/2.7/2.8 Sparc/Intel, SGI IRIX 6.5.3 or later, or AIX </description>
176
176
  <param pos="0" name="service.vendor" value="Critical Path"/>
177
177
  <param pos="0" name="service.family" value="Messaging Server"/>
@@ -192,7 +192,7 @@
192
192
  <param pos="0" name="service.product" value="Internet Mail Scanner"/>
193
193
  </fingerprint>
194
194
 
195
- <fingerprint pattern="^([^ ]+) +IMS SMTP Receiver Version ([^ ]+\.[^ ]+) Ready *$">
195
+ <fingerprint pattern="^([^ ]{1,512}) +IMS SMTP Receiver Version ([^ ]+\.[^ ]+) Ready *$">
196
196
  <description>EMWAC Internet Mail Services (http://emwac.ed.ac.uk/html/internet_toolchest/ims/ims.htm)</description>
197
197
  <example service.version="0.83" host.name="foo.bar">foo.bar IMS SMTP Receiver Version 0.83 Ready</example>
198
198
  <param pos="0" name="service.vendor" value="EMWAC"/>
@@ -202,7 +202,7 @@
202
202
  <param pos="2" name="service.version"/>
203
203
  </fingerprint>
204
204
 
205
- <fingerprint pattern="^([^ ]+) running Eudora Internet Mail Server (\d\.[\d.]+) *$">
205
+ <fingerprint pattern="^([^ ]{1,512}) running Eudora Internet Mail Server (\d\.[\d.]+) *$">
206
206
  <description>Eudora Internet Mail Server</description>
207
207
  <example service.version="3.0.2" host.name="foo.bar">foo.bar running Eudora Internet Mail Server 3.0.2</example>
208
208
  <example service.version="2.2" host.name="foo.bar">foo.bar running Eudora Internet Mail Server 2.2</example>
@@ -217,7 +217,7 @@
217
217
  <param pos="2" name="service.version"/>
218
218
  </fingerprint>
219
219
 
220
- <fingerprint pattern="^([^ ]+) +ESMTP Server \(Microsoft Exchange Internet Mail Service (\d+\.\d+\.\d+\.\d+)\) ready *$">
220
+ <fingerprint pattern="^([^ ]{1,512}) +ESMTP Server \(Microsoft Exchange Internet Mail Service (\d+\.\d+\.\d+\.\d+)\) ready *$">
221
221
  <description>Microsoft Exchange Server 5.5 and above (for sure, can't be confused with the IIS builtin SMTP service)</description>
222
222
  <example host.name="foo.bar" service.version="5.5.2653.13">foo.bar ESMTP Server (Microsoft Exchange Internet Mail Service 5.5.2653.13) ready</example>
223
223
  <param pos="0" name="service.vendor" value="Microsoft"/>
@@ -232,7 +232,7 @@
232
232
  <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows:-"/>
233
233
  </fingerprint>
234
234
 
235
- <fingerprint pattern="^([^ ]+) Microsoft Exchange Internet Mail Service (\d+\.\d+\.\d+\.\d+) ready *$">
235
+ <fingerprint pattern="^([^ ]{1,512}) Microsoft Exchange Internet Mail Service (\d+\.\d+\.\d+\.\d+) ready *$">
236
236
  <description>Microsoft Exchange Server 5.0 (for sure, can't be confused with the IIS builtin SMTP service)</description>
237
237
  <example host.name="foo.bar" service.version="5.0.1460.8">foo.bar Microsoft Exchange Internet Mail Service 5.0.1460.8 ready</example>
238
238
  <param pos="0" name="service.vendor" value="Microsoft"/>
@@ -247,7 +247,7 @@
247
247
  <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows:-"/>
248
248
  </fingerprint>
249
249
 
250
- <fingerprint pattern="^([^ ]+) Microsoft ESMTP MAIL Service ready at .*$">
250
+ <fingerprint pattern="^([^ ]{1,512}) Microsoft ESMTP MAIL Service ready at .*$">
251
251
  <description>Microsoft Exchange 2007/2010 (for sure, can't be confused with the IIS builtin SMTP service)</description>
252
252
  <example>foo.bar Microsoft ESMTP MAIL Service ready at Wed, 21 Jul 2010 19:04:24 -0700</example>
253
253
  <param pos="0" name="service.vendor" value="Microsoft"/>
@@ -261,9 +261,10 @@
261
261
  <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows:-"/>
262
262
  </fingerprint>
263
263
 
264
- <fingerprint pattern="^(:?[^ ]+)? ?Microsoft ESMTP MAIL Service, Version: +(10\.0\.14393\.[\d.]+) +ready +(?:at +)?(.+)$">
264
+ <fingerprint pattern="^([^ ]{1,512})? ?Microsoft ESMTP MAIL Service, Version: +(10\.0\.14393\.[\d.]+) +ready +(?:at +)?(.+)$">
265
265
  <description>Microsoft IIS builtin SMTP service - Windows Server 2016</description>
266
266
  <example host.name="foo.bar" service.version="10.0.14393.2608">foo.bar Microsoft ESMTP MAIL Service, Version: 10.0.14393.2608 ready at Sun, 19 May 2019 09:04:29 -0500</example>
267
+ <example service.version="10.0.14393.2608"> Microsoft ESMTP MAIL Service, Version: 10.0.14393.2608 ready at Sun, 19 May 2019 09:04:29 -0500</example>
267
268
  <param pos="0" name="service.vendor" value="Microsoft"/>
268
269
  <param pos="0" name="service.family" value="IIS"/>
269
270
  <param pos="0" name="service.product" value="IIS"/>
@@ -278,7 +279,7 @@
278
279
  <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows_server_2016:-"/>
279
280
  </fingerprint>
280
281
 
281
- <fingerprint pattern="^(:?[^ ]+)? ?Microsoft ESMTP MAIL Service, Version: +(10\.0\.17763\.[\d.]+) +ready +(?:at +)?(.+)$">
282
+ <fingerprint pattern="^([^ ]{1,512})? ?Microsoft ESMTP MAIL Service, Version: +(10\.0\.17763\.[\d.]+) +ready +(?:at +)?(.+)$">
282
283
  <description>Microsoft IIS builtin SMTP service - Windows Server 2019</description>
283
284
  <example host.name="foo.bar" service.version="10.0.17763.1">foo.bar Microsoft ESMTP MAIL Service, Version: 10.0.17763.1 ready at Sun, 19 May 2019 09:04:29 -0500</example>
284
285
  <param pos="0" name="service.vendor" value="Microsoft"/>
@@ -295,7 +296,7 @@
295
296
  <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows_server_2019:-"/>
296
297
  </fingerprint>
297
298
 
298
- <fingerprint pattern="^([^ ]+) Microsoft SMTP MAIL ready at (.+) Version: +(\d+\.\d+\.\d+\.\d+\.\d+) *$">
299
+ <fingerprint pattern="^([^ ]{1,512}) Microsoft SMTP MAIL ready at (.+) Version: +(\d+\.\d+\.\d+\.\d+\.\d+) *$">
299
300
  <description>Microsoft IIS builtin SMTP service, or Microsoft Exchange Server (they are differentiated from each other in smtp-iis.clp) - variant 1</description>
300
301
  <example host.name="foo.bar" service.version="5.5.1877.197.19">foo.bar Microsoft SMTP MAIL ready at Wed, 29 Nov 2017 23:48:59 +0000 Version: 5.5.1877.197.19</example>
301
302
  <param pos="0" name="service.vendor" value="Microsoft"/>
@@ -312,7 +313,7 @@
312
313
  <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows:-"/>
313
314
  </fingerprint>
314
315
 
315
- <fingerprint pattern="^(:?[^ ]+)? ?Microsoft ESMTP MAIL Service, Version: +(\d+\.\d+\.\d+\.\d+)(?: +ready)?(?: +(?:at +)?(\w\w\w, \d.+))?$">
316
+ <fingerprint pattern="^([^ ]{1,512})? ?Microsoft ESMTP MAIL Service, Version: +(\d+\.\d+\.\d+\.\d+)(?: +ready)?(?: +(?:at +)?(\w\w\w, \d.+))?$">
316
317
  <description>Microsoft IIS builtin SMTP service, or Microsoft Exchange Server (they are differentiated from each other in smtp-iis.clp) - variant 2 </description>
317
318
  <example service.version="5.0.2195.5329"> Microsoft ESMTP MAIL Service, Version: 5.0.2195.5329 ready Thu, 30 Nov 2017 11:40:25 +0200</example>
318
319
  <example service.version="6.0.3790.4675" host.name="foo.bar">foo.bar Microsoft ESMTP MAIL Service, Version: 6.0.3790.4675 ready at Wed, 21 Jul 2010 19:04:24 -0700</example>
@@ -344,7 +345,7 @@
344
345
  <param pos="1" name="system.time"/>
345
346
  </fingerprint>
346
347
 
347
- <fingerprint pattern="^ ?([^, ]+)(?:,)? +ESMTP \(?(?i:Exim) +(\d+\.[\d_.bdRC-]+)\)?(?: +#\d+)? ?.?((?:\w\w\w, \d+ \w\w\w \d\d\d\d [\d:]+ [-+]\d{3,4})?) *(?:We do not authorize the use of this system to transport unsolicited, and\/or bulk e-mail.)?$">
348
+ <fingerprint pattern="^ ?([^, ]{1,512}),? +ESMTP \(?(?i:Exim) +(\d+\.[\d_.bdRC-]+)\)?(?: +#\d+)? ?.?((?:\w\w\w, \d+ \w\w\w \d\d\d\d [\d:]+ [-+]\d{3,4})?) *(?:We do not authorize the use of this system to transport unsolicited, and\/or bulk e-mail.)?$">
348
349
  <description>Exim - with version string and optional timestamp</description>
349
350
  <example service.version="4.91" host.name="foo.bar">foo.bar ESMTP Exim 4.91 Thu, 29 Apr 2021 05:41:36 +400</example>
350
351
  <example service.version="4.89" host.name="foo.bar">foo.bar ESMTP Exim 4.89 "</example>
@@ -367,7 +368,7 @@
367
368
  <param pos="3" name="system.time"/>
368
369
  </fingerprint>
369
370
 
370
- <fingerprint pattern="^([^, ]+)(?:,)? ESMTP (?i:Exim) +(\d+) ((?:\w\w\w, \d+ \w\w\w \d\d\d\d [\d:]+ [-+]\d\d\d\d)?) *$">
371
+ <fingerprint pattern="^([^, ]{1,512}),? ESMTP (?i:Exim) +(\d+) ((?:\w\w\w, \d+ \w\w\w \d\d\d\d [\d:]+ [-+]\d\d\d\d)?) *$">
371
372
  <description>Exim - with digit only version string and optional timestamp</description>
372
373
  <example service.version="125302" host.name="foo.bar">foo.bar ESMTP Exim 125302 Thu, 16 Nov 2017 04:55:11 -0500 </example>
373
374
  <param pos="0" name="service.vendor" value="exim"/>
@@ -380,7 +381,7 @@
380
381
  <param pos="3" name="system.time"/>
381
382
  </fingerprint>
382
383
 
383
- <fingerprint pattern="^([^, ]+)(?:,)? ESMTP (?i:Exim) +(\d+\.[\d_.]+)(?: +#\d)? Ubuntu ((?:\w\w\w, \d+ \w\w\w \d\d\d\d [\d:]+ [-+]\d\d\d\d)?) *$">
384
+ <fingerprint pattern="^([^, ]{1,512}),? ESMTP (?i:Exim) +(\d+\.[\d_.]+)(?: +#\d)? Ubuntu ((?:\w\w\w, \d+ \w\w\w \d\d\d\d [\d:]+ [-+]\d\d\d\d)?) *$">
384
385
  <description>Exim - with version string and optional timestamp (Ubuntu)</description>
385
386
  <example service.version="4.82" system.time="Thu, 16 Nov 2017 11:30:44 +0300">foo.bar ESMTP Exim 4.82 Ubuntu Thu, 16 Nov 2017 11:30:44 +0300 </example>
386
387
  <param pos="0" name="os.vendor" value="Ubuntu"/>
@@ -397,7 +398,7 @@
397
398
  <param pos="3" name="system.time"/>
398
399
  </fingerprint>
399
400
 
400
- <fingerprint pattern="^([^, ]+)(?:,)? ESMTP (?i:Exim)(?: +#\d)? *((?:\w\w\w, \d+ \w\w\w \d\d\d\d [\d:]+ [-+]\d\d\d\d)?) *$">
401
+ <fingerprint pattern="^([^, ]{1,512}),? ESMTP (?i:Exim)(?: +#\d)? *((?:\w\w\w, \d+ \w\w\w \d\d\d\d [\d:]+ [-+]\d\d\d\d)?) *$">
401
402
  <description>Exim - without version string and with optional timestamp</description>
402
403
  <example host.name="foo.bar">foo.bar ESMTP Exim</example>
403
404
  <example host.name="foo.bar" system.time="Thu, 16 Nov 2017 01:11:30 -0800">foo.bar ESMTP Exim Thu, 16 Nov 2017 01:11:30 -0800 </example>
@@ -425,7 +426,7 @@
425
426
  <param pos="2" name="system.time"/>
426
427
  </fingerprint>
427
428
 
428
- <fingerprint pattern="^ ?([^, ]+) Exim ESMTP Service ready$">
429
+ <fingerprint pattern="^ ?([^, ]{1,512}) Exim ESMTP Service ready$">
429
430
  <description>Exim - with hostname </description>
430
431
  <example host.name="foo.bar">foo.bar Exim ESMTP Service ready</example>
431
432
  <param pos="0" name="service.vendor" value="exim"/>
@@ -435,7 +436,7 @@
435
436
  <param pos="1" name="host.name"/>
436
437
  </fingerprint>
437
438
 
438
- <fingerprint pattern="^([\w.-]+) ESMTP \([a-z0-9]{32}\)$">
439
+ <fingerprint pattern="^([\w.-]{1,512}) ESMTP \([a-z0-9]{32}\)$">
439
440
  <description>Barracuda Email Security Gateway - physical or virtual appliance</description>
440
441
  <example host.name="barracuda.foo.bar">barracuda.foo.bar ESMTP (0a8d40ef45300cc1bd0f16ced5c9e6f1)</example>
441
442
  <param pos="0" name="service.vendor" value="Barracuda"/>
@@ -445,7 +446,7 @@
445
446
  <param pos="1" name="host.name"/>
446
447
  </fingerprint>
447
448
 
448
- <fingerprint pattern="^([^ ]+) FTGate server ready .*$">
449
+ <fingerprint pattern="^([^ ]{1,512}) FTGate server ready .*$">
449
450
  <description>FTGate mail server, runs on Windows 9x/NT/2k (http://www.ftgate.com)</description>
450
451
  <example host.name="foo.bar">foo.bar FTGate server ready -attitude [C.o.r.E]</example>
451
452
  <param pos="0" name="service.vendor" value="Floosietek"/>
@@ -454,7 +455,7 @@
454
455
  <param pos="1" name="host.name"/>
455
456
  </fingerprint>
456
457
 
457
- <fingerprint pattern="^([^ ]+) +SMTP/smap Ready\.$">
458
+ <fingerprint pattern="^([^ ]{1,512}) +SMTP/smap Ready\.$">
458
459
  <description>TIS FWTK and derivatives (other firewalls, like Gauntlet, are derived from TIS)</description>
459
460
  <example host.name="foo.bar">foo.bar SMTP/smap Ready.</example>
460
461
  <param pos="0" name="service.vendor" value="TIS"/>
@@ -463,7 +464,7 @@
463
464
  <param pos="1" name="host.name"/>
464
465
  </fingerprint>
465
466
 
466
- <fingerprint pattern="^([^ ]+) GroupWise Internet Agent ([^ ]+\.[^ ]+\.[^ ]+) Ready \(C\).* Novell, Inc\. *$">
467
+ <fingerprint pattern="^([^ ]{1,512}) GroupWise Internet Agent ([^ ]+\.[^ ]+\.[^ ]+) Ready \(C\).* Novell, Inc\. *$">
467
468
  <description>Novell GroupWise Internet Agent - versions 5 and higher</description>
468
469
  <example service.version="5.5.1">foo.bar GroupWise Internet Agent 5.5.1 Ready (C)1993, 1998 Novell, Inc.</example>
469
470
  <param pos="0" name="service.vendor" value="Novell"/>
@@ -474,7 +475,7 @@
474
475
  <param pos="0" name="service.cpe23" value="cpe:/a:novell:groupwise:{service.version}"/>
475
476
  </fingerprint>
476
477
 
477
- <fingerprint pattern="^([^ ]+) GroupWise Internet Agent (\d+\.[\d.]+) Copyright .*\d{4}-\d{4} Novell, Inc..* All rights reserved. Ready *$">
478
+ <fingerprint pattern="^([^ ]{1,512}) GroupWise Internet Agent (\d+\.[\d.]+) Copyright .*\d{4}-\d{4} Novell, Inc..* All rights reserved. Ready *$">
478
479
  <description>Novell GroupWise Internet Agent - versions 5 and higher, second variant</description>
479
480
  <example service.version="8.0.3">foo.bar GroupWise Internet Agent 8.0.3 Copyright (c) 1993-2012 Novell, Inc. All rights reserved. Ready</example>
480
481
  <example service.version="14.2.1">foo.bar GroupWise Internet Agent 14.2.1 Copyright 1993-2016 Novell, Inc., a Micro Focus Company. All rights reserved. Ready</example>
@@ -486,7 +487,7 @@
486
487
  <param pos="0" name="service.cpe23" value="cpe:/a:novell:groupwise:{service.version}"/>
487
488
  </fingerprint>
488
489
 
489
- <fingerprint pattern="^([^ ]+) GroupWise SMTP/MIME Daemon ([^ ]+\.[^ ]+) v([^ ]+) Ready \(C\).* Novell, Inc\. *$">
490
+ <fingerprint pattern="^([^ ]{1,512}) GroupWise SMTP/MIME Daemon ([^ ]+\.[^ ]+) v([^ ]+) Ready \(C\).* Novell, Inc\. *$">
490
491
  <description>Novell GroupWise - versions below 5</description>
491
492
  <example host.name="foo.bar" service.version="4.1" service.version.version="3">foo.bar GroupWise SMTP/MIME Daemon 4.1 v3 Ready (C)1993, 1996 Novell, Inc.</example>
492
493
  <param pos="0" name="service.vendor" value="Novell"/>
@@ -498,7 +499,7 @@
498
499
  <param pos="0" name="service.cpe23" value="cpe:/a:novell:groupwise:{service.version}"/>
499
500
  </fingerprint>
500
501
 
501
- <fingerprint pattern="^([^ ]+) (?:ESMTP )?running IBM VM SMTP (.+)(?:; | on )(.+) *$">
502
+ <fingerprint pattern="^([^ ]{1,512}) (?:ESMTP )?running IBM VM SMTP (.+)(?:; | on )(.+) *$">
502
503
  <description>IBM SMTP server for VM/ESA on IBM S/390 and IBM eserver z/Series 900.</description>
503
504
  <example service.version="Level 640" system.time="Thu, 30 Nov 2017 01:08:59 PDT">foo.bar running IBM VM SMTP Level 640 on Thu, 30 Nov 2017 01:08:59 PDT</example>
504
505
  <example service.version="Level 3A0">foo.bar running IBM VM SMTP Level 3A0 on Mon, 10 Sep 2001 07:21:54 EDT</example>
@@ -512,7 +513,7 @@
512
513
  <param pos="3" name="system.time"/>
513
514
  </fingerprint>
514
515
 
515
- <fingerprint pattern="^([^ ]+) \(IntraStore TurboSendmail\) ESMTP Service ready *$">
516
+ <fingerprint pattern="^([^ ]{1,512}) \(IntraStore TurboSendmail\) ESMTP Service ready *$">
516
517
  <description>
517
518
  Syntegra/CDC IntraStore TurboSendmail, part of the IntraStore server which runs on
518
519
  the following platforms ONLY: Linux, HP-UX, Solaris, AIX, and Windows NT/2000
@@ -525,7 +526,7 @@
525
526
  <param pos="1" name="host.name"/>
526
527
  </fingerprint>
527
528
 
528
- <fingerprint pattern="^(\S+) E?SMTP Server \(JAMES E?SMTP Server ([\d\.]+)\) ready (\w\w\w, \d+ \w\w\w \d\d\d\d [\d:]+ [-+]\d\d\d\d) \(.+\)$">
529
+ <fingerprint pattern="^(\S{1,512}) E?SMTP Server \(JAMES E?SMTP Server ([\d\.]+)\) ready (\w\w\w, \d+ \w\w\w \d\d\d\d [\d:]+ [-+]\d\d\d\d) \(.+\)$">
529
530
  <description>JAMES SMTP Server</description>
530
531
  <example host.name="foo.bar" service.version="2.3.2">foo.bar SMTP Server (JAMES SMTP Server 2.3.2) ready Tue, 19 May 2015 00:36:13 +0200 (CEST)</example>
531
532
  <param pos="0" name="service.vendor" value="Apache"/>
@@ -537,7 +538,7 @@
537
538
  <param pos="0" name="system.time.format" value="EEE, d MMM yyyy HH:mm:ss Z"/>
538
539
  </fingerprint>
539
540
 
540
- <fingerprint pattern="^(?:(\S+) +)?ESMTP MailEnable Service, Version: ([\d.]+)$">
541
+ <fingerprint pattern="^(?:(\S{1,512}) {1,8})?ESMTP MailEnable Service, Version: ([\d.]+)$">
541
542
  <description>MailEnable - Simple</description>
542
543
  <example service.version="9.53">ESMTP MailEnable Service, Version: 9.53</example>
543
544
  <param pos="0" name="os.vendor" value="Microsoft"/>
@@ -554,10 +555,11 @@
554
555
 
555
556
  <!-- MailEnable has an odd, three version string. Not sure about the meaning the second and third version #s. -->
556
557
 
557
- <fingerprint pattern="^(?:(\S+) +)?ESMTP MailEnable Service, Version: (?:([\d.]+))?-[\d.]*-[\d.]* (?:ready|denied access) at (\d{2}/\d{2}/\d{2} \d{2}:\d{2}:\d{2})$">
558
+ <fingerprint pattern="^(?:(\S{1,512}) {1,8})?ESMTP MailEnable Service, Version: (?:([\d.]+))?-[\d.]*-[\d.]* (?:ready|denied access) at (\d{2}/\d{2}/\d{2} \d{2}:\d{2}:\d{2})$">
558
559
  <description>MailEnable - Complex</description>
559
560
  <example host.name="foo.bar" service.version="1.8">foo.bar ESMTP MailEnable Service, Version: 1.8-- ready at 05/20/15 08:50:22</example>
560
- <example host.name="foo.bar" service.version="9.53">foo.bar ESMTP MailEnable Service, Version: 9.53-9.53- ready at 11/30/17 00:57:37</example>
561
+ <example host.name="*.foo.bar" service.version="9.53">*.foo.bar ESMTP MailEnable Service, Version: 9.53-9.53- ready at 11/30/17 00:57:37</example>
562
+ <example host.name="%WPI_HOSTNAME%" service.version="10.27">%WPI_HOSTNAME% ESMTP MailEnable Service, Version: 10.27-- ready at 07/07/21 18:24:47</example>
561
563
  <example host.name="foo.bar" service.version="9.00" system.time="11/30/17 09:30:34">foo.bar ESMTP MailEnable Service, Version: 9.00--9.00 ready at 11/30/17 09:30:34</example>
562
564
  <example host.name="foo.bar" service.version="1.986" system.time="04/05/18 16:15:25">foo.bar ESMTP MailEnable Service, Version: 1.986-- denied access at 04/05/18 16:15:25</example>
563
565
  <param pos="0" name="os.vendor" value="Microsoft"/>
@@ -574,7 +576,7 @@
574
576
  <param pos="3" name="system.time"/>
575
577
  </fingerprint>
576
578
 
577
- <fingerprint pattern="^([^ ]+) \(Mail-Max Version (\d+\.[\d\.]+), (.+, .+)\) ESMTP Mail Server Ready. *$">
579
+ <fingerprint pattern="^([^ ]{1,512}) \(Mail-Max Version (\d+\.[\d\.]+), (.+, .+)\) ESMTP Mail Server Ready. *$">
578
580
  <description>Mail Max</description>
579
581
  <example host.name="foo.bar" service.version="4.2.4.7">foo.bar (Mail-Max Version 4.2.4.7, Wed, 31 Jan 2001 03:44:35 +0100 WST) ESMTP Mail Server Ready.</example>
580
582
  <example host.name="foo.bar" service.version="3.073">foo.bar (Mail-Max Version 3.073, Thu, 30 Nov 2017 17:24:59 +0800 ) ESMTP Mail Server Ready.</example>
@@ -587,7 +589,7 @@
587
589
  <param pos="3" name="system.time"/>
588
590
  </fingerprint>
589
591
 
590
- <fingerprint pattern="^([^ ]+) +MailSite E?SMTP Receiver Version (\d+\.[\d.]+) Ready *$">
592
+ <fingerprint pattern="^([^ ]{1,512}) {1,8}MailSite E?SMTP Receiver Version (\d+\.[\d.]+) Ready *$">
591
593
  <description>Rockliffe MailSite - with version (http://www.rockliffe.com)</description>
592
594
  <example host.name="foo.bar" service.version="3.4.6.0">foo.bar MailSite ESMTP Receiver Version 3.4.6.0 Ready</example>
593
595
  <example host.name="foo.bar" service.version="2.1.7">foo.bar MailSite SMTP Receiver Version 2.1.7 Ready</example>
@@ -598,7 +600,7 @@
598
600
  <param pos="2" name="service.version"/>
599
601
  </fingerprint>
600
602
 
601
- <fingerprint pattern="^([^ ]+) +MailSite E?SMTP Receiver Ready *$">
603
+ <fingerprint pattern="^([^ ]{1,512}) {1,8}MailSite E?SMTP Receiver Ready *$">
602
604
  <description>Rockliffe MailSite - without version (http://www.rockliffe.com)</description>
603
605
  <example host.name="foo.bar">foo.bar MailSite SMTP Receiver Ready</example>
604
606
  <param pos="0" name="service.vendor" value="Rockliffe"/>
@@ -616,7 +618,7 @@
616
618
  <param pos="1" name="service.version"/>
617
619
  </fingerprint>
618
620
 
619
- <fingerprint pattern="^([^ ]+) +MAILsweeper ESMTP Receiver Version (\d\.[\d.]+) Ready *$">
621
+ <fingerprint pattern="^([^ ]{1,512}) {1,8}MAILsweeper ESMTP Receiver Version (\d\.[\d.]+) Ready *$">
620
622
  <description>Content Security MAILsweeper for SMTP (http://www.contenttechnologies.com/products/msw4smtp/default.asp)</description>
621
623
  <example service.version="4.2.1.0">foo.bar MAILsweeper ESMTP Receiver Version 4.2.1.0 Ready</example>
622
624
  <param pos="0" name="service.vendor" value="Clearswift"/>
@@ -626,7 +628,7 @@
626
628
  <param pos="2" name="service.version"/>
627
629
  </fingerprint>
628
630
 
629
- <fingerprint pattern="^([^ ]+) +ESMTP MDaemon ([^ ]+\.[^ ]+\.[^ ]+) UNREGISTERED; *(.+) *$">
631
+ <fingerprint pattern="^([^ ]{1,512}) {1,8}ESMTP MDaemon ([^ ]+\.[^ ]+\.[^ ]+) UNREGISTERED; *(.+) *$">
630
632
  <description>MDaemon mail server - with timestamp, unregistered</description>
631
633
  <example service.version="4.0.5">foo.bar ESMTP MDaemon 4.0.5 UNREGISTERED; Sat, 06 Oct 2001 09:10:56 +0400</example>
632
634
  <param pos="0" name="service.vendor" value="Alt-N"/>
@@ -645,7 +647,7 @@
645
647
  <param pos="3" name="system.time"/>
646
648
  </fingerprint>
647
649
 
648
- <fingerprint pattern="^([^ ]+) +ESMTP MDaemon ([^ ]+\.[^ ]+\.[^ ]+); *(.+) *$">
650
+ <fingerprint pattern="^([^ ]{1,512}) {1,8}ESMTP MDaemon ([^ ]+\.[^ ]+\.[^ ]+); *(.+) *$">
649
651
  <description>MDaemon mail server - with timestamp</description>
650
652
  <example service.version="4.0.2">foo.bar ESMTP MDaemon 4.0.2; Sat, 06 Oct 2001 01:46:44 -0500</example>
651
653
  <param pos="0" name="service.vendor" value="Alt-N"/>
@@ -663,7 +665,7 @@
663
665
  <param pos="3" name="system.time"/>
664
666
  </fingerprint>
665
667
 
666
- <fingerprint pattern="^([^ ]+) +ESMTP MDaemon ([^ ]+\.[^ ]+\.[^ ]+) ready *$">
668
+ <fingerprint pattern="^([^ ]{1,512}) {1,8}ESMTP MDaemon ([^ ]+\.[^ ]+\.[^ ]+) ready *$">
667
669
  <description>MDaemon mail server - without timestamp</description>
668
670
  <example service.version="3.5.7">foo.bar ESMTP MDaemon 3.5.7 ready</example>
669
671
  <param pos="0" name="service.vendor" value="Alt-N"/>
@@ -679,7 +681,7 @@
679
681
  <param pos="0" name="service.cpe23" value="cpe:/a:altn:mdaemon:{service.version}"/>
680
682
  </fingerprint>
681
683
 
682
- <fingerprint pattern="^([^ ]+) +ESMTP service ready \[[0-9]+\] (?:using )?MDaemon v(\d+\.[\d.]+) ([^ ]+) *$">
684
+ <fingerprint pattern="^([^ ]{1,512}) {1,8}ESMTP service ready \[[0-9]+\] (?:using )?MDaemon v(\d+\.[\d.]+) ([^ ]+) *$">
683
685
  <description>MDaemon mail server - with version revision</description>
684
686
  <example service.version="2.84" service.version.version="R">foo.bar ESMTP service ready [1] MDaemon v2.84 R</example>
685
687
  <example service.version="3.0.3" service.version.version="R">foo.bar ESMTP service ready [1] using MDaemon v3.0.3 R</example>
@@ -698,7 +700,7 @@
698
700
  <param pos="0" name="service.cpe23" value="cpe:/a:altn:mdaemon:{service.version}"/>
699
701
  </fingerprint>
700
702
 
701
- <fingerprint pattern="^([^ ]+) +ESMTP service ready \[[0-9]+\] (?:\()?MDaemon v([\d.]+) ([^ ]+) ([^ )]+)(?:\))? *$">
703
+ <fingerprint pattern="^([^ ]{1,512}) {1,8}ESMTP service ready \[[0-9]+\] (?:\()?MDaemon v([\d.]+) ([^ ]+) ([^ )]+)(?:\))? *$">
702
704
  <description>MDaemon mail server - with service pack</description>
703
705
  <example service.version="2.7" service.version.version="SP5" service.version.version.version="R">foo.bar ESMTP service ready [1] MDaemon v2.7 SP5 R</example>
704
706
  <example service.version="2.7" service.version.version="SP4" service.version.version.version="R">foo.bar ESMTP service ready [1] (MDaemon v2.7 SP4 R)</example>
@@ -717,7 +719,7 @@
717
719
  <param pos="0" name="service.cpe23" value="cpe:/a:altn:mdaemon:{service.version}"/>
718
720
  </fingerprint>
719
721
 
720
- <fingerprint pattern="^([^ ]+) +ESMTP service ready \[[0-9]+\] \(MDaemon v([^ ]+\.[^ ]+) ([^ ]+) ([^ ]+) ([^ ]+)\) *$">
722
+ <fingerprint pattern="^([^ ]{1,512}) {1,8}ESMTP service ready \[[0-9]+\] \(MDaemon v([^ ]+\.[^ ]+) ([^ ]+) ([^ ]+) ([^ ]+)\) *$">
721
723
  <description>MDaemon mail server</description>
722
724
  <example service.version="2.5" service.version.version.version="b1">foo.bar ESMTP service ready [1] (MDaemon v2.5 rB b1 32-T)</example>
723
725
  <param pos="0" name="service.vendor" value="Alt-N"/>
@@ -738,7 +740,7 @@
738
740
 
739
741
  <!-- example: 220 mail.db-list.com ESMTP MERAK 3.00.140; Tue, 24 Jul 2001 21:30:47 -0700 -->
740
742
 
741
- <fingerprint pattern="^([^ ]+) +E?SMTP (?i:MERAK) ([^ ]+\.[^ ]+\.[^ ]+); *(.+) *$">
743
+ <fingerprint pattern="^([^ ]{1,512}) +E?SMTP (?i:MERAK) ([^ ]+\.[^ ]+\.[^ ]+); *(.+) *$">
742
744
  <description>Merak mail server - http://www.icewarp.com/merakmail/ (runs on 2000/NT/9x)</description>
743
745
  <example host.name="foo.bar" service.version="8.0.3">foo.bar SMTP Merak 8.0.3; Thu, 30 Nov 2017 20:01:41 +1000</example>
744
746
  <example host.name="foo.bar" service.version="8.0.3">foo.bar ESMTP Merak 8.0.3; Thu, 30 Nov 2017 12:08:09 +0200</example>
@@ -766,9 +768,9 @@
766
768
  <param pos="5" name="system.time"/>
767
769
  </fingerprint>
768
770
 
769
- <fingerprint pattern="^([^ ]+) Mercury ([^ ]+\.[^ ]+) ESMTP server ready.$">
771
+ <fingerprint pattern="^([^ ]{1,512}) Mercury ([^ ]+\.[^ ]+) ESMTP server ready.$">
770
772
  <description>Mercury NLM for Netware ( http://www.pmail.com/index.cfm )</description>
771
- <example service.version="1.43">foo.bar Mercury 1.43 ESMTP server ready.</example>
773
+ <example host.name="foo.bar" service.version="1.43">foo.bar Mercury 1.43 ESMTP server ready.</example>
772
774
  <param pos="0" name="service.family" value="Mercury Mail Transport System"/>
773
775
  <param pos="0" name="service.product" value="Mercury Mail Transport System"/>
774
776
  <param pos="0" name="os.vendor" value="Novell"/>
@@ -779,7 +781,7 @@
779
781
  <param pos="2" name="service.version"/>
780
782
  </fingerprint>
781
783
 
782
- <fingerprint pattern="^^([^ ]+) Mercury\/32 v([^ ]+\.[^ ]+) (?:SMTP\/)?ESMTP server ready.?$">
784
+ <fingerprint pattern="^^([^ ]{1,512}) Mercury\/32 v([^ ]+\.[^ ]+) (?:SMTP\/)?ESMTP server ready.?$">
783
785
  <description>Mercury/32 for Win9x/NT/2000 ( http://www.pmail.com/index.cfm )</description>
784
786
  <example service.version="3.01a">foo.bar Mercury/32 v3.01a SMTP/ESMTP server ready.</example>
785
787
  <example service.version="3.30">foo.bar Mercury/32 v3.30 ESMTP server ready.</example>
@@ -793,7 +795,7 @@
793
795
  <param pos="2" name="service.version"/>
794
796
  </fingerprint>
795
797
 
796
- <fingerprint pattern="^([^ ]+) SMTP NAVIEG ([^ ]+\.[^ ]+\.[^ ]+); (.+)* http.*$">
798
+ <fingerprint pattern="^([^ ]{1,512}) SMTP NAVIEG ([^ ]+\.[^ ]+\.[^ ]+); (.+)* http.*$">
797
799
  <description>Norton Antivirus for Internet Email Gateways (becomes NAVGW in 2.1)</description>
798
800
  <example host.name="foo.bar" service.version="2.0.1">foo.bar SMTP NAVIEG 2.0.1; Sun, 29 Jul 2001 22:02:16 -0500 http://www.symantec.com</example>
799
801
  <param pos="0" name="service.vendor" value="Norton"/>
@@ -805,7 +807,7 @@
805
807
  <param pos="3" name="system.time"/>
806
808
  </fingerprint>
807
809
 
808
- <fingerprint pattern="^([^ ]+) ESMTP service \(Netscape Messaging Server ([^ ]+\.[^ ]+) Patch ([^ ]+).*$">
810
+ <fingerprint pattern="^([^ ]{1,512}) ESMTP service \(Netscape Messaging Server ([^ ]+\.[^ ]+) Patch ([^ ]+).*$">
809
811
  <description>Netscape Messaging Server - with patch number</description>
810
812
  <example host.name="foo.bar" service.version="4.15" service.version.version="7">foo.bar ESMTP service (Netscape Messaging Server 4.15 Patch 7 (built Sep 12 2001))</example>
811
813
  <param pos="0" name="service.vendor" value="Netscape"/>
@@ -817,7 +819,7 @@
817
819
  <param pos="0" name="service.cpe23" value="cpe:/a:netscape:messaging_server:{service.version}"/>
818
820
  </fingerprint>
819
821
 
820
- <fingerprint pattern="^([^ ]+) ESMTP server \(Netscape Messaging Server - Version ([\d.]+)\) ready (\w\w\w, \d+ \w\w\w \d\d\d\d [\d:]+ [-+]\d\d\d\d) *$">
822
+ <fingerprint pattern="^([^ ]{1,512}) ESMTP server \(Netscape Messaging Server - Version ([\d.]+)\) ready (\w\w\w, \d+ \w\w\w \d\d\d\d [\d:]+ [-+]\d\d\d\d) *$">
821
823
  <description>Netscape Messaging Server - w/o patch number</description>
822
824
  <example host.name="foo.bar" service.version="3.6" system.time="Thu, 30 Nov 2017 04:19:10 -0500">foo.bar ESMTP server (Netscape Messaging Server - Version 3.6) ready Thu, 30 Nov 2017 04:19:10 -0500</example>
823
825
  <param pos="0" name="service.vendor" value="Netscape"/>
@@ -830,7 +832,7 @@
830
832
  <param pos="3" name="system.time"/>
831
833
  </fingerprint>
832
834
 
833
- <fingerprint pattern="^([^ ]+) Lotus SMTP MTA Service Ready *$">
835
+ <fingerprint pattern="^([^ ]{1,512}) Lotus SMTP MTA Service Ready *$">
834
836
  <description>Lotus Notes 4 SMTP MTA</description>
835
837
  <example host.name="foo.bar">foo.bar Lotus SMTP MTA Service Ready</example>
836
838
  <param pos="0" name="service.vendor" value="Lotus"/>
@@ -846,7 +848,7 @@
846
848
  called IBM Domino as of v9.0 on product and in banners.
847
849
  -->
848
850
 
849
- <fingerprint pattern="^ ?(?:([^ ]+))? *ESMTP Service \(Lotus Domino Release (\d+\.[\w.]+(?: FP\d+)?(?: HF\d+)?)(?: \(Intl\))?\) ready at (.+) *$">
851
+ <fingerprint pattern=" ?(?:([^ ]{1,512}))? {0,8}ESMTP Service \(Lotus Domino Release (\d+\.[\w.]+(?: FP\d+)?(?: HF\d+)?)(?: \(Intl\))?\) ready at (.+) *$">
850
852
  <description>Lotus Domino SMTP MTA</description>
851
853
  <example service.version="8.5">foo.bar ESMTP Service (Lotus Domino Release 8.5) ready at Thu, 30 Nov 2017 17:01:45 +0800</example>
852
854
  <example service.version="8.5.3FP6 HF1944">foo.bar ESMTP Service (Lotus Domino Release 8.5.3FP6 HF1944) ready at Thu, 30 Nov 2017 17:17:43 +0800</example>
@@ -867,7 +869,7 @@
867
869
  <param pos="3" name="system.time"/>
868
870
  </fingerprint>
869
871
 
870
- <fingerprint pattern="^ ?(?:([^ ]+))? *ESMTP Service \(IBM Domino Release (\d+\.[\w.]+(?: HF\d+)?)\) ready at (.+) *$">
872
+ <fingerprint pattern="^ ?(?:([^ ]{1,512}))? {0,8}ESMTP Service \(IBM Domino Release (\d+\.[\w.]+(?: HF\d+)?)\) ready at (.+) *$">
871
873
  <description>IBM Domino SMTP MTA</description>
872
874
  <example host.name="foo.bar" service.version="9.0.1FP8 HF475">foo.bar ESMTP Service (IBM Domino Release 9.0.1FP8 HF475) ready at Thu, 30 Nov 2017 17:55:48 +0900</example>
873
875
  <example host.name="foo.bar" service.version="9.0.1"> foo.bar ESMTP Service (IBM Domino Release 9.0.1) ready at Thu, 30 Nov 2017 10:12:26 +0100</example>
@@ -882,7 +884,7 @@
882
884
  <param pos="3" name="system.time"/>
883
885
  </fingerprint>
884
886
 
885
- <fingerprint pattern="^([^ ]+) ESMTP Service \(Lotus Domino Build (V?[\w.]+)\) ready at (.+) *$">
887
+ <fingerprint pattern="^([^ ]{1,512}) ESMTP Service \(Lotus Domino Build (V?[\w.]+)\) ready at (.+) *$">
886
888
  <description>Lotus Domino (some early build)</description>
887
889
  <example notes.build.version="166.1">foo.bar ESMTP Service (Lotus Domino Build 166.1) ready at Thu, 16 Nov 2017 10:39:22 +0200</example>
888
890
  <example notes.build.version="V85_M2_08202008">foo.bar ESMTP Service (Lotus Domino Build V85_M2_08202008) ready at Thu, 16 Nov 2017 03:57:40 -0500</example>
@@ -907,7 +909,7 @@
907
909
  <param pos="2" name="system.time"/>
908
910
  </fingerprint>
909
911
 
910
- <fingerprint pattern="^([^ ]+) NTMail \(v(\d+\.\d+\.\d+)/([^ ]+)\) ready for ESMTP transfer *$">
912
+ <fingerprint pattern="^([^ ]{1,512}) NTMail \(v(\d+\.\d+\.\d+)/([^ ]+)\) ready for ESMTP transfer *$">
911
913
  <description>NTMail (http://www.gordano.com)</description>
912
914
  <example host.name="foo.bar" service.version="7.02.3037" ntmail.id="NU1319.01.5b000000">foo.bar NTMail (v7.02.3037/NU1319.01.5b000000) ready for ESMTP transfer </example>
913
915
  <param pos="0" name="service.vendor" value="Gordano"/>
@@ -918,7 +920,7 @@
918
920
  <param pos="3" name="ntmail.id"/>
919
921
  </fingerprint>
920
922
 
921
- <fingerprint pattern="^([^ ]+) WindowsNT SMTP Server v([^ ]+\.[^ ]+\.[^ ]+)/([^ ]+)/SP ESMTP ready at (.+) *$">
923
+ <fingerprint pattern="^([^ ]{1,512}) WindowsNT SMTP Server v([^ ]+\.[^ ]+\.[^ ]+)/([^ ]+)/SP ESMTP ready at (.+) *$">
922
924
  <description>NTMail - versions 3.x and earlier (it was called Internet Shopper's something or other)</description>
923
925
  <example host.name="foo.bar" service.version="3.03.0018" ntmail.id="7.aavn">foo.bar WindowsNT SMTP Server v3.03.0018/7.aavn/SP ESMTP ready at Thu, 30 Nov 2017 10:15:31 +0100</example>
924
926
  <param pos="0" name="service.vendor" value="Gordano"/>
@@ -931,7 +933,7 @@
931
933
  <param pos="4" name="system.time"/>
932
934
  </fingerprint>
933
935
 
934
- <fingerprint pattern="^(\S+)(?: UCX)? V\S+, OpenVMS V(\S+) (\S+) ready at .*$">
936
+ <fingerprint pattern="^([^ ]{1,512})(?: UCX)? V\S+, OpenVMS V(\S+) (\S+) ready at .*$">
935
937
  <description>Some unknown mail server on OpenVMS</description>
936
938
  <example host.name="foo.bar" os.arch="IA64" os.version="8.4">foo.bar V5.7-ECO4, OpenVMS V8.4 IA64 ready at Wed, 20 May 2015 01:22:32 +0100 (BST)</example>
937
939
  <example host.name="foo.bar" os.arch="Alpha" os.version="7.3-2">foo.bar V5.4-15E, OpenVMS V7.3-2 Alpha ready at Wed, 20 May 2015 01:22:18 +0100 (BST)</example>
@@ -946,7 +948,7 @@
946
948
  <param pos="0" name="os.cpe23" value="cpe:/o:hp:openvms:{os.version}"/>
947
949
  </fingerprint>
948
950
 
949
- <fingerprint pattern="^(\S+) E?SMTP PMailServer(?: \[Free Edition\])? ([\d\.]+); (\w\w\w, +\d+ \w\w\w \d\d\d\d [\d:]+)$">
951
+ <fingerprint pattern="^([^ ]{1,512}) E?SMTP PMailServer(?: \[Free Edition\])? ([\d\.]+); (\w\w\w, +\d+ \w\w\w \d\d\d\d [\d:]+)$">
950
952
  <description>A.K.I PMail</description>
951
953
  <example host.name="foo.bar" service.version="1.91">foo.bar ESMTP PMailServer [Free Edition] 1.91; Fri, 22 May 2015 02:04:56</example>
952
954
  <example host.name="foo.bar" service.version="1.78">foo.bar ESMTP PMailServer 1.78; Fri, 6 Apr 2018 04:34:11</example>
@@ -958,7 +960,7 @@
958
960
  <param pos="3" name="system.time"/>
959
961
  </fingerprint>
960
962
 
961
- <fingerprint pattern="^([^ ]+) Postfix \(Postfix-([^ ]+)-([^ ]+)\) \(([^ ]+)\) *$">
963
+ <fingerprint pattern="^([^ ]{1,512}) Postfix \(Postfix-([^ ]+)-([^ ]+)\) \(([^ ]+)\) *$">
962
964
  <description>Postfix - version + build, followed by os</description>
963
965
  <param pos="0" name="service.vendor" value="Postfix"/>
964
966
  <param pos="0" name="service.family" value="Postfix"/>
@@ -970,7 +972,7 @@
970
972
  <param pos="4" name="postfix.os.info"/>
971
973
  </fingerprint>
972
974
 
973
- <fingerprint pattern="^([^ ]+) ESMTP Postfix \(?([\d.]+)\)?$">
975
+ <fingerprint pattern="^([^ ]{1,512}) ESMTP Postfix \(?([\d.]+)\)?$">
974
976
  <description>Postfix - Std semantic versioning, w/ optional parens</description>
975
977
  <example service.version="3.1.4">foo.bar ESMTP Postfix (3.1.4)</example>
976
978
  <example service.version="2.7.1">foo.bar ESMTP Postfix 2.7.1</example>
@@ -982,7 +984,7 @@
982
984
  <param pos="0" name="service.cpe23" value="cpe:/a:postfix:postfix:{service.version}"/>
983
985
  </fingerprint>
984
986
 
985
- <fingerprint pattern="^([^ ]+) ESMTP Postfix \((?:Postfix-)?([\d.]+)-([^ ]+)\)$">
987
+ <fingerprint pattern="^([^ ]{1,512}) ESMTP Postfix \((?:Postfix-)?([\d.]+)-([^ ]+)\)$">
986
988
  <description>Postfix - version + build</description>
987
989
  <example service.version="2.8" service.version.version="20100306">foo.bar ESMTP Postfix (2.8-20100306)</example>
988
990
  <param pos="0" name="service.vendor" value="Postfix"/>
@@ -994,7 +996,7 @@
994
996
  <param pos="0" name="service.cpe23" value="cpe:/a:postfix:postfix:{service.version}"/>
995
997
  </fingerprint>
996
998
 
997
- <fingerprint pattern="^([^ ]+) +E?SMTP Postfix \(Ubuntu\)$">
999
+ <fingerprint pattern="^([^ ]{1,512}) +E?SMTP Postfix \(Ubuntu\)$">
998
1000
  <description>Postfix - Ubuntu</description>
999
1001
  <example>foo.bar ESMTP Postfix (Ubuntu)</example>
1000
1002
  <param pos="0" name="service.vendor" value="Postfix"/>
@@ -1008,9 +1010,9 @@
1008
1010
  <param pos="0" name="os.cpe23" value="cpe:/o:canonical:ubuntu_linux:-"/>
1009
1011
  </fingerprint>
1010
1012
 
1011
- <fingerprint pattern="^([^ ]+)(?: ESMTP)? Hi, I'm a Mail-in-a-Box \(Ubuntu/Postfix; see https://mailinabox.email/\)$">
1013
+ <fingerprint pattern="^([^ ]{1,512})(?: ESMTP)? Hi, I'm a Mail-in-a-Box \(Ubuntu/Postfix; see https://mailinabox.email/\)$">
1012
1014
  <description>Postfix - Ubuntu, Mail-in-a-Box package</description>
1013
- <example>foo.bar ESMTP Hi, I'm a Mail-in-a-Box (Ubuntu/Postfix; see https://mailinabox.email/)</example>
1015
+ <example host.name="foo.bar">foo.bar ESMTP Hi, I'm a Mail-in-a-Box (Ubuntu/Postfix; see https://mailinabox.email/)</example>
1014
1016
  <example>foo.bar Hi, I'm a Mail-in-a-Box (Ubuntu/Postfix; see https://mailinabox.email/)</example>
1015
1017
  <param pos="0" name="service.vendor" value="Postfix"/>
1016
1018
  <param pos="0" name="service.family" value="Postfix"/>
@@ -1023,7 +1025,7 @@
1023
1025
  <param pos="0" name="os.cpe23" value="cpe:/o:canonical:ubuntu_linux:-"/>
1024
1026
  </fingerprint>
1025
1027
 
1026
- <fingerprint pattern="^([^ ]+) +E?SMTP Postfix \(Debian/GNU\)$">
1028
+ <fingerprint pattern="^([^ ]{1,512}) +E?SMTP Postfix \(Debian/GNU\)$">
1027
1029
  <description>Postfix - Debian</description>
1028
1030
  <example>foo.bar ESMTP Postfix (Debian/GNU)</example>
1029
1031
  <param pos="0" name="service.vendor" value="Postfix"/>
@@ -1037,7 +1039,7 @@
1037
1039
  <param pos="0" name="os.cpe23" value="cpe:/o:debian:debian_linux:-"/>
1038
1040
  </fingerprint>
1039
1041
 
1040
- <fingerprint pattern="^([^ ]+) ESMTP.* Postfix *\(.+\) *$">
1042
+ <fingerprint pattern="^([^ ]{1,512}) ESMTP.* Postfix *\(.+\) *$">
1041
1043
  <description>Postfix - generic banner with amusing comments in parentheses</description>
1042
1044
  <example>foo.bar ESMTP Postfix (lol)</example>
1043
1045
  <param pos="0" name="service.vendor" value="Postfix"/>
@@ -1047,7 +1049,7 @@
1047
1049
  <param pos="1" name="host.name"/>
1048
1050
  </fingerprint>
1049
1051
 
1050
- <fingerprint pattern="^(?i)([^ ]+) +E?SMTP.* Postfix *$">
1052
+ <fingerprint pattern="(?i)^([^ ]{1,512}) {1,8}E?SMTP.* Postfix *$">
1051
1053
  <description>Postfix - generic banner</description>
1052
1054
  <example>foo.bar ESMTP Postfix</example>
1053
1055
  <example>foo.bar SMTP Postfix</example>
@@ -1058,7 +1060,7 @@
1058
1060
  <param pos="1" name="host.name"/>
1059
1061
  </fingerprint>
1060
1062
 
1061
- <fingerprint pattern="^ *ESMTP Postfix$">
1063
+ <fingerprint pattern="^ {0,512}ESMTP Postfix$">
1062
1064
  <description>Postfix - banner without hostname or version</description>
1063
1065
  <example>ESMTP Postfix</example>
1064
1066
  <param pos="0" name="service.vendor" value="Postfix"/>
@@ -1067,7 +1069,7 @@
1067
1069
  <param pos="0" name="service.cpe23" value="cpe:/a:postfix:postfix:-"/>
1068
1070
  </fingerprint>
1069
1071
 
1070
- <fingerprint pattern="^(?i)([^ ]+) POSTFIX$">
1072
+ <fingerprint pattern="(?i)^([^ ]{1,512}) POSTFIX$">
1071
1073
  <description>Postfix - generic w/o ESMTP</description>
1072
1074
  <example host.name="foo.bar">foo.bar Postfix</example>
1073
1075
  <param pos="0" name="service.vendor" value="Postfix"/>
@@ -1077,7 +1079,7 @@
1077
1079
  <param pos="1" name="host.name"/>
1078
1080
  </fingerprint>
1079
1081
 
1080
- <fingerprint pattern="^([^ ]+) ESMTP server \((?i:P)ost\.(?i:O)ffice v([^ ]+\.[^ ]+)(?: release)? (.+) ID# ([^ ]+)\) ready (.+) *$">
1082
+ <fingerprint pattern="^([^ ]{1,512}) ESMTP server \((?i:P)ost\.(?i:O)ffice v([^ ]+\.[^ ]+)(?: release)? (.+) ID# ([^ ]+)\) ready (.+) *$">
1081
1083
  <description>Post.Office</description>
1082
1084
  <example host.name="foo.bar" service.version="3.8.4" postoffice.build="116" postoffice.id="1001-65749U100L10S0V38" system.time="Thu, 30 Nov 2017 18:46:24 +0900">foo.bar ESMTP server (post.office v3.8.4 release 116 ID# 1001-65749U100L10S0V38) ready Thu, 30 Nov 2017 18:46:24 +0900</example>
1083
1085
  <example host.name="foo.bar" service.version="3.1" postoffice.build="PO205e" postoffice.id="0-42000U100L2S100" system.time="Tue, 6 Feb 2001 19:38:32 +0100">foo.bar ESMTP server (Post.Office v3.1 release PO205e ID# 0-42000U100L2S100) ready Tue, 6 Feb 2001 19:38:32 +0100</example>
@@ -1091,14 +1093,14 @@
1091
1093
  <param pos="5" name="system.time"/>
1092
1094
  </fingerprint>
1093
1095
 
1094
- <fingerprint pattern="^([^ ]+) Generic SMTP handler *$">
1096
+ <fingerprint pattern="^([^ ]{1,512}) Generic SMTP handler *$">
1095
1097
  <description>Raptor Firewall (low confidence)</description>
1096
1098
  <example host.name="foo.bar">foo.bar Generic SMTP handler</example>
1097
1099
  <param pos="0" name="service.product" value="raptor"/>
1098
1100
  <param pos="1" name="host.name"/>
1099
1101
  </fingerprint>
1100
1102
 
1101
- <fingerprint pattern="^(\S+) SAP (\S+) E?SMTP service ready$">
1103
+ <fingerprint pattern="^(\S{1,512}) SAP (\S+) E?SMTP service ready$">
1102
1104
  <description>SAP SMTP Server</description>
1103
1105
  <example host.name="foo.bar" service.version="8.04(53)">foo.bar SAP 8.04(53) ESMTP service ready</example>
1104
1106
  <param pos="0" name="service.vendor" value="SAP"/>
@@ -1116,7 +1118,7 @@
1116
1118
  <param pos="0" name="service.cpe23" value="cpe:/a:sendmail:sendmail:-"/>
1117
1119
  </fingerprint>
1118
1120
 
1119
- <fingerprint pattern="^([^ ]+) +ESMTP +Sendmail +([^ ]+) \(PHNE_([^ ]+)\) */ *(.+); *(.+) \(.+\)$">
1121
+ <fingerprint pattern="^([^ ]{1,512}) +ESMTP +Sendmail +([^ ]+) \(PHNE_([^ ]+)\) */ *(.+); *(.+) \(.+\)$">
1120
1122
  <description>Sendmail - HP-UX with a PHNE (HP Networking patch) installed</description>
1121
1123
  <example host.name="foo.bar" service.version="8.8.6" sendmail.config.version="8.7.1">foo.bar ESMTP Sendmail 8.8.6 (PHNE_14041)/8.7.1; Tue, 6 Feb 2001 10:04:32 -0300 (SAT)</example>
1122
1124
  <param pos="0" name="service.vendor" value="Sendmail"/>
@@ -1135,7 +1137,7 @@
1135
1137
  <param pos="5" name="system.time"/>
1136
1138
  </fingerprint>
1137
1139
 
1138
- <fingerprint pattern="^(\S+) ESMTP Sendmail \S+ version ([\d\.]+) - Revision \S+ HP-UX([\d\.]+).*(\w\w\w, \d+ \w\w\w \d\d\d\d [\d:]+ \w\w\w)$">
1140
+ <fingerprint pattern="^(\S{1,512}) ESMTP Sendmail \S+ version ([\d\.]+) - Revision \S+ HP-UX([\d\.]+).*(\w\w\w, \d+ \w\w\w \d\d\d\d [\d:]+ \w\w\w)$">
1139
1141
  <description>Sendmail - HP-UX</description>
1140
1142
  <example host.name="foo.bar" os.version="11.31" service.version="8.13.3">foo.bar ESMTP Sendmail @(#)Sendmail version 8.13.3 - Revision 1.004:: HP-UX11.31 - 03rd February,2010/8.11.1; Wed, 20 May 2015 23:35:38 GMT</example>
1141
1143
  <param pos="0" name="service.vendor" value="Sendmail"/>
@@ -1153,7 +1155,7 @@
1153
1155
  <param pos="4" name="system.time"/>
1154
1156
  </fingerprint>
1155
1157
 
1156
- <fingerprint pattern="^([^ ]+) +ESMTP +Sendmail +([^ ]+)/UW([^ ]+) ready at *(.+) \(.+\) *$">
1158
+ <fingerprint pattern="^([^ ]{1,512}) {1,8}ESMTP +Sendmail +([^ ]+)/UW([^ ]+) ready at *(.+) \(.+\) *$">
1157
1159
  <description>Sendmail - Unixware</description>
1158
1160
  <example service.version="8.8.7">foo.bar ESMTP Sendmail 8.8.7/UW7.1.0 ready at Tue, 6 Feb 2001 16:39:30 -0300 (GMT-0300)</example>
1159
1161
  <param pos="0" name="service.vendor" value="Sendmail"/>
@@ -1170,7 +1172,7 @@
1170
1172
  <param pos="4" name="system.time"/>
1171
1173
  </fingerprint>
1172
1174
 
1173
- <fingerprint pattern="^([^ ]+) ESMTP Sendmail AIX([^/]+)/UCB ([^;]+); (.+) \(.+\)$">
1175
+ <fingerprint pattern="^([^ ]{1,512}) ESMTP Sendmail AIX([^/]+)/UCB ([^;]+); (.+) \(.+\)$">
1174
1176
  <description>Sendmail - AIX (UCB variant)</description>
1175
1177
  <example os.version="4.2" service.version="8.7">foo.bar ESMTP Sendmail AIX4.2/UCB 8.7; Sun, 29 Jul 2001 22:34:37 -0400 (EDT)</example>
1176
1178
  <param pos="0" name="service.vendor" value="Sendmail"/>
@@ -1188,7 +1190,7 @@
1188
1190
  <param pos="4" name="system.time"/>
1189
1191
  </fingerprint>
1190
1192
 
1191
- <fingerprint pattern="^([^ ]+) Sendmail AIX([^/]+)/UCB ([^/]+)/([^ ]+) ready at (.+)$">
1193
+ <fingerprint pattern="^([^ ]{1,512}) Sendmail AIX([^/]+)/UCB ([^/]+)/([^ ]+) ready at (.+)$">
1192
1194
  <description>Sendmail - AIX (UCB/ready at variant)</description>
1193
1195
  <example>foo.bar Sendmail AIX 4.1/UCB 5.64/4.03 ready at Mon, 30 Jul 2001 00:42:21 -0500</example>
1194
1196
  <param pos="0" name="service.vendor" value="Sendmail"/>
@@ -1207,7 +1209,7 @@
1207
1209
  <param pos="5" name="system.time"/>
1208
1210
  </fingerprint>
1209
1211
 
1210
- <fingerprint pattern="^([^ ]+) ESMTP Sendmail AIX([^/]+)/([^/]+)/([^;]+); (.+)(?: \(.+\))?$">
1212
+ <fingerprint pattern="^([^ ]{1,512}) ESMTP Sendmail AIX([^/]+)/([^/]+)/([^;]+); (.+)(?: \(.+\))?$">
1211
1213
  <description>Sendmail - AIX</description>
1212
1214
  <example host.name="foo.bar" os.version="4.2" service.version="8.7" sendmail.config.version="8.8">foo.bar ESMTP Sendmail AIX4.2/8.7/8.8; Sun, 29 Jul 2001 22:34:37 -0400 (EDT)</example>
1213
1215
  <example host.name="foo.bar" os.version="5.1" service.version="8.11.6p2" sendmail.config.version="8.11.0">foo.bar ESMTP Sendmail AIX5.1/8.11.6p2/8.11.0; Fri, 28 Aug 1970 19:42:05 -0800</example>
@@ -1227,7 +1229,7 @@
1227
1229
  <param pos="5" name="system.time"/>
1228
1230
  </fingerprint>
1229
1231
 
1230
- <fingerprint pattern="^([^ ]+) ESMTP Sendmail ([^/]+)/([^/]+)/SuSE Linux ([^;]+); (.+)$">
1232
+ <fingerprint pattern="^([^ ]{1,512}) ESMTP Sendmail ([^/]+)/([^/]+)/SuSE Linux ([^;]+); (.+)$">
1231
1233
  <description>Sendmail - SuSE Linux</description>
1232
1234
  <example>foo.bar ESMTP Sendmail 8.9.3/8.9.3/SuSE Linux 8.9.3-0.1; Mon, 30 Jul 2001 04:48:54 +0200</example>
1233
1235
  <param pos="0" name="service.vendor" value="Sendmail"/>
@@ -1246,7 +1248,7 @@
1246
1248
  <param pos="5" name="system.time"/>
1247
1249
  </fingerprint>
1248
1250
 
1249
- <fingerprint pattern="^([^ ]+) ESMTP Sendmail ([^ ]+)\+Sun/([^ ]+); (.+)$">
1251
+ <fingerprint pattern="^([^ ]{1,512}) ESMTP Sendmail ([^ ]+)\+Sun/([^ ]+); (.+)$">
1250
1252
  <description>Sendmail - Solaris with date (no time offeset variant)</description>
1251
1253
  <example>foo.bar ESMTP Sendmail 8.9.3+Sun/8.9.1; Mon, 30 Jul 2001 02:50:22 GMT</example>
1252
1254
  <param pos="0" name="service.vendor" value="Sendmail"/>
@@ -1264,7 +1266,7 @@
1264
1266
  <param pos="4" name="system.time"/>
1265
1267
  </fingerprint>
1266
1268
 
1267
- <fingerprint pattern="^([^ ]+) ESMTP Sendmail ([^ ]+)\+Sun/([^ ]+) ready at (.+) \(.+\)$">
1269
+ <fingerprint pattern="^([^ ]{1,512}) ESMTP Sendmail ([^ ]+)\+Sun/([^ ]+) ready at (.+) \(.+\)$">
1268
1270
  <description>Sendmail - Solaris with date (ready variant)</description>
1269
1271
  <example>foo.bar ESMTP Sendmail 8.8.8+Sun/8.6.4 ready at Thu, 15 Nov 2000 11:40:32 -0800 (PST)</example>
1270
1272
  <param pos="0" name="service.vendor" value="Sendmail"/>
@@ -1282,7 +1284,7 @@
1282
1284
  <param pos="4" name="system.time"/>
1283
1285
  </fingerprint>
1284
1286
 
1285
- <fingerprint pattern="^([^ ]+) ESMTP (?:Debian )?Sendmail ([^/]+)/([^/]+)/Debian ([^/]+); (.+) *$">
1287
+ <fingerprint pattern="^([^ ]{1,512}) ESMTP (?:Debian )?Sendmail ([^/]+)/([^/]+)/Debian ([^/]+); (.+) *$">
1286
1288
  <description>Sendmail - Debian</description>
1287
1289
  <example service.version="8.12.0.Beta7" sendmail.config.version="8.12.0.Beta7" sendmail.vendor.version="8.12.0.Beta7-1">foo.bar ESMTP Debian Sendmail 8.12.0.Beta7/8.12.0.Beta7/Debian 8.12.0.Beta7-1; Sun, 29 Jul 2001 18:52:20 -0800</example>
1288
1290
  <example service.version="8.11.0" sendmail.config.version="8.9.3" sendmail.vendor.version="8.9.3-21">foo.bar ESMTP Sendmail 8.11.0/8.9.3/Debian 8.9.3-21; Sun, 29 Jul 2001 19:51:00 -0700</example>
@@ -1302,9 +1304,9 @@
1302
1304
  <param pos="5" name="system.time"/>
1303
1305
  </fingerprint>
1304
1306
 
1305
- <fingerprint pattern="^([^ ]+) ESMTP Sendmail ([^/]+)/([^/]+)/Debian-\d\+(?:wheezy|deb7u)\d; (.+); .*$">
1307
+ <fingerprint pattern="^([^ ]{1,512}) ESMTP Sendmail ([^/]+)/([^/]+)/Debian-\d\+(?:wheezy|deb7u)\d; (.+); .*$">
1306
1308
  <description>Sendmail - Debian 7.x (wheezy)</description>
1307
- <example service.version="8.14.4">foo.bar ESMTP Sendmail 8.14.4/8.14.4/Debian-4+wheezy1; Thu, 30 Nov 2017 10:33:05 +0100; (No UCE/UBE) logging access from: xyz.foo.bar(OK)-xyz.foo.bar [10.0.0.1]</example>
1309
+ <example host.name="foo.bar" service.version="8.14.4">foo.bar ESMTP Sendmail 8.14.4/8.14.4/Debian-4+wheezy1; Thu, 30 Nov 2017 10:33:05 +0100; (No UCE/UBE) logging access from: xyz.foo.bar(OK)-xyz.foo.bar [10.0.0.1]</example>
1308
1310
  <example service.version="8.14.4">foo.bar ESMTP Sendmail 8.14.4/8.14.4/Debian-4+deb7u1; Thu, 30 Nov 2017 11:00:33 +0100; (No UCE/UBE) logging access from: xyz.foo.bar(OK)-xyz.foo.bar [10.0.0.1]</example>
1309
1311
  <param pos="0" name="service.vendor" value="Sendmail"/>
1310
1312
  <param pos="0" name="service.family" value="Sendmail"/>
@@ -1322,7 +1324,7 @@
1322
1324
  <param pos="4" name="system.time"/>
1323
1325
  </fingerprint>
1324
1326
 
1325
- <fingerprint pattern="^([^ ]+) ESMTP Sendmail ([^/]+)/([^/]+)/Debian-\d\+deb8u\d; (.+); .*$">
1327
+ <fingerprint pattern="^([^ ]{1,512}) ESMTP Sendmail ([^/]+)/([^/]+)/Debian-\d\+deb8u\d; (.+); .*$">
1326
1328
  <description>Sendmail - Debian 8.x (jessie)</description>
1327
1329
  <example service.version="8.14.4">foo.bar ESMTP Sendmail 8.14.4/8.14.4/Debian-8+deb8u2; Thu, 30 Nov 2017 10:25:48 +0100; (No UCE/UBE) logging access from: xyz.foo.bar(OK)-xyz.foo.bar [10.0.0.1]</example>
1328
1330
  <param pos="0" name="service.vendor" value="Sendmail"/>
@@ -1341,9 +1343,9 @@
1341
1343
  <param pos="4" name="system.time"/>
1342
1344
  </fingerprint>
1343
1345
 
1344
- <fingerprint pattern="^([^ ]+) ESMTP Sendmail ([^/]+)/([^/]+)/Debian-\d\+deb9u1; (.+); .*$">
1346
+ <fingerprint pattern="^([^ ]{1,512}) ESMTP Sendmail ([^/]+)/([^/]+)/Debian-\d\+deb9u1; (.+); .*$">
1345
1347
  <description>Sendmail - Debian 9.1 (stretch)</description>
1346
- <example service.version="8.15.2">foo.bar ESMTP Sendmail 8.15.2/8.15.2/Debian-8+deb9u1; Thu, 29 Apr 2021 06:45:02 +0200; (No UCE/UBE) logging access from: xyz.foo.bar(OK)-xyz.foo.bar [10.0.0.1]</example>
1348
+ <example host.name="foo.bar" service.version="8.15.2">foo.bar ESMTP Sendmail 8.15.2/8.15.2/Debian-8+deb9u1; Thu, 29 Apr 2021 06:45:02 +0200; (No UCE/UBE) logging access from: xyz.foo.bar(OK)-xyz.foo.bar [10.0.0.1]</example>
1347
1349
  <param pos="0" name="service.vendor" value="Sendmail"/>
1348
1350
  <param pos="0" name="service.family" value="Sendmail"/>
1349
1351
  <param pos="0" name="service.product" value="Sendmail"/>
@@ -1360,7 +1362,7 @@
1360
1362
  <param pos="4" name="system.time"/>
1361
1363
  </fingerprint>
1362
1364
 
1363
- <fingerprint pattern="^([^ ]+) ESMTP Sendmail ([^/]+)/([^/]+)/Debian-\d\+lenny\d; (.+); .*$">
1365
+ <fingerprint pattern="^([^ ]{1,512}) ESMTP Sendmail ([^/]+)/([^/]+)/Debian-\d\+lenny\d; (.+); .*$">
1364
1366
  <description>Sendmail - Debian 5.x (lenny)</description>
1365
1367
  <example service.version="8.14.3">foo.bar ESMTP Sendmail 8.14.3/8.14.3/Debian-5+lenny1; Thu, 30 Nov 2017 12:29:40 +0300; (No UCE/UBE) logging access from: xyz.foo.bar(OK)-xyz.foo.bar [10.0.0.1]</example>
1366
1368
  <param pos="0" name="service.vendor" value="Sendmail"/>
@@ -1379,7 +1381,7 @@
1379
1381
  <param pos="4" name="system.time"/>
1380
1382
  </fingerprint>
1381
1383
 
1382
- <fingerprint pattern="^([^ ]+) ESMTP Sendmail ([^/]+)/([^/]+)/Debian-\d\+etch\d; (.+); .*$">
1384
+ <fingerprint pattern="^([^ ]{1,512}) ESMTP Sendmail ([^/]+)/([^/]+)/Debian-\d\+etch\d; (.+); .*$">
1383
1385
  <description>Sendmail - Debian 4.x (etch)</description>
1384
1386
  <example service.version="8.13.8" sendmail.config.version="8.13.8">foo.bar ESMTP Sendmail 8.13.8/8.13.8/Debian-3+etch1; Thu, 30 Nov 2017 10:28:23 +0100; (No UCE/UBE) logging access from: xyz.foo.bar(OK)-xyz.foo.bar [10.0.0.1]</example>
1385
1387
  <param pos="0" name="service.vendor" value="Sendmail"/>
@@ -1398,7 +1400,7 @@
1398
1400
  <param pos="4" name="system.time"/>
1399
1401
  </fingerprint>
1400
1402
 
1401
- <fingerprint pattern="^([^ ]+) ESMTP Sendmail ([^/]+)/([^/]+)/Debian-\dsarge\d; (.+); .*$">
1403
+ <fingerprint pattern="^([^ ]{1,512}) ESMTP Sendmail ([^/]+)/([^/]+)/Debian-\dsarge\d; (.+); .*$">
1402
1404
  <description>Sendmail - Debian 3.1 (sarge)</description>
1403
1405
  <example service.version="8.13.4">foo.bar ESMTP Sendmail 8.13.4/8.13.4/Debian-3sarge1; Thu, 30 Nov 2017 10:55:47 +0100; (No UCE/UBE) logging access from: xyz.foo.bar(OK)-xyz.foo.bar [10.0.0.1]</example>
1404
1406
  <param pos="0" name="service.vendor" value="Sendmail"/>
@@ -1417,7 +1419,7 @@
1417
1419
  <param pos="4" name="system.time"/>
1418
1420
  </fingerprint>
1419
1421
 
1420
- <fingerprint pattern="^([^ ]+) ESMTP Sendmail ([^/]+)/([^/]+)/Debian-\d(?:\.\d)?(?:build\d)?;+ (.+); .*$">
1422
+ <fingerprint pattern="^([^ ]{1,512}) ESMTP Sendmail ([^/]+)/([^/]+)/Debian-\d(?:\.\d)?(?:build\d)?;+ (.+); .*$">
1421
1423
  <description>Sendmail - Debian patch only</description>
1422
1424
  <example service.version="8.15.2">foo.bar ESMTP Sendmail 8.15.2/8.15.2/Debian-3; Thu, 30 Nov 2017 10:55:50 +0200; (No UCE/UBE) logging access from: xyz.foo.bar(OK)-xyz.foo.bar [10.0.0.1]</example>
1423
1425
  <example service.version="8.14.3">foo.bar ESMTP Sendmail 8.14.3/8.14.3/Debian-9.4; Thu, 30 Nov 2017 10:11:54 +0100; (No UCE/UBE) logging access from: xyz.foo.bar(OK)-xyz.foo.bar [10.0.0.1]</example>
@@ -1437,7 +1439,7 @@
1437
1439
  <param pos="4" name="system.time"/>
1438
1440
  </fingerprint>
1439
1441
 
1440
- <fingerprint pattern="^([^ ]+) ESMTP Sendmail ([^/]+)/[^/]+/Debian-[\d.]+ubuntu[^ ]*; (.+); .*$">
1442
+ <fingerprint pattern="^([^ ]{1,512}) ESMTP Sendmail ([^/]+)/[^/]+/Debian-[\d.]+ubuntu[^ ]*; (.+); .*$">
1441
1443
  <description>Sendmail - Ubuntu</description>
1442
1444
  <example service.version="8.13.5.20060308">foo.bar ESMTP Sendmail 8.13.5.20060308/8.13.5/Debian-3ubuntu1.1; Fri, 24 Jul 2009 01:41:21 -0700; (No UCE/UBE) logging access from: xyz.foo.bar(OK)-xyz.foo.bar [10.0.0.1]</example>
1443
1445
  <example service.version="8.14.4">foo.bar ESMTP Sendmail 8.14.4/8.14.4/Debian-4.1ubuntu1; Thu, 30 Nov 2017 11:00:30 +0100; (No UCE/UBE) logging access from: xyz.foo.bar(OK)-xyz.foo.bar [10.0.0.1]</example>
@@ -1455,7 +1457,7 @@
1455
1457
  <param pos="3" name="system.time"/>
1456
1458
  </fingerprint>
1457
1459
 
1458
- <fingerprint pattern="^([^ ]+) (?:E?SMTP )?Sendmail SMI-([^/]+)/(SMI-SVR4) ready at (.+)$">
1460
+ <fingerprint pattern="^([^ ]{1,512}) (?:E?SMTP )?Sendmail SMI-([^/]+)/(SMI-SVR4) ready at (.+)$">
1459
1461
  <description>Sendmail - Solaris (SMI variant)</description>
1460
1462
  <example>foo.bar Sendmail SMI-8.6/SMI-SVR4 ready at Sun, 29 Jul 2001 22:58:46 -0400</example>
1461
1463
  <param pos="0" name="service.vendor" value="Sendmail"/>
@@ -1473,7 +1475,7 @@
1473
1475
  <param pos="4" name="system.time"/>
1474
1476
  </fingerprint>
1475
1477
 
1476
- <fingerprint pattern="^([^ ]+) ESMTP Sendmail ([^ ]+)/(linuxconf); (.+)$">
1478
+ <fingerprint pattern="^([^ ]{1,512}) ESMTP Sendmail ([^ ]+)/(linuxconf); (.+)$">
1477
1479
  <description>Sendmail - unknown platform (linuxconf variant)</description>
1478
1480
  <example>foo.bar ESMTP Sendmail 8.9.3/linuxconf; Sun, 29 Jul 2001 22:48:28 -0400</example>
1479
1481
  <param pos="0" name="service.vendor" value="Sendmail"/>
@@ -1489,7 +1491,7 @@
1489
1491
  <param pos="4" name="system.time"/>
1490
1492
  </fingerprint>
1491
1493
 
1492
- <fingerprint pattern="^([^ ]+) ESMTP MetaInfo Sendmail ([^ ]+) Build ([^ ]+) \(Berkeley ([^ ]+)\)/([^;]+); (.+)$">
1494
+ <fingerprint pattern="^([^ ]{1,512}) ESMTP MetaInfo Sendmail ([^ ]+) Build ([^ ]+) \(Berkeley ([^ ]+)\)/([^;]+); (.+)$">
1493
1495
  <description>Sendmail - MetaInfo</description>
1494
1496
  <example host.name="foo.bar" service.version="8.8.6">foo.bar ESMTP MetaInfo Sendmail 2.5 Build 2630 (Berkeley 8.8.6)/8.8.4; Mon, 30 Jul</example>
1495
1497
  <param pos="0" name="service.vendor" value="MetaInfo"/>
@@ -1508,7 +1510,7 @@
1508
1510
  <param pos="6" name="system.time"/>
1509
1511
  </fingerprint>
1510
1512
 
1511
- <fingerprint pattern="^([^ ]+) +ESMTP .*Sendmail +([^/ ]+) */ *([^/ ]+); *((?:\w\w\w, \d+ \w\w\w \d\d\d\d [\d:]+ [-+]\d\d\d\d)?)(?: \(.+\))?$">
1513
+ <fingerprint pattern="^([^ ]{1,512}) +ESMTP .*Sendmail +([^/ ]+) */ *([^/ ]+); *((?:\w\w\w, \d+ \w\w\w \d\d\d\d [\d:]+ [-+]\d\d\d\d)?)(?: \(.+\))?$">
1512
1514
  <description>Sendmail - optional timezone and timestamp, w/o OS</description>
1513
1515
  <example host.name="foo.bar" service.version="8.9.3+3.4W" sendmail.config.version="8.9.3+3.4W" system.time="Tue, 30 Jan 2001 20:40:09 -0500">foo.bar ESMTP Sendmail 8.9.3+3.4W/8.9.3+3.4W; Tue, 30 Jan 2001 20:40:09 -0500 (EST)</example>
1514
1516
  <example host.name="foo.bar" service.version="8.12.10" sendmail.config.version="8.12.10">foo.bar ESMTP Sendmail 8.12.10/8.12.10;</example>
@@ -1526,7 +1528,7 @@
1526
1528
  <param pos="4" name="system.time"/>
1527
1529
  </fingerprint>
1528
1530
 
1529
- <fingerprint pattern="^([^ ]+) +ESMTP .*Sendmail +([^/ ]+) */ *([^/ ]+); *(\w\w\w, \d+ \w\w\w \d\d\d\d [\d:]+ \w+)\.?$">
1531
+ <fingerprint pattern="^([^ ]{1,512}) +ESMTP .*Sendmail +([^/ ]+) */ *([^/ ]+); *(\w\w\w, \d+ \w\w\w \d\d\d\d [\d:]+ \w+)\.?$">
1530
1532
  <description>Sendmail - with timezone and timestamp, w/o timezone offset or OS</description>
1531
1533
  <example host.name="foo.bar" service.version="8.14.4" sendmail.config.version="8.14.4" system.time="Thu, 5 Apr 2018 19:30:58 GMT">foo.bar ESMTP Sendmail 8.14.4/8.14.4; Thu, 5 Apr 2018 19:30:58 GMT</example>
1532
1534
  <param pos="0" name="service.vendor" value="Sendmail"/>
@@ -1539,7 +1541,7 @@
1539
1541
  <param pos="4" name="system.time"/>
1540
1542
  </fingerprint>
1541
1543
 
1542
- <fingerprint pattern="^([^ ]+) +ESMTP +Sendmail ([^ ]+) ready at *(\w\w\w, \d+ \w\w\w \d\d\d\d [\d:]+ [-+]\d\d\d\d)(?: \(.+\))$">
1544
+ <fingerprint pattern="^([^ ]{1,512}) +ESMTP +Sendmail ([^ ]+) ready at *(\w\w\w, \d+ \w\w\w \d\d\d\d [\d:]+ [-+]\d\d\d\d)(?: \(.+\))$">
1543
1545
  <description>Sendmail - with version and date (optional timezone), w/o config version</description>
1544
1546
  <example host.name="foo.bar" service.version="8.8.8" system.time="Tue, 6 Feb 2001 14:37:14 +0100">foo.bar ESMTP Sendmail 8.8.8 ready at Tue, 6 Feb 2001 14:37:14 +0100 (CET)</example>
1545
1547
  <param pos="0" name="service.vendor" value="Sendmail"/>
@@ -1552,7 +1554,7 @@
1552
1554
  <param pos="3" name="system.time"/>
1553
1555
  </fingerprint>
1554
1556
 
1555
- <fingerprint pattern="^([^ ]+) +ESMTP +Sendmail ([^ /]+) - \([^\)]+\)/[^ ]+;? *(\w\w\w, \d+ \w\w\w \d\d\d\d [\d:]+ [-+]\d\d\d\d)(?: \(.+\)) *$">
1557
+ <fingerprint pattern="^([^ ]{1,512}) +ESMTP +Sendmail ([^ /]+) - \([^\)]+\)/[^ ]+;? *(\w\w\w, \d+ \w\w\w \d\d\d\d [\d:]+ [-+]\d\d\d\d)(?: \(.+\)) *$">
1556
1558
  <description>Sendmail - revision variant 1</description>
1557
1559
  <example>foo.foo.bar ESMTP Sendmail 8.11.1 - (Revision 1.010)/8.9.3; Sat, 22 Jan 2011 10:08:35 -0500 (EST)</example>
1558
1560
  <param pos="0" name="service.vendor" value="Sendmail"/>
@@ -1565,7 +1567,7 @@
1565
1567
  <param pos="3" name="system.time"/>
1566
1568
  </fingerprint>
1567
1569
 
1568
- <fingerprint pattern="^([^ ]+) +ESMTP +Sendmail +(?:[^ ]+) +version +([^ ]+) +- +(?:[^;]+); *(\w\w\w, \d+ \w\w\w \d\d\d\d [\d:]+ [-+]\d\d\d\d)(?: \(.+\)) *$">
1570
+ <fingerprint pattern="^([^ ]{1,512}) +ESMTP +Sendmail +(?:[^ ]+) +version +([^ ]+) +- +(?:[^;]+); *(\w\w\w, \d+ \w\w\w \d\d\d\d [\d:]+ [-+]\d\d\d\d)(?: \(.+\)) *$">
1569
1571
  <description>Sendmail - revision variant 2</description>
1570
1572
  <example>foo.foo.bar ESMTP Sendmail @(#)Sendmail version 8.13.3 - Revision 2.007 - 8 December 2008/8.8.6; Wed, 21 Jul 2010 11:17:01 -0400 (EDT)</example>
1571
1573
  <param pos="0" name="service.vendor" value="Sendmail"/>
@@ -1578,7 +1580,7 @@
1578
1580
  <param pos="3" name="system.time"/>
1579
1581
  </fingerprint>
1580
1582
 
1581
- <fingerprint pattern="^(?i)([^ ]+) +(?:ESMTP +)?Sendmail *(?: Ready.? ?)?(?:;|at)? ?((?:\w\w\w, \d+ \w\w\w \d\d\d\d [\d:]+ [-+]\d\d\d\d)?)(?: \(.+\))?$">
1583
+ <fingerprint pattern="(?i)^([^ ]{1,512}) {1,8}(?:ESMTP +)?Sendmail *(?: Ready.? ?)?(?:;|at)? ?((?:\w\w\w, \d+ \w\w\w \d\d\d\d [\d:]+ [-+]\d\d\d\d)?)(?: \(.+\))?$">
1582
1584
  <description>Sendmail - with date, w/o version or platform, optional status string.</description>
1583
1585
  <example host.name="foo.bar">foo.bar ESMTP Sendmail ; Thu, 30 Nov 2017 17:50:14 +0900</example>
1584
1586
  <example host.name="foo.bar">foo.bar ESMTP Sendmail; Thu, 30 Nov 2017 17:50:14 +0900</example>
@@ -1612,7 +1614,7 @@
1612
1614
  <param pos="3" name="system.time"/>
1613
1615
  </fingerprint>
1614
1616
 
1615
- <fingerprint pattern="^([^ ]+) +ESMTP +Sendmail ([^ /]+) \([^\)]+\) *(.+) \(.+\)$">
1617
+ <fingerprint pattern="^([^ ]{1,512}) +ESMTP +Sendmail ([^ /]+) \([^\)]+\) *(.+) \(.+\)$">
1616
1618
  <description>Sendmail - unknown (date in version string variant)</description>
1617
1619
  <example>mail.foo.bar ESMTP Sendmail 8.11.1 (1.1.2.11/12Jul01-1016AM) Wed, 8 Jan 2003 11:21:22 +0100 (MET)</example>
1618
1620
  <param pos="0" name="service.vendor" value="Sendmail"/>
@@ -1627,7 +1629,7 @@
1627
1629
 
1628
1630
  <!-- *Sendmail* fingerprints after this line had NO matches in 2017.11.30 Project Sonar data set-->
1629
1631
 
1630
- <fingerprint pattern="^([^ ]+) Sendmail ([^;]+); ([^;\.]+)$">
1632
+ <fingerprint pattern="^([^ ]{1,512}) Sendmail ([^;]+); ([^;\.]+)$">
1631
1633
  <description>Sendmail - unknown platform, variant 1</description>
1632
1634
  <param pos="0" name="service.vendor" value="Sendmail"/>
1633
1635
  <param pos="0" name="service.family" value="Sendmail"/>
@@ -1650,7 +1652,7 @@
1650
1652
  <param pos="3" name="host.name"/>
1651
1653
  </fingerprint>
1652
1654
 
1653
- <fingerprint pattern="^([^ ]+) -- Server ESMTP \(Sun Internet Mail Server sims\.(\d\.[\w.]+)\)$">
1655
+ <fingerprint pattern="^([^ ]{1,512}) -- Server ESMTP \(Sun Internet Mail Server sims\.(\d\.[\w.]+)\)$">
1654
1656
  <description>Sun Internet Mail Server</description>
1655
1657
  <example host.name="foo.bar" service.version="4.0.2000.10.12.16.25.p8">foo.bar -- Server ESMTP (Sun Internet Mail Server sims.4.0.2000.10.12.16.25.p8)</example>
1656
1658
  <param pos="0" name="service.vendor" value="Sun"/>
@@ -1664,7 +1666,7 @@
1664
1666
  <param pos="2" name="service.version"/>
1665
1667
  </fingerprint>
1666
1668
 
1667
- <fingerprint pattern="^(?:2.0.0 )?([^ ]+) ESMTP ecelerity (\d\.[\d.]+) r\(([^)]+)\) (\w\w\w, \d+ \w\w\w \d\d\d\d [\d:]+ [-+]\d\d\d\d) *$">
1669
+ <fingerprint pattern="^(?:2.0.0 )?([^ ]{1,512}) ESMTP ecelerity (\d\.[\d.]+) r\(([^)]+)\) (\w\w\w, \d+ \w\w\w \d\d\d\d [\d:]+ [-+]\d\d\d\d) *$">
1668
1670
  <description>Ecelerity</description>
1669
1671
  <example host.name="foo.bar" system.time="Thu, 30 Nov 2017 05:11:00 -0500">2.0.0 foo.bar ESMTP ecelerity 4.0.0.43760 r(Platform:4.0.0.1) Thu, 30 Nov 2017 05:11:00 -0500</example>
1670
1672
  <example>foo.bar ESMTP ecelerity 3.3.1.44388 r(44388) Thu, 30 Nov 2017 03:10:11 -0700</example>
@@ -1680,7 +1682,7 @@
1680
1682
  <param pos="4" name="system.time"/>
1681
1683
  </fingerprint>
1682
1684
 
1683
- <fingerprint pattern="^(?i)([^ ]+) SMTP Server SLMail v?(\d\.[\d.]+) Ready ESMTP spoken here *$">
1685
+ <fingerprint pattern="(?i)^([^ ]{1,512}) SMTP Server SLMail v?(\d\.[\d.]+) Ready ESMTP spoken here *$">
1684
1686
  <description>Seattle Labs SLMail server for Windows NT/2k (v2.7 runs on Win9x)</description>
1685
1687
  <example service.version="2.7">foo.bar Smtp Server SLMail v2.7 Ready ESMTP spoken here</example>
1686
1688
  <example service.version="3.2.3113">foo.bar SMTP Server SLmail 3.2.3113 Ready ESMTP spoken here</example>
@@ -1692,7 +1694,7 @@
1692
1694
  <param pos="2" name="service.version"/>
1693
1695
  </fingerprint>
1694
1696
 
1695
- <fingerprint pattern="^([^ ]+) +ESMTP Symantec Mail Security$">
1697
+ <fingerprint pattern="^([^ ]{1,512}) +ESMTP Symantec Mail Security$">
1696
1698
  <description>Symantec Mail Security for SMTP</description>
1697
1699
  <example host.name="foo.bar">foo.bar ESMTP Symantec Mail Security</example>
1698
1700
  <param pos="0" name="service.vendor" value="Symantec"/>
@@ -1701,7 +1703,7 @@
1701
1703
  <param pos="1" name="host.name"/>
1702
1704
  </fingerprint>
1703
1705
 
1704
- <fingerprint pattern="^([^ ]+) ESMTP Symantec Messaging Gateway$">
1706
+ <fingerprint pattern="^([^ ]{1,512}) ESMTP Symantec Messaging Gateway$">
1705
1707
  <description>Symantec Mail Gateway</description>
1706
1708
  <example host.name="foo.bar">foo.bar ESMTP Symantec Messaging Gateway</example>
1707
1709
  <param pos="0" name="service.vendor" value="Symantec"/>
@@ -1712,7 +1714,7 @@
1712
1714
 
1713
1715
  <!-- SonicWall makes hardware, virtual appliances, and Windows software. The banner doesn't indicate which. -->
1714
1716
 
1715
- <fingerprint pattern="^(?i)([^ ]+) ESMTP SonicWALL \(([\d.]+)\)$">
1717
+ <fingerprint pattern="(?i)^([^ ]{1,512}) ESMTP SonicWALL \(([\d.]+)\)$">
1716
1718
  <description>SonicWall Email Security</description>
1717
1719
  <example host.name="foo.bar" service.version="9.0.5.2077">foo.bar ESMTP SonicWALL (9.0.5.2077)</example>
1718
1720
  <example host.name="foo.bar" service.version="9.1.1.3113">foo.bar ESMTP SonicWall (9.1.1.3113)</example>
@@ -1721,9 +1723,10 @@
1721
1723
  <param pos="0" name="service.product" value="Email Security"/>
1722
1724
  <param pos="1" name="host.name"/>
1723
1725
  <param pos="2" name="service.version"/>
1726
+ <param pos="0" name="service.cpe23" value="cpe:/a:sonicwall:email_security:{service.version}"/>
1724
1727
  </fingerprint>
1725
1728
 
1726
- <fingerprint pattern="^([^ ]+) \(PowerMTA\(TM\) v([\d.r]+)\) ESMTP service ready$">
1729
+ <fingerprint pattern="^([^ ]{1,512}) \(PowerMTA\(TM\) v([\d.r]+)\) ESMTP service ready$">
1727
1730
  <description>PowerMTA</description>
1728
1731
  <example host.name="foo.bar" service.version="3.2r24">foo.bar (PowerMTA(TM) v3.2r24) ESMTP service ready</example>
1729
1732
  <param pos="0" name="service.vendor" value="port25"/>
@@ -1733,7 +1736,7 @@
1733
1736
  <param pos="2" name="service.version"/>
1734
1737
  </fingerprint>
1735
1738
 
1736
- <fingerprint pattern="^([^ ]+) +VOPmail ESMTP Receiver Version (\d\.[\d.]+) Ready$">
1739
+ <fingerprint pattern="^([^ ]{1,512}) +VOPmail ESMTP Receiver Version (\d\.[\d.]+) Ready$">
1737
1740
  <description>VOPMail http://www.vircom.com/en/products/vopmail/vopmail.shtml</description>
1738
1741
  <example host.name="foo.bar" service.version="4.0.179.0">foo.bar VOPmail ESMTP Receiver Version 4.0.179.0 Ready</example>
1739
1742
  <param pos="0" name="service.vendor" value="Vircom"/>
@@ -1743,7 +1746,7 @@
1743
1746
  <param pos="2" name="service.version"/>
1744
1747
  </fingerprint>
1745
1748
 
1746
- <fingerprint pattern="^([^ ]+) VPOP3 E?SMTP Server (?:Ready|access not allowed!)$">
1749
+ <fingerprint pattern="^([^ ]{1,512}) VPOP3 E?SMTP Server (?:Ready|access not allowed!)$">
1747
1750
  <description>VPOP3 Email server: http://www.pscs.co.uk/products/vpop3/index.html</description>
1748
1751
  <example>foo.bar VPOP3 ESMTP Server Ready</example>
1749
1752
  <example>foo.bar VPOP3 SMTP Server Ready</example>
@@ -1754,7 +1757,7 @@
1754
1757
  <param pos="1" name="host.name"/>
1755
1758
  </fingerprint>
1756
1759
 
1757
- <fingerprint pattern="^([^ ]+) WebShield SMTP V([^ ]+\.[^ ]+) (:?[^ ]+)? ?Network Associates.*Ready at (.+) *$">
1760
+ <fingerprint pattern="^([^ ]{1,512}) WebShield SMTP V([^ ]+\.[^ ]+) ([^ ]+)? ?Network Associates.*Ready at (.+) *$">
1758
1761
  <description>McAfee WebShield</description>
1759
1762
  <example host.name="foo.bar" service.version="4.5" service.version.version="MR1a">foo.bar WebShield SMTP V4.5 MR1a Network Associates, Inc. Ready at Thu Nov 30 09:15:32 2017</example>
1760
1763
  <example host.name="foo.bar" service.version="4.5" system.time="Thu Nov 30 09:15:32 2017">foo.bar WebShield SMTP V4.5 Network Associates, Inc. Ready at Thu Nov 30 09:15:32 2017</example>
@@ -1769,7 +1772,7 @@
1769
1772
  <param pos="4" name="system.time"/>
1770
1773
  </fingerprint>
1771
1774
 
1772
- <fingerprint pattern="^([^ ]+) McAfee WebShield ASaP v([^ ]+\.[^ ]+\.[^ ]+): (.+) *$">
1775
+ <fingerprint pattern="^([^ ]{1,512}) McAfee WebShield ASaP v([^ ]+\.[^ ]+\.[^ ]+): (.+) *$">
1773
1776
  <description>McAfee Webshield ASaP (bundled hardware / software)</description>
1774
1777
  <example host.name="foo.bar" service.version="1.0.1" system.time="Sun, 29 Jul 2001 22:46:18 -0700">foo.bar McAfee WebShield ASaP v1.0.1: Sun, 29 Jul 2001 22:46:18 -0700</example>
1775
1778
  <param pos="0" name="service.vendor" value="McAfee"/>
@@ -1785,7 +1788,7 @@
1785
1788
  <param pos="3" name="system.time"/>
1786
1789
  </fingerprint>
1787
1790
 
1788
- <fingerprint pattern="^([^ ]+) McAfee VirusScreen ASaP v([^ ]+\.[^ ]+): (.+) *$">
1791
+ <fingerprint pattern="^([^ ]{1,512}) McAfee VirusScreen ASaP v([^ ]+\.[^ ]+): (.+) *$">
1789
1792
  <description>McAfee VirusScreen</description>
1790
1793
  <example host.name="foo.bar" service.version="1.1" system.time="Sun, 20 Jul 2003 09:20:52 -0700">foo.bar McAfee VirusScreen ASaP v1.1: Sun, 20 Jul 2003 09:20:52 -0700</example>
1791
1794
  <param pos="0" name="service.vendor" value="McAfee"/>
@@ -1801,7 +1804,7 @@
1801
1804
  <param pos="3" name="system.time"/>
1802
1805
  </fingerprint>
1803
1806
 
1804
- <fingerprint pattern="^([^ ]+) ESMTP Lyris ListManager service ready$">
1807
+ <fingerprint pattern="^([^ ]{1,512}) ESMTP Lyris ListManager service ready$">
1805
1808
  <description>Lyris ListManager</description>
1806
1809
  <example host.name="foo.bar">foo.bar ESMTP Lyris ListManager service ready</example>
1807
1810
  <param pos="0" name="service.vendor" value="Lyris"/>
@@ -1810,7 +1813,7 @@
1810
1813
  <param pos="1" name="host.name"/>
1811
1814
  </fingerprint>
1812
1815
 
1813
- <fingerprint pattern="^([^ ]+) ESMTP - WinRoute Pro ([^ ]+\.[^ ]+)$">
1816
+ <fingerprint pattern="^([^ ]{1,512}) ESMTP - WinRoute Pro ([^ ]+\.[^ ]+)$">
1814
1817
  <description>WinRoute Pro, runs on 9x/NT/2k http://www.tinysoftware.com/winpro.php</description>
1815
1818
  <example host.name="foo.bar" service.version="4.2.4">foo.bar ESMTP - WinRoute Pro 4.2.4</example>
1816
1819
  <param pos="0" name="service.family" value="WinRoute"/>
@@ -1829,7 +1832,7 @@
1829
1832
  <param pos="2" name="system.time"/>
1830
1833
  </fingerprint>
1831
1834
 
1832
- <fingerprint pattern="^([^ ]+) ZMailer Server (\d\.[\d.]+) #([^ ]+) ESMTP ready at (.+) *$">
1835
+ <fingerprint pattern="^([^ ]{1,512}) ZMailer Server (\d\.[\d.]+) #([^ ]+) ESMTP ready at (.+) *$">
1833
1836
  <description>ZMailer http://www.zmailer.org/technical.html</description>
1834
1837
  <example service.version="2.99.57" service.version.version="1">foo.bar ZMailer Server 2.99.57 #1 ESMTP ready at Thu, 16 Nov 2017 12:00:12 +0300</example>
1835
1838
  <param pos="0" name="service.vendor" value="ZMailer"/>
@@ -1842,7 +1845,7 @@
1842
1845
  <param pos="4" name="system.time"/>
1843
1846
  </fingerprint>
1844
1847
 
1845
- <fingerprint pattern="^([^ ]+) ZMailer Server (\d\.[\d.]+) #([^ ]+) ESMTP\+IDENT ready at (.+) *$">
1848
+ <fingerprint pattern="^([^ ]{1,512}) ZMailer Server (\d\.[\d.]+) #([^ ]+) ESMTP\+IDENT ready at (.+) *$">
1846
1849
  <description>ZMailer server that supports IDENT</description>
1847
1850
  <example service.version="2.99.55" service.version.version="16">foo.bar ZMailer Server 2.99.55 #16 ESMTP+IDENT ready at Thu, 16 Nov 2017 06:51:42 -0300</example>
1848
1851
  <param pos="0" name="service.vendor" value="ZMailer"/>
@@ -1856,7 +1859,7 @@
1856
1859
  <param pos="4" name="system.time"/>
1857
1860
  </fingerprint>
1858
1861
 
1859
- <fingerprint pattern="^([^ ]+) Kerio Connect (\d\.[\d.]+) (?:patch (\d) )?ESMTP ready$">
1862
+ <fingerprint pattern="^([^ ]{1,512}) Kerio Connect (\d\.[\d.]+) (?:patch (\d) )?ESMTP ready$">
1860
1863
  <description>Kerio Connect ESMTP</description>
1861
1864
  <example host.name="foo.bar" service.version="8.0.2">foo.bar Kerio Connect 8.0.2 ESMTP ready</example>
1862
1865
  <example service.version="9.2.5" service.version.version="3">foo.bar Kerio Connect 9.2.5 patch 3 ESMTP ready</example>
@@ -1868,7 +1871,7 @@
1868
1871
  <param pos="3" name="service.version.version"/>
1869
1872
  </fingerprint>
1870
1873
 
1871
- <fingerprint pattern="^([^ ]+) ESMTP CommuniGate Pro (\d\.[\w.]+)(?:. It is you again :-\()?$">
1874
+ <fingerprint pattern="^([^ ]{1,512}) ESMTP CommuniGate Pro (\d\.[\w.]+)(?:. It is you again :-\()?$">
1872
1875
  <description>Communigate Pro</description>
1873
1876
  <example host.name="foo.bar" service.version="5.3.1">foo.bar ESMTP CommuniGate Pro 5.3.1</example>
1874
1877
  <example host.name="foo.bar" service.version="6.2c3">foo.bar ESMTP CommuniGate Pro 6.2c3</example>
@@ -1881,7 +1884,7 @@
1881
1884
  <param pos="0" name="service.cpe23" value="cpe:/a:communigate:communigate_pro:{service.version}"/>
1882
1885
  </fingerprint>
1883
1886
 
1884
- <fingerprint pattern="^(\S+) NO UCE NO UBE NO RELAY PROBES ESMTP">
1887
+ <fingerprint pattern="^(\S{1,512}) NO UCE NO UBE NO RELAY PROBES ESMTP">
1885
1888
  <description>Twisted SMTP server</description>
1886
1889
  <example host.name="foo.bar">foo.bar NO UCE NO UBE NO RELAY PROBES ESMTP</example>
1887
1890
  <param pos="0" name="service.vendor" value="Twisted Matrix Labs"/>
@@ -1909,7 +1912,7 @@
1909
1912
  <param pos="1" name="service.version"/>
1910
1913
  </fingerprint>
1911
1914
 
1912
- <fingerprint pattern="^([^ ]+) Service ready by David.fx \((\d+)\) ESMTP Server \(Tobit.Software, Germany\)$">
1915
+ <fingerprint pattern="^([^ ]{1,512}) Service ready by David.fx \((\d+)\) ESMTP Server \(Tobit.Software, Germany\)$">
1913
1916
  <description>Tobit Software David</description>
1914
1917
  <example service.version="0486">foo.bar Service ready by David.fx (0486) ESMTP Server (Tobit.Software, Germany)</example>
1915
1918
  <param pos="0" name="service.vendor" value="Tobit Software"/>
@@ -1919,14 +1922,14 @@
1919
1922
  <param pos="2" name="service.version"/>
1920
1923
  </fingerprint>
1921
1924
 
1922
- <fingerprint pattern="^(?i)(\S+) E?SMTP Perl">
1925
+ <fingerprint pattern="(?i)^(\S{1,512}) E?SMTP Perl">
1923
1926
  <description>Some simple PERL SMTP server</description>
1924
1927
  <example host.name="foo.bar">foo.bar ESMTP Perl</example>
1925
1928
  <param pos="0" name="service.product" value="Perl"/>
1926
1929
  <param pos="1" name="host.name"/>
1927
1930
  </fingerprint>
1928
1931
 
1929
- <fingerprint pattern="^(?i)(?:([^ ]+) )?E?SMTP(?: (?:Service )?Ready\.?)?$">
1932
+ <fingerprint pattern="(?i)^(?:([^ ]{1,512}) )?E?SMTP(?: (?:Service )?Ready\.?)?$">
1930
1933
  <description>Non-specific banner with optional hostname</description>
1931
1934
  <example host.name="foo.bar">foo.bar ESMTP</example>
1932
1935
  <example host.name="foo.bar">foo.bar ESMTP Ready</example>
@@ -1938,7 +1941,7 @@
1938
1941
  <param pos="1" name="host.name"/>
1939
1942
  </fingerprint>
1940
1943
 
1941
- <fingerprint pattern="^([^ ]+) ESMTP OpenSMTPD$">
1944
+ <fingerprint pattern="^([^ ]{1,512}) ESMTP OpenSMTPD$">
1942
1945
  <description>OpenSMPTD</description>
1943
1946
  <example host.name="foo.bar">foo.bar ESMTP OpenSMTPD</example>
1944
1947
  <param pos="0" name="service.vendor" value="OpenBSD"/>