recog 2.3.20 → 2.3.23

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (83) hide show
  1. checksums.yaml +4 -4
  2. data/.github/dependabot.yml +8 -0
  3. data/.github/workflows/ci.yml +1 -1
  4. data/.github/workflows/verify.yml +89 -0
  5. data/.vscode/bin/monitor-recog-fingerprints.sh +54 -0
  6. data/.vscode/extensions.json +5 -0
  7. data/.vscode/settings.json +8 -0
  8. data/.vscode/tasks.json +77 -0
  9. data/CONTRIBUTING.md +8 -0
  10. data/README.md +17 -0
  11. data/bin/recog_standardize +28 -13
  12. data/bin/recog_verify +42 -8
  13. data/cpe-remap.yaml +62 -3
  14. data/features/data/schema_failure.xml +4 -0
  15. data/features/data/tests_with_failures.xml +6 -0
  16. data/features/support/hooks.rb +9 -0
  17. data/features/verify.feature +85 -21
  18. data/identifiers/fields.txt +6 -5
  19. data/identifiers/hw_device.txt +8 -0
  20. data/identifiers/hw_family.txt +8 -0
  21. data/identifiers/hw_product.txt +54 -0
  22. data/identifiers/os_device.txt +2 -0
  23. data/identifiers/os_family.txt +2 -0
  24. data/identifiers/os_product.txt +18 -2
  25. data/identifiers/service_product.txt +26 -0
  26. data/identifiers/vendor.txt +62 -1
  27. data/lib/recog/db.rb +2 -1
  28. data/lib/recog/fingerprint.rb +33 -6
  29. data/lib/recog/fingerprint_parse_error.rb +10 -0
  30. data/lib/recog/nizer.rb +1 -82
  31. data/lib/recog/verifier.rb +9 -9
  32. data/lib/recog/verify_reporter.rb +17 -6
  33. data/lib/recog/version.rb +1 -1
  34. data/requirements.txt +1 -1
  35. data/spec/data/external_example_fingerprint/hp_printer_ex_01.txt +1 -0
  36. data/spec/data/external_example_fingerprint/hp_printer_ex_02.txt +1 -0
  37. data/spec/data/external_example_fingerprint.xml +8 -0
  38. data/spec/data/external_example_illegal_path_fingerprint.xml +7 -0
  39. data/spec/lib/fingerprint_self_test_spec.rb +1 -0
  40. data/spec/lib/recog/db_spec.rb +84 -61
  41. data/spec/lib/recog/fingerprint_spec.rb +4 -4
  42. data/spec/lib/recog/verify_reporter_spec.rb +73 -4
  43. data/tools/dev/hooks/pre-commit +21 -0
  44. data/update_cpes.py +130 -37
  45. data/xml/apache_os.xml +98 -56
  46. data/xml/architecture.xml +15 -1
  47. data/xml/dhcp_vendor_class.xml +206 -0
  48. data/xml/dns_versionbind.xml +26 -13
  49. data/xml/favicons.xml +236 -47
  50. data/xml/fingerprints.xsd +9 -1
  51. data/xml/ftp_banners.xml +213 -197
  52. data/xml/h323_callresp.xml +101 -101
  53. data/xml/hp_pjl_id.xml +84 -84
  54. data/xml/html_title.xml +715 -45
  55. data/xml/http_cookies.xml +143 -80
  56. data/xml/http_servers.xml +510 -310
  57. data/xml/http_wwwauth.xml +177 -75
  58. data/xml/imap_banners.xml +10 -10
  59. data/xml/mdns_device-info_txt.xml +421 -26
  60. data/xml/mysql_banners.xml +3 -2
  61. data/xml/nntp_banners.xml +12 -9
  62. data/xml/ntp_banners.xml +97 -97
  63. data/xml/operating_system.xml +98 -83
  64. data/xml/pop_banners.xml +27 -27
  65. data/xml/rsh_resp.xml +3 -3
  66. data/xml/sip_banners.xml +46 -8
  67. data/xml/sip_user_agents.xml +180 -27
  68. data/xml/smb_native_lm.xml +5 -5
  69. data/xml/smb_native_os.xml +28 -25
  70. data/xml/smtp_banners.xml +258 -254
  71. data/xml/smtp_ehlo.xml +1 -1
  72. data/xml/smtp_help.xml +11 -11
  73. data/xml/smtp_noop.xml +2 -2
  74. data/xml/snmp_sysdescr.xml +1554 -1429
  75. data/xml/snmp_sysobjid.xml +27 -27
  76. data/xml/ssh_banners.xml +27 -20
  77. data/xml/telnet_banners.xml +256 -57
  78. data/xml/tls_jarm.xml +48 -6
  79. data/xml/x11_banners.xml +3 -3
  80. data/xml/x509_issuers.xml +69 -2
  81. data/xml/x509_subjects.xml +144 -33
  82. metadata +24 -4
  83. data/lib/recog/verifier_factory.rb +0 -13
data/xml/smtp_banners.xml CHANGED
@@ -23,7 +23,7 @@
23
23
 
24
24
  <fingerprint pattern="^X1 NT-ESMTP Server ([^ ]+) \(IMail (\d+\.[^ ]+) EVAL \d+-\d+\)$">
25
25
  <description>IMail - EVAL version</description>
26
- <example service.version="6.06">X1 NT-ESMTP Server foo.bar (IMail 6.06 EVAL 11347-1)</example>
26
+ <example service.version="6.06" host.name="foo.bar">X1 NT-ESMTP Server foo.bar (IMail 6.06 EVAL 11347-1)</example>
27
27
  <param pos="0" name="service.vendor" value="Ipswitch"/>
28
28
  <param pos="0" name="service.family" value="IMail Server"/>
29
29
  <param pos="0" name="service.product" value="IMail Server"/>
@@ -35,7 +35,7 @@
35
35
 
36
36
  <fingerprint pattern="^X1 NT-ESMTP Server ([^ ]+) \(IMail (\d+\.[^ ]+) \d+-\d+\)$">
37
37
  <description>IMail - non-EVAL version</description>
38
- <example service.version="6.06">X1 NT-ESMTP Server foo.bar (IMail 6.06 899085-1)</example>
38
+ <example service.version="6.06" host.name="foo.bar">X1 NT-ESMTP Server foo.bar (IMail 6.06 899085-1)</example>
39
39
  <param pos="0" name="service.vendor" value="Ipswitch"/>
40
40
  <param pos="0" name="service.family" value="IMail Server"/>
41
41
  <param pos="0" name="service.product" value="IMail Server"/>
@@ -44,9 +44,9 @@
44
44
  <param pos="1" name="host.name"/>
45
45
  </fingerprint>
46
46
 
47
- <fingerprint pattern="^([^ ]+) \(IMail (\d+\.[^ ]+) \d+-\d+\) NT-ESMTP Server X1$">
47
+ <fingerprint pattern="^([^ ]{1,512}) \(IMail (\d+\.[^ ]+) \d+-\d+\) NT-ESMTP Server X1$">
48
48
  <description>IMail - non-EVAL version, NT-ESMTP at end</description>
49
- <example service.version="12.4.2.27">foo.bar (IMail 12.4.2.27 21349-1) NT-ESMTP Server X1</example>
49
+ <example host.name="foo.bar" service.version="12.4.2.27">foo.bar (IMail 12.4.2.27 21349-1) NT-ESMTP Server X1</example>
50
50
  <param pos="0" name="service.vendor" value="Ipswitch"/>
51
51
  <param pos="0" name="service.family" value="IMail Server"/>
52
52
  <param pos="0" name="service.product" value="IMail Server"/>
@@ -55,7 +55,7 @@
55
55
  <param pos="1" name="host.name"/>
56
56
  </fingerprint>
57
57
 
58
- <fingerprint pattern="^([^ ]+) SMTP AnalogX Proxy ([^ ]+\.[^ ]+) \(Release\) ready *$">
58
+ <fingerprint pattern="^([^ ]{1,512}) SMTP AnalogX Proxy ([^ ]+\.[^ ]+) \(Release\) ready *$">
59
59
  <description>AnalogX proxy (http://www.analogx.com/contents/download/network/proxy.htm)</description>
60
60
  <example host.name="192.168.1.1" service.version="4.15">192.168.1.1 SMTP AnalogX Proxy 4.15 (Release) ready</example>
61
61
  <param pos="0" name="service.vendor" value="AnalogX"/>
@@ -80,7 +80,7 @@
80
80
  <param pos="0" name="service.cpe23" value="cpe:/a:argosoft:mail_server:{service.version}"/>
81
81
  </fingerprint>
82
82
 
83
- <fingerprint pattern="^^(?:(\S+) +)?ArGoSoft Mail Server Freeware, Version [^ ]+ \(([^ ]+\.[^ ]+\.[^ ]+\.[^ ]+)\) *$">
83
+ <fingerprint pattern="^(?:(\S{1,512}) {1,8})?ArGoSoft Mail Server Freeware, Version [^ ]+ \(([^ ]+\.[^ ]+\.[^ ]+\.[^ ]+)\) *$">
84
84
  <description>ArGoSoft Mail Server - freeware version</description>
85
85
  <example host.name="foo.bar" service.version="1.8.8.8">foo.bar ArGoSoft Mail Server Freeware, Version 1.8 (1.8.8.8)</example>
86
86
  <example service.version="1.8.8.8">ArGoSoft Mail Server Freeware, Version 1.8 (1.8.8.8)</example>
@@ -96,7 +96,7 @@
96
96
  <param pos="1" name="host.name"/>
97
97
  </fingerprint>
98
98
 
99
- <fingerprint pattern="^(?:(\S+) +)?ArGoSoft Mail Server Pro for WinNT\/2000(?:\/XP)?, Version [^ ]+ \(([^ ]+\.[^ ]+\.[^ ]+\.[^ ]+)\) *$">
99
+ <fingerprint pattern="^(?:(\S{1,512}) {1,8})?ArGoSoft Mail Server Pro for WinNT\/2000(?:\/XP)?, Version [^ ]+ \(([^ ]+\.[^ ]+\.[^ ]+\.[^ ]+)\) *$">
100
100
  <description>ArGoSoft Mail Server - Pro version</description>
101
101
  <example service.version="1.6.1.8">ArGoSoft Mail Server Pro for WinNT/2000, Version 1.61 (1.6.1.8)</example>
102
102
  <example service.version="1.8.9.5">ArGoSoft Mail Server Pro for WinNT/2000/XP, Version 1.8 (1.8.9.5)</example>
@@ -113,10 +113,10 @@
113
113
  <param pos="0" name="service.cpe23" value="cpe:/a:argosoft:mail_server:{service.version}"/>
114
114
  </fingerprint>
115
115
 
116
- <fingerprint pattern="^([^ ]+) +AppleShare IP Mail Server ([^ ]+\.[\d.]+) SMTP Server Ready *$">
116
+ <fingerprint pattern="^([^ ]{1,512}) +AppleShare IP Mail Server ([^ ]+\.[\d.]+) SMTP Server Ready *$">
117
117
  <description>AppleShare IP Mail Server</description>
118
- <example service.version="6.2.1">foo.bar AppleShare IP Mail Server 6.2.1 SMTP Server Ready</example>
119
- <example service.version="6.2">foo.bar AppleShare IP Mail Server 6.2 SMTP Server Ready</example>
118
+ <example service.version="6.2.1" host.name="foo.bar">foo.bar AppleShare IP Mail Server 6.2.1 SMTP Server Ready</example>
119
+ <example service.version="6.2" host.name="foo.bar">foo.bar AppleShare IP Mail Server 6.2 SMTP Server Ready</example>
120
120
  <param pos="0" name="service.vendor" value="Apple"/>
121
121
  <param pos="0" name="service.family" value="AppleShare IP Mail Server"/>
122
122
  <param pos="0" name="service.product" value="AppleShare IP Mail Server"/>
@@ -162,7 +162,7 @@
162
162
  Search Cisco's documentation for "fixup protocol SMTP" for more information.
163
163
  -->
164
164
 
165
- <fingerprint pattern="^[\*20 ]+$">
165
+ <fingerprint pattern="^[\*20 ]{1,1000}$">
166
166
  <description>Cisco PIX firewall MailGuard banner stripping</description>
167
167
  <example os.product="PIX">***************************</example>
168
168
  <param pos="0" name="os.vendor" value="Cisco"/>
@@ -171,7 +171,7 @@
171
171
  <param pos="0" name="os.cpe23" value="cpe:/o:cisco:pix_firewall_software:-"/>
172
172
  </fingerprint>
173
173
 
174
- <fingerprint pattern="^([^ ]+) +ESMTP CPMTA-([^ ]+)_([^ ]+)_([^ ]+)_([^ ]+) - NO UCE *$">
174
+ <fingerprint pattern="^([^ ]{1,512}) +ESMTP CPMTA-([^ ]+)_([^ ]+)_([^ ]+)_([^ ]+) - NO UCE *$">
175
175
  <description>Critical Path (aka InScribe) Messaging Server on Windows NT4/2k, Solaris 2.6/2.7/2.8 Sparc/Intel, SGI IRIX 6.5.3 or later, or AIX </description>
176
176
  <param pos="0" name="service.vendor" value="Critical Path"/>
177
177
  <param pos="0" name="service.family" value="Messaging Server"/>
@@ -192,7 +192,7 @@
192
192
  <param pos="0" name="service.product" value="Internet Mail Scanner"/>
193
193
  </fingerprint>
194
194
 
195
- <fingerprint pattern="^([^ ]+) +IMS SMTP Receiver Version ([^ ]+\.[^ ]+) Ready *$">
195
+ <fingerprint pattern="^([^ ]{1,512}) +IMS SMTP Receiver Version ([^ ]+\.[^ ]+) Ready *$">
196
196
  <description>EMWAC Internet Mail Services (http://emwac.ed.ac.uk/html/internet_toolchest/ims/ims.htm)</description>
197
197
  <example service.version="0.83" host.name="foo.bar">foo.bar IMS SMTP Receiver Version 0.83 Ready</example>
198
198
  <param pos="0" name="service.vendor" value="EMWAC"/>
@@ -202,7 +202,7 @@
202
202
  <param pos="2" name="service.version"/>
203
203
  </fingerprint>
204
204
 
205
- <fingerprint pattern="^([^ ]+) running Eudora Internet Mail Server (\d\.[\d.]+) *$">
205
+ <fingerprint pattern="^([^ ]{1,512}) running Eudora Internet Mail Server (\d\.[\d.]+) *$">
206
206
  <description>Eudora Internet Mail Server</description>
207
207
  <example service.version="3.0.2" host.name="foo.bar">foo.bar running Eudora Internet Mail Server 3.0.2</example>
208
208
  <example service.version="2.2" host.name="foo.bar">foo.bar running Eudora Internet Mail Server 2.2</example>
@@ -212,12 +212,12 @@
212
212
  <param pos="0" name="os.vendor" value="Apple"/>
213
213
  <param pos="0" name="os.family" value="Mac OS"/>
214
214
  <param pos="0" name="os.product" value="Mac OS"/>
215
- <param pos="0" name="os.cpe23" value="cpe:/o:apple:mac_os:-"/>
215
+ <param pos="0" name="os.cpe23" value="cpe:/o:apple:macos:-"/>
216
216
  <param pos="1" name="host.name"/>
217
217
  <param pos="2" name="service.version"/>
218
218
  </fingerprint>
219
219
 
220
- <fingerprint pattern="^([^ ]+) +ESMTP Server \(Microsoft Exchange Internet Mail Service (\d+\.\d+\.\d+\.\d+)\) ready *$">
220
+ <fingerprint pattern="^([^ ]{1,512}) +ESMTP Server \(Microsoft Exchange Internet Mail Service (\d+\.\d+\.\d+\.\d+)\) ready *$">
221
221
  <description>Microsoft Exchange Server 5.5 and above (for sure, can't be confused with the IIS builtin SMTP service)</description>
222
222
  <example host.name="foo.bar" service.version="5.5.2653.13">foo.bar ESMTP Server (Microsoft Exchange Internet Mail Service 5.5.2653.13) ready</example>
223
223
  <param pos="0" name="service.vendor" value="Microsoft"/>
@@ -232,7 +232,7 @@
232
232
  <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows:-"/>
233
233
  </fingerprint>
234
234
 
235
- <fingerprint pattern="^([^ ]+) Microsoft Exchange Internet Mail Service (\d+\.\d+\.\d+\.\d+) ready *$">
235
+ <fingerprint pattern="^([^ ]{1,512}) Microsoft Exchange Internet Mail Service (\d+\.\d+\.\d+\.\d+) ready *$">
236
236
  <description>Microsoft Exchange Server 5.0 (for sure, can't be confused with the IIS builtin SMTP service)</description>
237
237
  <example host.name="foo.bar" service.version="5.0.1460.8">foo.bar Microsoft Exchange Internet Mail Service 5.0.1460.8 ready</example>
238
238
  <param pos="0" name="service.vendor" value="Microsoft"/>
@@ -247,9 +247,9 @@
247
247
  <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows:-"/>
248
248
  </fingerprint>
249
249
 
250
- <fingerprint pattern="^([^ ]+) Microsoft ESMTP MAIL Service ready at .*$">
250
+ <fingerprint pattern="^([^ ]{1,512}) Microsoft ESMTP MAIL Service ready at">
251
251
  <description>Microsoft Exchange 2007/2010 (for sure, can't be confused with the IIS builtin SMTP service)</description>
252
- <example>foo.bar Microsoft ESMTP MAIL Service ready at Wed, 21 Jul 2010 19:04:24 -0700</example>
252
+ <example host.name="foo.bar">foo.bar Microsoft ESMTP MAIL Service ready at Wed, 21 Jul 2010 19:04:24 -0700</example>
253
253
  <param pos="0" name="service.vendor" value="Microsoft"/>
254
254
  <param pos="0" name="service.family" value="Exchange Server"/>
255
255
  <param pos="0" name="service.product" value="Exchange Server"/>
@@ -261,9 +261,10 @@
261
261
  <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows:-"/>
262
262
  </fingerprint>
263
263
 
264
- <fingerprint pattern="^(:?[^ ]+)? ?Microsoft ESMTP MAIL Service, Version: +(10\.0\.14393\.[\d.]+) +ready +(?:at +)?(.+)$">
264
+ <fingerprint pattern="^([^ ]{1,512})? ?Microsoft ESMTP MAIL Service, Version: +(10\.0\.14393\.[\d.]+) +ready +(?:at +)?(.+)$">
265
265
  <description>Microsoft IIS builtin SMTP service - Windows Server 2016</description>
266
- <example host.name="foo.bar" service.version="10.0.14393.2608">foo.bar Microsoft ESMTP MAIL Service, Version: 10.0.14393.2608 ready at Sun, 19 May 2019 09:04:29 -0500</example>
266
+ <example host.name="foo.bar" service.version="10.0.14393.2608" system.time="Sun, 19 May 2019 09:04:29 -0500">foo.bar Microsoft ESMTP MAIL Service, Version: 10.0.14393.2608 ready at Sun, 19 May 2019 09:04:29 -0500</example>
267
+ <example service.version="10.0.14393.2608" system.time="Sun, 19 May 2019 09:04:29 -0500"> Microsoft ESMTP MAIL Service, Version: 10.0.14393.2608 ready at Sun, 19 May 2019 09:04:29 -0500</example>
267
268
  <param pos="0" name="service.vendor" value="Microsoft"/>
268
269
  <param pos="0" name="service.family" value="IIS"/>
269
270
  <param pos="0" name="service.product" value="IIS"/>
@@ -278,9 +279,9 @@
278
279
  <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows_server_2016:-"/>
279
280
  </fingerprint>
280
281
 
281
- <fingerprint pattern="^(:?[^ ]+)? ?Microsoft ESMTP MAIL Service, Version: +(10\.0\.17763\.[\d.]+) +ready +(?:at +)?(.+)$">
282
+ <fingerprint pattern="^([^ ]{1,512})? ?Microsoft ESMTP MAIL Service, Version: +(10\.0\.17763\.[\d.]+) +ready +(?:at +)?(.+)$">
282
283
  <description>Microsoft IIS builtin SMTP service - Windows Server 2019</description>
283
- <example host.name="foo.bar" service.version="10.0.17763.1">foo.bar Microsoft ESMTP MAIL Service, Version: 10.0.17763.1 ready at Sun, 19 May 2019 09:04:29 -0500</example>
284
+ <example host.name="foo.bar" service.version="10.0.17763.1" system.time="Sun, 19 May 2019 09:04:29 -0500">foo.bar Microsoft ESMTP MAIL Service, Version: 10.0.17763.1 ready at Sun, 19 May 2019 09:04:29 -0500</example>
284
285
  <param pos="0" name="service.vendor" value="Microsoft"/>
285
286
  <param pos="0" name="service.family" value="IIS"/>
286
287
  <param pos="0" name="service.product" value="IIS"/>
@@ -295,9 +296,9 @@
295
296
  <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows_server_2019:-"/>
296
297
  </fingerprint>
297
298
 
298
- <fingerprint pattern="^([^ ]+) Microsoft SMTP MAIL ready at (.+) Version: +(\d+\.\d+\.\d+\.\d+\.\d+) *$">
299
+ <fingerprint pattern="^([^ ]{1,512}) Microsoft SMTP MAIL ready at (.+) Version: +(\d+\.\d+\.\d+\.\d+\.\d+) *$">
299
300
  <description>Microsoft IIS builtin SMTP service, or Microsoft Exchange Server (they are differentiated from each other in smtp-iis.clp) - variant 1</description>
300
- <example host.name="foo.bar" service.version="5.5.1877.197.19">foo.bar Microsoft SMTP MAIL ready at Wed, 29 Nov 2017 23:48:59 +0000 Version: 5.5.1877.197.19</example>
301
+ <example host.name="foo.bar" service.version="5.5.1877.197.19" system.time="Wed, 29 Nov 2017 23:48:59 +0000">foo.bar Microsoft SMTP MAIL ready at Wed, 29 Nov 2017 23:48:59 +0000 Version: 5.5.1877.197.19</example>
301
302
  <param pos="0" name="service.vendor" value="Microsoft"/>
302
303
  <param pos="0" name="service.family" value="IIS"/>
303
304
  <param pos="0" name="service.product" value="IIS"/>
@@ -312,10 +313,10 @@
312
313
  <param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows:-"/>
313
314
  </fingerprint>
314
315
 
315
- <fingerprint pattern="^(:?[^ ]+)? ?Microsoft ESMTP MAIL Service, Version: +(\d+\.\d+\.\d+\.\d+)(?: +ready)?(?: +(?:at +)?(\w\w\w, \d.+))?$">
316
+ <fingerprint pattern="^([^ ]{1,512})? ?Microsoft ESMTP MAIL Service, Version: +(\d+\.\d+\.\d+\.\d+)(?: +ready)?(?: +(?:at +)?(\w\w\w, \d.+))?$">
316
317
  <description>Microsoft IIS builtin SMTP service, or Microsoft Exchange Server (they are differentiated from each other in smtp-iis.clp) - variant 2 </description>
317
- <example service.version="5.0.2195.5329"> Microsoft ESMTP MAIL Service, Version: 5.0.2195.5329 ready Thu, 30 Nov 2017 11:40:25 +0200</example>
318
- <example service.version="6.0.3790.4675" host.name="foo.bar">foo.bar Microsoft ESMTP MAIL Service, Version: 6.0.3790.4675 ready at Wed, 21 Jul 2010 19:04:24 -0700</example>
318
+ <example service.version="5.0.2195.5329" system.time="Thu, 30 Nov 2017 11:40:25 +0200"> Microsoft ESMTP MAIL Service, Version: 5.0.2195.5329 ready Thu, 30 Nov 2017 11:40:25 +0200</example>
319
+ <example service.version="6.0.3790.4675" host.name="foo.bar" system.time="Wed, 21 Jul 2010 19:04:24 -0700">foo.bar Microsoft ESMTP MAIL Service, Version: 6.0.3790.4675 ready at Wed, 21 Jul 2010 19:04:24 -0700</example>
319
320
  <example service.version="6.0.2600.5512" system.time="Thu, 30 Nov 2017 18:22:40 +0900">Microsoft ESMTP MAIL Service, Version: 6.0.2600.5512 ready at Thu, 30 Nov 2017 18:22:40 +0900</example>
320
321
  <example service.version="6.0.3790.3959" host.name="foo.bar">foo.bar Microsoft ESMTP MAIL Service, Version: 6.0.3790.3959 ready</example>
321
322
  <example service.version="6.0.3790.1830" host.name="foo.bar">foo.bar Microsoft ESMTP MAIL Service, Version: 6.0.3790.1830</example>
@@ -344,19 +345,19 @@
344
345
  <param pos="1" name="system.time"/>
345
346
  </fingerprint>
346
347
 
347
- <fingerprint pattern="^ ?([^, ]+)(?:,)? +ESMTP \(?(?i:Exim) +(\d+\.[\d_.bdRC-]+)\)?(?: +#\d+)? ?.?((?:\w\w\w, \d+ \w\w\w \d\d\d\d [\d:]+ [-+]\d{3,4})?) *(?:We do not authorize the use of this system to transport unsolicited, and\/or bulk e-mail.)?$">
348
+ <fingerprint pattern="^ ?([^, ]{1,512}),? +ESMTP \(?(?i:Exim) +(\d+\.[\d_.bdRC-]+)\)?(?: +#\d+)? ?.?((?:\w\w\w, \d+ \w\w\w \d\d\d\d [\d:]+ [-+]\d{3,4})?) *(?:We do not authorize the use of this system to transport unsolicited, and\/or bulk e-mail.)?$">
348
349
  <description>Exim - with version string and optional timestamp</description>
349
- <example service.version="4.91" host.name="foo.bar">foo.bar ESMTP Exim 4.91 Thu, 29 Apr 2021 05:41:36 +400</example>
350
+ <example service.version="4.91" host.name="foo.bar" system.time="Thu, 29 Apr 2021 05:41:36 +400">foo.bar ESMTP Exim 4.91 Thu, 29 Apr 2021 05:41:36 +400</example>
350
351
  <example service.version="4.89" host.name="foo.bar">foo.bar ESMTP Exim 4.89 "</example>
351
352
  <example service.version="4.83" host.name="foo.bar">foo.bar, ESMTP EXIM 4.83</example>
352
353
  <example service.version="4.84_2" host.name="foo.bar">foo.bar ESMTP Exim 4.84_2 </example>
353
- <example service.version="4.90_RC3" host.name="foo.bar">foo.bar ESMTP Exim 4.90_RC3 Thu, 30 Nov 2017 03:52:16 -0700 </example>
354
- <example service.version="4.89_1b" host.name="foo.bar">foo.bar ESMTP Exim 4.89_1b Thu, 05 Apr 2018 21:30:37 +0200</example>
355
- <example service.version="4.89-122312">foo.bar ESMTP Exim 4.89-122312 Thu, 16 Nov 2017 10:33:38 +0200 </example>
356
- <example service.version="4.87">foo.bar ESMTP (Exim 4.87) Thu, 30 Nov 2017 03:25:58 -0800 </example>
357
- <example service.version="4.80" system.time="Thu, 16 Nov 2017 01:04:30 -0800">foo.bar ESMTP Exim 4.80 Thu, 16 Nov 2017 01:04:30 -0800 </example>
358
- <example service.version="4.92.2" system.time="Thu, 29 Apr 2021 07:43:39 +0200">foo.bar ESMTP Exim 4.92.2 #89 Thu, 29 Apr 2021 07:43:39 +0200 </example>
359
- <example service.version="4.89" host.name="foo.bar"> foo.bar ESMTP Exim 4.89 #1 Thu, 16 Nov 2017 04:55:31 -0500 We do not authorize the use of this system to transport unsolicited, and/or bulk e-mail.</example>
354
+ <example service.version="4.90_RC3" host.name="foo.bar" system.time="Thu, 30 Nov 2017 03:52:16 -0700">foo.bar ESMTP Exim 4.90_RC3 Thu, 30 Nov 2017 03:52:16 -0700 </example>
355
+ <example service.version="4.89_1b" host.name="foo.bar" system.time="Thu, 05 Apr 2018 21:30:37 +0200">foo.bar ESMTP Exim 4.89_1b Thu, 05 Apr 2018 21:30:37 +0200</example>
356
+ <example service.version="4.89-122312" host.name="foo.bar" system.time="Thu, 16 Nov 2017 10:33:38 +0200">foo.bar ESMTP Exim 4.89-122312 Thu, 16 Nov 2017 10:33:38 +0200 </example>
357
+ <example service.version="4.87" host.name="foo.bar" system.time="Thu, 30 Nov 2017 03:25:58 -0800">foo.bar ESMTP (Exim 4.87) Thu, 30 Nov 2017 03:25:58 -0800 </example>
358
+ <example service.version="4.80" system.time="Thu, 16 Nov 2017 01:04:30 -0800" host.name="foo.bar">foo.bar ESMTP Exim 4.80 Thu, 16 Nov 2017 01:04:30 -0800 </example>
359
+ <example service.version="4.92.2" system.time="Thu, 29 Apr 2021 07:43:39 +0200" host.name="foo.bar">foo.bar ESMTP Exim 4.92.2 #89 Thu, 29 Apr 2021 07:43:39 +0200 </example>
360
+ <example service.version="4.89" host.name="foo.bar" system.time="Thu, 16 Nov 2017 04:55:31 -0500"> foo.bar ESMTP Exim 4.89 #1 Thu, 16 Nov 2017 04:55:31 -0500 We do not authorize the use of this system to transport unsolicited, and/or bulk e-mail.</example>
360
361
  <param pos="0" name="service.vendor" value="exim"/>
361
362
  <param pos="0" name="service.family" value="exim"/>
362
363
  <param pos="0" name="service.product" value="exim"/>
@@ -367,9 +368,9 @@
367
368
  <param pos="3" name="system.time"/>
368
369
  </fingerprint>
369
370
 
370
- <fingerprint pattern="^([^, ]+)(?:,)? ESMTP (?i:Exim) +(\d+) ((?:\w\w\w, \d+ \w\w\w \d\d\d\d [\d:]+ [-+]\d\d\d\d)?) *$">
371
+ <fingerprint pattern="^([^, ]{1,512}),? ESMTP (?i:Exim) +(\d+) ((?:\w\w\w, \d+ \w\w\w \d\d\d\d [\d:]+ [-+]\d\d\d\d)?) *$">
371
372
  <description>Exim - with digit only version string and optional timestamp</description>
372
- <example service.version="125302" host.name="foo.bar">foo.bar ESMTP Exim 125302 Thu, 16 Nov 2017 04:55:11 -0500 </example>
373
+ <example service.version="125302" host.name="foo.bar" system.time="Thu, 16 Nov 2017 04:55:11 -0500">foo.bar ESMTP Exim 125302 Thu, 16 Nov 2017 04:55:11 -0500 </example>
373
374
  <param pos="0" name="service.vendor" value="exim"/>
374
375
  <param pos="0" name="service.family" value="exim"/>
375
376
  <param pos="0" name="service.product" value="exim"/>
@@ -380,9 +381,9 @@
380
381
  <param pos="3" name="system.time"/>
381
382
  </fingerprint>
382
383
 
383
- <fingerprint pattern="^([^, ]+)(?:,)? ESMTP (?i:Exim) +(\d+\.[\d_.]+)(?: +#\d)? Ubuntu ((?:\w\w\w, \d+ \w\w\w \d\d\d\d [\d:]+ [-+]\d\d\d\d)?) *$">
384
+ <fingerprint pattern="^([^, ]{1,512}),? ESMTP (?i:Exim) +(\d+\.[\d_.]+)(?: +#\d)? Ubuntu ((?:\w\w\w, \d+ \w\w\w \d\d\d\d [\d:]+ [-+]\d\d\d\d)?) *$">
384
385
  <description>Exim - with version string and optional timestamp (Ubuntu)</description>
385
- <example service.version="4.82" system.time="Thu, 16 Nov 2017 11:30:44 +0300">foo.bar ESMTP Exim 4.82 Ubuntu Thu, 16 Nov 2017 11:30:44 +0300 </example>
386
+ <example service.version="4.82" system.time="Thu, 16 Nov 2017 11:30:44 +0300" host.name="foo.bar">foo.bar ESMTP Exim 4.82 Ubuntu Thu, 16 Nov 2017 11:30:44 +0300 </example>
386
387
  <param pos="0" name="os.vendor" value="Ubuntu"/>
387
388
  <param pos="0" name="os.family" value="Linux"/>
388
389
  <param pos="0" name="os.product" value="Linux"/>
@@ -397,7 +398,7 @@
397
398
  <param pos="3" name="system.time"/>
398
399
  </fingerprint>
399
400
 
400
- <fingerprint pattern="^([^, ]+)(?:,)? ESMTP (?i:Exim)(?: +#\d)? *((?:\w\w\w, \d+ \w\w\w \d\d\d\d [\d:]+ [-+]\d\d\d\d)?) *$">
401
+ <fingerprint pattern="^([^, ]{1,512}),? ESMTP (?i:Exim)(?: +#\d)? *((?:\w\w\w, \d+ \w\w\w \d\d\d\d [\d:]+ [-+]\d\d\d\d)?) *$">
401
402
  <description>Exim - without version string and with optional timestamp</description>
402
403
  <example host.name="foo.bar">foo.bar ESMTP Exim</example>
403
404
  <example host.name="foo.bar" system.time="Thu, 16 Nov 2017 01:11:30 -0800">foo.bar ESMTP Exim Thu, 16 Nov 2017 01:11:30 -0800 </example>
@@ -414,8 +415,8 @@
414
415
  <fingerprint pattern="^ ?ESMTP (?i:Exim) (\d+\.[\d_.]+)(?: +#\d)? ?.?((?:\w\w\w, \d+ \w\w\w \d\d\d\d [\d:]+ [-+]\d\d\d\d)?) *$">
415
416
  <description>Exim - without hostname</description>
416
417
  <example service.version="4.82" system.time="Thu, 16 Nov 2017 12:19:22 +0300">ESMTP Exim 4.82 Thu, 16 Nov 2017 12:19:22 +0300 </example>
417
- <example service.version="4.82"> ESMTP Exim 4.82 Thu, 16 Nov 2017 11:41:41 +0300 </example>
418
- <example service.version="4.89"> ESMTP Exim 4.89 #1 Thu, 16 Nov 2017 07:32:28 -0200 </example>
418
+ <example service.version="4.82" system.time="Thu, 16 Nov 2017 11:41:41 +0300"> ESMTP Exim 4.82 Thu, 16 Nov 2017 11:41:41 +0300 </example>
419
+ <example service.version="4.89" system.time="Thu, 16 Nov 2017 07:32:28 -0200"> ESMTP Exim 4.89 #1 Thu, 16 Nov 2017 07:32:28 -0200 </example>
419
420
  <param pos="0" name="service.vendor" value="exim"/>
420
421
  <param pos="0" name="service.family" value="exim"/>
421
422
  <param pos="0" name="service.product" value="exim"/>
@@ -425,7 +426,7 @@
425
426
  <param pos="2" name="system.time"/>
426
427
  </fingerprint>
427
428
 
428
- <fingerprint pattern="^ ?([^, ]+) Exim ESMTP Service ready$">
429
+ <fingerprint pattern="^ ?([^, ]{1,512}) Exim ESMTP Service ready$">
429
430
  <description>Exim - with hostname </description>
430
431
  <example host.name="foo.bar">foo.bar Exim ESMTP Service ready</example>
431
432
  <param pos="0" name="service.vendor" value="exim"/>
@@ -435,7 +436,7 @@
435
436
  <param pos="1" name="host.name"/>
436
437
  </fingerprint>
437
438
 
438
- <fingerprint pattern="^([\w.-]+) ESMTP \([a-z0-9]{32}\)$">
439
+ <fingerprint pattern="^([\w.-]{1,512}) ESMTP \([a-z0-9]{32}\)$">
439
440
  <description>Barracuda Email Security Gateway - physical or virtual appliance</description>
440
441
  <example host.name="barracuda.foo.bar">barracuda.foo.bar ESMTP (0a8d40ef45300cc1bd0f16ced5c9e6f1)</example>
441
442
  <param pos="0" name="service.vendor" value="Barracuda"/>
@@ -445,7 +446,7 @@
445
446
  <param pos="1" name="host.name"/>
446
447
  </fingerprint>
447
448
 
448
- <fingerprint pattern="^([^ ]+) FTGate server ready .*$">
449
+ <fingerprint pattern="^([^ ]{1,512}) FTGate server ready">
449
450
  <description>FTGate mail server, runs on Windows 9x/NT/2k (http://www.ftgate.com)</description>
450
451
  <example host.name="foo.bar">foo.bar FTGate server ready -attitude [C.o.r.E]</example>
451
452
  <param pos="0" name="service.vendor" value="Floosietek"/>
@@ -454,7 +455,7 @@
454
455
  <param pos="1" name="host.name"/>
455
456
  </fingerprint>
456
457
 
457
- <fingerprint pattern="^([^ ]+) +SMTP/smap Ready\.$">
458
+ <fingerprint pattern="^([^ ]{1,512}) +SMTP/smap Ready\.$">
458
459
  <description>TIS FWTK and derivatives (other firewalls, like Gauntlet, are derived from TIS)</description>
459
460
  <example host.name="foo.bar">foo.bar SMTP/smap Ready.</example>
460
461
  <param pos="0" name="service.vendor" value="TIS"/>
@@ -463,9 +464,9 @@
463
464
  <param pos="1" name="host.name"/>
464
465
  </fingerprint>
465
466
 
466
- <fingerprint pattern="^([^ ]+) GroupWise Internet Agent ([^ ]+\.[^ ]+\.[^ ]+) Ready \(C\).* Novell, Inc\. *$">
467
+ <fingerprint pattern="^([^ ]{1,512}) GroupWise Internet Agent ([^ ]+\.[^ ]+\.[^ ]+) Ready \(C\).* Novell, Inc\. *$">
467
468
  <description>Novell GroupWise Internet Agent - versions 5 and higher</description>
468
- <example service.version="5.5.1">foo.bar GroupWise Internet Agent 5.5.1 Ready (C)1993, 1998 Novell, Inc.</example>
469
+ <example service.version="5.5.1" host.name="foo.bar">foo.bar GroupWise Internet Agent 5.5.1 Ready (C)1993, 1998 Novell, Inc.</example>
469
470
  <param pos="0" name="service.vendor" value="Novell"/>
470
471
  <param pos="0" name="service.family" value="GroupWise"/>
471
472
  <param pos="0" name="service.product" value="GroupWise"/>
@@ -474,10 +475,10 @@
474
475
  <param pos="0" name="service.cpe23" value="cpe:/a:novell:groupwise:{service.version}"/>
475
476
  </fingerprint>
476
477
 
477
- <fingerprint pattern="^([^ ]+) GroupWise Internet Agent (\d+\.[\d.]+) Copyright .*\d{4}-\d{4} Novell, Inc..* All rights reserved. Ready *$">
478
+ <fingerprint pattern="^([^ ]{1,512}) GroupWise Internet Agent (\d+\.[\d.]+) Copyright .*\d{4}-\d{4} Novell, Inc..* All rights reserved. Ready *$">
478
479
  <description>Novell GroupWise Internet Agent - versions 5 and higher, second variant</description>
479
- <example service.version="8.0.3">foo.bar GroupWise Internet Agent 8.0.3 Copyright (c) 1993-2012 Novell, Inc. All rights reserved. Ready</example>
480
- <example service.version="14.2.1">foo.bar GroupWise Internet Agent 14.2.1 Copyright 1993-2016 Novell, Inc., a Micro Focus Company. All rights reserved. Ready</example>
480
+ <example service.version="8.0.3" host.name="foo.bar">foo.bar GroupWise Internet Agent 8.0.3 Copyright (c) 1993-2012 Novell, Inc. All rights reserved. Ready</example>
481
+ <example service.version="14.2.1" host.name="foo.bar">foo.bar GroupWise Internet Agent 14.2.1 Copyright 1993-2016 Novell, Inc., a Micro Focus Company. All rights reserved. Ready</example>
481
482
  <param pos="0" name="service.vendor" value="Novell"/>
482
483
  <param pos="0" name="service.family" value="GroupWise"/>
483
484
  <param pos="0" name="service.product" value="GroupWise"/>
@@ -486,7 +487,7 @@
486
487
  <param pos="0" name="service.cpe23" value="cpe:/a:novell:groupwise:{service.version}"/>
487
488
  </fingerprint>
488
489
 
489
- <fingerprint pattern="^([^ ]+) GroupWise SMTP/MIME Daemon ([^ ]+\.[^ ]+) v([^ ]+) Ready \(C\).* Novell, Inc\. *$">
490
+ <fingerprint pattern="^([^ ]{1,512}) GroupWise SMTP/MIME Daemon ([^ ]+\.[^ ]+) v([^ ]+) Ready \(C\).* Novell, Inc\. *$">
490
491
  <description>Novell GroupWise - versions below 5</description>
491
492
  <example host.name="foo.bar" service.version="4.1" service.version.version="3">foo.bar GroupWise SMTP/MIME Daemon 4.1 v3 Ready (C)1993, 1996 Novell, Inc.</example>
492
493
  <param pos="0" name="service.vendor" value="Novell"/>
@@ -498,11 +499,11 @@
498
499
  <param pos="0" name="service.cpe23" value="cpe:/a:novell:groupwise:{service.version}"/>
499
500
  </fingerprint>
500
501
 
501
- <fingerprint pattern="^([^ ]+) (?:ESMTP )?running IBM VM SMTP (.+)(?:; | on )(.+) *$">
502
+ <fingerprint pattern="^([^ ]{1,512}) (?:ESMTP )?running IBM VM SMTP (.+)(?:; | on )(.+) *$">
502
503
  <description>IBM SMTP server for VM/ESA on IBM S/390 and IBM eserver z/Series 900.</description>
503
- <example service.version="Level 640" system.time="Thu, 30 Nov 2017 01:08:59 PDT">foo.bar running IBM VM SMTP Level 640 on Thu, 30 Nov 2017 01:08:59 PDT</example>
504
- <example service.version="Level 3A0">foo.bar running IBM VM SMTP Level 3A0 on Mon, 10 Sep 2001 07:21:54 EDT</example>
505
- <example service.version="V2R4" system.time="Mon, 10 Sep 2001 07:24:35 -0400 (EDT)">foo.bar ESMTP running IBM VM SMTP V2R4; Mon, 10 Sep 2001 07:24:35 -0400 (EDT)</example>
504
+ <example service.version="Level 640" system.time="Thu, 30 Nov 2017 01:08:59 PDT" host.name="foo.bar">foo.bar running IBM VM SMTP Level 640 on Thu, 30 Nov 2017 01:08:59 PDT</example>
505
+ <example service.version="Level 3A0" host.name="foo.bar" system.time="Mon, 10 Sep 2001 07:21:54 EDT">foo.bar running IBM VM SMTP Level 3A0 on Mon, 10 Sep 2001 07:21:54 EDT</example>
506
+ <example service.version="V2R4" system.time="Mon, 10 Sep 2001 07:24:35 -0400 (EDT)" host.name="foo.bar">foo.bar ESMTP running IBM VM SMTP V2R4; Mon, 10 Sep 2001 07:24:35 -0400 (EDT)</example>
506
507
  <param pos="0" name="service.vendor" value="IBM"/>
507
508
  <param pos="0" name="service.family" value="VM"/>
508
509
  <param pos="0" name="service.product" value="VM"/>
@@ -512,7 +513,7 @@
512
513
  <param pos="3" name="system.time"/>
513
514
  </fingerprint>
514
515
 
515
- <fingerprint pattern="^([^ ]+) \(IntraStore TurboSendmail\) ESMTP Service ready *$">
516
+ <fingerprint pattern="^([^ ]{1,512}) \(IntraStore TurboSendmail\) ESMTP Service ready *$">
516
517
  <description>
517
518
  Syntegra/CDC IntraStore TurboSendmail, part of the IntraStore server which runs on
518
519
  the following platforms ONLY: Linux, HP-UX, Solaris, AIX, and Windows NT/2000
@@ -525,9 +526,9 @@
525
526
  <param pos="1" name="host.name"/>
526
527
  </fingerprint>
527
528
 
528
- <fingerprint pattern="^(\S+) E?SMTP Server \(JAMES E?SMTP Server ([\d\.]+)\) ready (\w\w\w, \d+ \w\w\w \d\d\d\d [\d:]+ [-+]\d\d\d\d) \(.+\)$">
529
+ <fingerprint pattern="^(\S{1,512}) E?SMTP Server \(JAMES E?SMTP Server ([\d\.]+)\) ready (\w\w\w, \d+ \w\w\w \d\d\d\d [\d:]+ [-+]\d\d\d\d) \(.+\)$">
529
530
  <description>JAMES SMTP Server</description>
530
- <example host.name="foo.bar" service.version="2.3.2">foo.bar SMTP Server (JAMES SMTP Server 2.3.2) ready Tue, 19 May 2015 00:36:13 +0200 (CEST)</example>
531
+ <example host.name="foo.bar" service.version="2.3.2" system.time="Tue, 19 May 2015 00:36:13 +0200">foo.bar SMTP Server (JAMES SMTP Server 2.3.2) ready Tue, 19 May 2015 00:36:13 +0200 (CEST)</example>
531
532
  <param pos="0" name="service.vendor" value="Apache"/>
532
533
  <param pos="0" name="service.product" value="James"/>
533
534
  <param pos="2" name="service.version"/>
@@ -537,9 +538,10 @@
537
538
  <param pos="0" name="system.time.format" value="EEE, d MMM yyyy HH:mm:ss Z"/>
538
539
  </fingerprint>
539
540
 
540
- <fingerprint pattern="^(?:(\S+) +)?ESMTP MailEnable Service, Version: ([\d.]+)$">
541
+ <fingerprint pattern="^(?:(\S{1,512}) {1,8})?ESMTP MailEnable Service, Version: ([\d.]+)$">
541
542
  <description>MailEnable - Simple</description>
542
543
  <example service.version="9.53">ESMTP MailEnable Service, Version: 9.53</example>
544
+ <example host.name="foo.home" service.version="10.34">foo.home ESMTP MailEnable Service, Version: 10.34</example>
543
545
  <param pos="0" name="os.vendor" value="Microsoft"/>
544
546
  <param pos="0" name="os.family" value="Windows"/>
545
547
  <param pos="0" name="os.product" value="Windows"/>
@@ -554,10 +556,11 @@
554
556
 
555
557
  <!-- MailEnable has an odd, three version string. Not sure about the meaning the second and third version #s. -->
556
558
 
557
- <fingerprint pattern="^(?:(\S+) +)?ESMTP MailEnable Service, Version: (?:([\d.]+))?-[\d.]*-[\d.]* (?:ready|denied access) at (\d{2}/\d{2}/\d{2} \d{2}:\d{2}:\d{2})$">
559
+ <fingerprint pattern="^(?:(\S{1,512}) {1,8})?ESMTP MailEnable Service, Version: (?:([\d.]+))?-[\d.]*-[\d.]* (?:ready|denied access) at (\d{2}/\d{2}/\d{2} \d{2}:\d{2}:\d{2})$">
558
560
  <description>MailEnable - Complex</description>
559
- <example host.name="foo.bar" service.version="1.8">foo.bar ESMTP MailEnable Service, Version: 1.8-- ready at 05/20/15 08:50:22</example>
560
- <example host.name="foo.bar" service.version="9.53">foo.bar ESMTP MailEnable Service, Version: 9.53-9.53- ready at 11/30/17 00:57:37</example>
561
+ <example host.name="foo.bar" service.version="1.8" system.time="05/20/15 08:50:22">foo.bar ESMTP MailEnable Service, Version: 1.8-- ready at 05/20/15 08:50:22</example>
562
+ <example host.name="*.foo.bar" service.version="9.53" system.time="11/30/17 00:57:37">*.foo.bar ESMTP MailEnable Service, Version: 9.53-9.53- ready at 11/30/17 00:57:37</example>
563
+ <example host.name="%WPI_HOSTNAME%" service.version="10.27" system.time="07/07/21 18:24:47">%WPI_HOSTNAME% ESMTP MailEnable Service, Version: 10.27-- ready at 07/07/21 18:24:47</example>
561
564
  <example host.name="foo.bar" service.version="9.00" system.time="11/30/17 09:30:34">foo.bar ESMTP MailEnable Service, Version: 9.00--9.00 ready at 11/30/17 09:30:34</example>
562
565
  <example host.name="foo.bar" service.version="1.986" system.time="04/05/18 16:15:25">foo.bar ESMTP MailEnable Service, Version: 1.986-- denied access at 04/05/18 16:15:25</example>
563
566
  <param pos="0" name="os.vendor" value="Microsoft"/>
@@ -574,10 +577,10 @@
574
577
  <param pos="3" name="system.time"/>
575
578
  </fingerprint>
576
579
 
577
- <fingerprint pattern="^([^ ]+) \(Mail-Max Version (\d+\.[\d\.]+), (.+, .+)\) ESMTP Mail Server Ready. *$">
580
+ <fingerprint pattern="^([^ ]{1,512}) \(Mail-Max Version (\d+\.[\d\.]+), (.+, .+)\) ESMTP Mail Server Ready. *$">
578
581
  <description>Mail Max</description>
579
- <example host.name="foo.bar" service.version="4.2.4.7">foo.bar (Mail-Max Version 4.2.4.7, Wed, 31 Jan 2001 03:44:35 +0100 WST) ESMTP Mail Server Ready.</example>
580
- <example host.name="foo.bar" service.version="3.073">foo.bar (Mail-Max Version 3.073, Thu, 30 Nov 2017 17:24:59 +0800 ) ESMTP Mail Server Ready.</example>
582
+ <example host.name="foo.bar" service.version="4.2.4.7" system.time="Wed, 31 Jan 2001 03:44:35 +0100 WST">foo.bar (Mail-Max Version 4.2.4.7, Wed, 31 Jan 2001 03:44:35 +0100 WST) ESMTP Mail Server Ready.</example>
583
+ <example host.name="foo.bar" service.version="3.073" system.time="Thu, 30 Nov 2017 17:24:59 +0800 ">foo.bar (Mail-Max Version 3.073, Thu, 30 Nov 2017 17:24:59 +0800 ) ESMTP Mail Server Ready.</example>
581
584
  <param pos="0" name="service.vendor" value="Mail-Max"/>
582
585
  <param pos="0" name="service.family" value="Mail-Max"/>
583
586
  <param pos="0" name="service.product" value="Mail-Max"/>
@@ -587,7 +590,7 @@
587
590
  <param pos="3" name="system.time"/>
588
591
  </fingerprint>
589
592
 
590
- <fingerprint pattern="^([^ ]+) +MailSite E?SMTP Receiver Version (\d+\.[\d.]+) Ready *$">
593
+ <fingerprint pattern="^([^ ]{1,512}) {1,8}MailSite E?SMTP Receiver Version (\d+\.[\d.]+) Ready *$">
591
594
  <description>Rockliffe MailSite - with version (http://www.rockliffe.com)</description>
592
595
  <example host.name="foo.bar" service.version="3.4.6.0">foo.bar MailSite ESMTP Receiver Version 3.4.6.0 Ready</example>
593
596
  <example host.name="foo.bar" service.version="2.1.7">foo.bar MailSite SMTP Receiver Version 2.1.7 Ready</example>
@@ -598,7 +601,7 @@
598
601
  <param pos="2" name="service.version"/>
599
602
  </fingerprint>
600
603
 
601
- <fingerprint pattern="^([^ ]+) +MailSite E?SMTP Receiver Ready *$">
604
+ <fingerprint pattern="^([^ ]{1,512}) {1,8}MailSite E?SMTP Receiver Ready *$">
602
605
  <description>Rockliffe MailSite - without version (http://www.rockliffe.com)</description>
603
606
  <example host.name="foo.bar">foo.bar MailSite SMTP Receiver Ready</example>
604
607
  <param pos="0" name="service.vendor" value="Rockliffe"/>
@@ -616,9 +619,9 @@
616
619
  <param pos="1" name="service.version"/>
617
620
  </fingerprint>
618
621
 
619
- <fingerprint pattern="^([^ ]+) +MAILsweeper ESMTP Receiver Version (\d\.[\d.]+) Ready *$">
622
+ <fingerprint pattern="^([^ ]{1,512}) {1,8}MAILsweeper ESMTP Receiver Version (\d\.[\d.]+) Ready *$">
620
623
  <description>Content Security MAILsweeper for SMTP (http://www.contenttechnologies.com/products/msw4smtp/default.asp)</description>
621
- <example service.version="4.2.1.0">foo.bar MAILsweeper ESMTP Receiver Version 4.2.1.0 Ready</example>
624
+ <example service.version="4.2.1.0" host.name="foo.bar">foo.bar MAILsweeper ESMTP Receiver Version 4.2.1.0 Ready</example>
622
625
  <param pos="0" name="service.vendor" value="Clearswift"/>
623
626
  <param pos="0" name="service.family" value="MAILsweeper"/>
624
627
  <param pos="0" name="service.product" value="MAILsweeper"/>
@@ -626,9 +629,9 @@
626
629
  <param pos="2" name="service.version"/>
627
630
  </fingerprint>
628
631
 
629
- <fingerprint pattern="^([^ ]+) +ESMTP MDaemon ([^ ]+\.[^ ]+\.[^ ]+) UNREGISTERED; *(.+) *$">
632
+ <fingerprint pattern="^([^ ]{1,512}) {1,8}ESMTP MDaemon ([^ ]+\.[^ ]+\.[^ ]+) UNREGISTERED; *(.+) *$">
630
633
  <description>MDaemon mail server - with timestamp, unregistered</description>
631
- <example service.version="4.0.5">foo.bar ESMTP MDaemon 4.0.5 UNREGISTERED; Sat, 06 Oct 2001 09:10:56 +0400</example>
634
+ <example service.version="4.0.5" host.name="foo.bar" system.time="Sat, 06 Oct 2001 09:10:56 +0400">foo.bar ESMTP MDaemon 4.0.5 UNREGISTERED; Sat, 06 Oct 2001 09:10:56 +0400</example>
632
635
  <param pos="0" name="service.vendor" value="Alt-N"/>
633
636
  <param pos="0" name="service.family" value="MDaemon"/>
634
637
  <param pos="0" name="service.product" value="MDaemon"/>
@@ -645,9 +648,9 @@
645
648
  <param pos="3" name="system.time"/>
646
649
  </fingerprint>
647
650
 
648
- <fingerprint pattern="^([^ ]+) +ESMTP MDaemon ([^ ]+\.[^ ]+\.[^ ]+); *(.+) *$">
651
+ <fingerprint pattern="^([^ ]{1,512}) {1,8}ESMTP MDaemon ([^ ]+\.[^ ]+\.[^ ]+); *(.+) *$">
649
652
  <description>MDaemon mail server - with timestamp</description>
650
- <example service.version="4.0.2">foo.bar ESMTP MDaemon 4.0.2; Sat, 06 Oct 2001 01:46:44 -0500</example>
653
+ <example service.version="4.0.2" host.name="foo.bar" system.time="Sat, 06 Oct 2001 01:46:44 -0500">foo.bar ESMTP MDaemon 4.0.2; Sat, 06 Oct 2001 01:46:44 -0500</example>
651
654
  <param pos="0" name="service.vendor" value="Alt-N"/>
652
655
  <param pos="0" name="service.family" value="MDaemon"/>
653
656
  <param pos="0" name="service.product" value="MDaemon"/>
@@ -663,9 +666,9 @@
663
666
  <param pos="3" name="system.time"/>
664
667
  </fingerprint>
665
668
 
666
- <fingerprint pattern="^([^ ]+) +ESMTP MDaemon ([^ ]+\.[^ ]+\.[^ ]+) ready *$">
669
+ <fingerprint pattern="^([^ ]{1,512}) {1,8}ESMTP MDaemon ([^ ]+\.[^ ]+\.[^ ]+) ready *$">
667
670
  <description>MDaemon mail server - without timestamp</description>
668
- <example service.version="3.5.7">foo.bar ESMTP MDaemon 3.5.7 ready</example>
671
+ <example service.version="3.5.7" host.name="foo.bar">foo.bar ESMTP MDaemon 3.5.7 ready</example>
669
672
  <param pos="0" name="service.vendor" value="Alt-N"/>
670
673
  <param pos="0" name="service.family" value="MDaemon"/>
671
674
  <param pos="0" name="service.product" value="MDaemon"/>
@@ -679,11 +682,11 @@
679
682
  <param pos="0" name="service.cpe23" value="cpe:/a:altn:mdaemon:{service.version}"/>
680
683
  </fingerprint>
681
684
 
682
- <fingerprint pattern="^([^ ]+) +ESMTP service ready \[[0-9]+\] (?:using )?MDaemon v(\d+\.[\d.]+) ([^ ]+) *$">
685
+ <fingerprint pattern="^([^ ]{1,512}) {1,8}ESMTP service ready \[[0-9]+\] (?:using )?MDaemon v(\d+\.[\d.]+) ([^ ]+) *$">
683
686
  <description>MDaemon mail server - with version revision</description>
684
- <example service.version="2.84" service.version.version="R">foo.bar ESMTP service ready [1] MDaemon v2.84 R</example>
685
- <example service.version="3.0.3" service.version.version="R">foo.bar ESMTP service ready [1] using MDaemon v3.0.3 R</example>
686
- <example service.version="2.8.7.0" service.version.version="R">foo.bar ESMTP service ready [1] MDaemon v2.8.7.0 R</example>
687
+ <example service.version="2.84" service.version.version="R" host.name="foo.bar">foo.bar ESMTP service ready [1] MDaemon v2.84 R</example>
688
+ <example service.version="3.0.3" service.version.version="R" host.name="foo.bar">foo.bar ESMTP service ready [1] using MDaemon v3.0.3 R</example>
689
+ <example service.version="2.8.7.0" service.version.version="R" host.name="foo.bar">foo.bar ESMTP service ready [1] MDaemon v2.8.7.0 R</example>
687
690
  <param pos="0" name="service.vendor" value="Alt-N"/>
688
691
  <param pos="0" name="service.family" value="MDaemon"/>
689
692
  <param pos="0" name="service.product" value="MDaemon"/>
@@ -698,10 +701,10 @@
698
701
  <param pos="0" name="service.cpe23" value="cpe:/a:altn:mdaemon:{service.version}"/>
699
702
  </fingerprint>
700
703
 
701
- <fingerprint pattern="^([^ ]+) +ESMTP service ready \[[0-9]+\] (?:\()?MDaemon v([\d.]+) ([^ ]+) ([^ )]+)(?:\))? *$">
704
+ <fingerprint pattern="^([^ ]{1,512}) {1,8}ESMTP service ready \[[0-9]+\] (?:\()?MDaemon v([\d.]+) ([^ ]+) ([^ )]+)(?:\))? *$">
702
705
  <description>MDaemon mail server - with service pack</description>
703
- <example service.version="2.7" service.version.version="SP5" service.version.version.version="R">foo.bar ESMTP service ready [1] MDaemon v2.7 SP5 R</example>
704
- <example service.version="2.7" service.version.version="SP4" service.version.version.version="R">foo.bar ESMTP service ready [1] (MDaemon v2.7 SP4 R)</example>
706
+ <example service.version="2.7" service.version.version="SP5" service.version.version.version="R" host.name="foo.bar">foo.bar ESMTP service ready [1] MDaemon v2.7 SP5 R</example>
707
+ <example service.version="2.7" service.version.version="SP4" service.version.version.version="R" host.name="foo.bar">foo.bar ESMTP service ready [1] (MDaemon v2.7 SP4 R)</example>
705
708
  <param pos="0" name="service.vendor" value="Alt-N"/>
706
709
  <param pos="0" name="service.family" value="MDaemon"/>
707
710
  <param pos="0" name="service.product" value="MDaemon"/>
@@ -717,9 +720,9 @@
717
720
  <param pos="0" name="service.cpe23" value="cpe:/a:altn:mdaemon:{service.version}"/>
718
721
  </fingerprint>
719
722
 
720
- <fingerprint pattern="^([^ ]+) +ESMTP service ready \[[0-9]+\] \(MDaemon v([^ ]+\.[^ ]+) ([^ ]+) ([^ ]+) ([^ ]+)\) *$">
723
+ <fingerprint pattern="^([^ ]{1,512}) {1,8}ESMTP service ready \[[0-9]+\] \(MDaemon v([^ ]+\.[^ ]+) ([^ ]+) ([^ ]+) ([^ ]+)\) *$">
721
724
  <description>MDaemon mail server</description>
722
- <example service.version="2.5" service.version.version.version="b1">foo.bar ESMTP service ready [1] (MDaemon v2.5 rB b1 32-T)</example>
725
+ <example service.version="2.5" service.version.version.version="b1" host.name="foo.bar" service.version.version="rB" service.version.version.version.version="32-T">foo.bar ESMTP service ready [1] (MDaemon v2.5 rB b1 32-T)</example>
723
726
  <param pos="0" name="service.vendor" value="Alt-N"/>
724
727
  <param pos="0" name="service.family" value="MDaemon"/>
725
728
  <param pos="0" name="service.product" value="MDaemon"/>
@@ -738,11 +741,11 @@
738
741
 
739
742
  <!-- example: 220 mail.db-list.com ESMTP MERAK 3.00.140; Tue, 24 Jul 2001 21:30:47 -0700 -->
740
743
 
741
- <fingerprint pattern="^([^ ]+) +E?SMTP (?i:MERAK) ([^ ]+\.[^ ]+\.[^ ]+); *(.+) *$">
744
+ <fingerprint pattern="^([^ ]{1,512}) +E?SMTP (?i:MERAK) ([^ ]+\.[^ ]+\.[^ ]+); *(.+) *$">
742
745
  <description>Merak mail server - http://www.icewarp.com/merakmail/ (runs on 2000/NT/9x)</description>
743
- <example host.name="foo.bar" service.version="8.0.3">foo.bar SMTP Merak 8.0.3; Thu, 30 Nov 2017 20:01:41 +1000</example>
744
- <example host.name="foo.bar" service.version="8.0.3">foo.bar ESMTP Merak 8.0.3; Thu, 30 Nov 2017 12:08:09 +0200</example>
745
- <example host.name="foo.bar" service.version="2.10.284">foo.bar ESMTP MERAK 2.10.284; Thu, 30 Nov 2017 17:55:10 +0800</example>
746
+ <example host.name="foo.bar" service.version="8.0.3" system.time="Thu, 30 Nov 2017 20:01:41 +1000">foo.bar SMTP Merak 8.0.3; Thu, 30 Nov 2017 20:01:41 +1000</example>
747
+ <example host.name="foo.bar" service.version="8.0.3" system.time="Thu, 30 Nov 2017 12:08:09 +0200">foo.bar ESMTP Merak 8.0.3; Thu, 30 Nov 2017 12:08:09 +0200</example>
748
+ <example host.name="foo.bar" service.version="2.10.284" system.time="Thu, 30 Nov 2017 17:55:10 +0800">foo.bar ESMTP MERAK 2.10.284; Thu, 30 Nov 2017 17:55:10 +0800</example>
746
749
  <param pos="0" name="service.vendor" value="Merak"/>
747
750
  <param pos="0" name="service.family" value="Mail Server"/>
748
751
  <param pos="0" name="service.product" value="Mail Server"/>
@@ -754,7 +757,7 @@
754
757
 
755
758
  <fingerprint pattern="^MERCUR SMTP-Server \(v([^ ]+\.[^ ])0\.([^ ]+) ([^ ]+)\) for (.+) ready at (.+) *$">
756
759
  <description>Atrium's MERCUR SMTP server (http://www.atrium-software.com/pub/support_e.cfm)</description>
757
- <example service.version="3.3" service.version.version="09" service.version.version.version="SA-0000005" mercur.os.info="Windows NT">MERCUR SMTP-Server (v3.30.09 SA-0000005) for Windows NT ready at Thu, 30 Nov 2017 10:01:06 +0100</example>
760
+ <example service.version="3.3" service.version.version="09" service.version.version.version="SA-0000005" mercur.os.info="Windows NT" system.time="Thu, 30 Nov 2017 10:01:06 +0100">MERCUR SMTP-Server (v3.30.09 SA-0000005) for Windows NT ready at Thu, 30 Nov 2017 10:01:06 +0100</example>
758
761
  <param pos="0" name="service.vendor" value="Atrium Software"/>
759
762
  <param pos="0" name="service.family" value="MERCUR"/>
760
763
  <param pos="0" name="service.product" value="MERCUR"/>
@@ -766,9 +769,9 @@
766
769
  <param pos="5" name="system.time"/>
767
770
  </fingerprint>
768
771
 
769
- <fingerprint pattern="^([^ ]+) Mercury ([^ ]+\.[^ ]+) ESMTP server ready.$">
772
+ <fingerprint pattern="^([^ ]{1,512}) Mercury ([^ ]+\.[^ ]+) ESMTP server ready.$">
770
773
  <description>Mercury NLM for Netware ( http://www.pmail.com/index.cfm )</description>
771
- <example service.version="1.43">foo.bar Mercury 1.43 ESMTP server ready.</example>
774
+ <example host.name="foo.bar" service.version="1.43">foo.bar Mercury 1.43 ESMTP server ready.</example>
772
775
  <param pos="0" name="service.family" value="Mercury Mail Transport System"/>
773
776
  <param pos="0" name="service.product" value="Mercury Mail Transport System"/>
774
777
  <param pos="0" name="os.vendor" value="Novell"/>
@@ -779,10 +782,10 @@
779
782
  <param pos="2" name="service.version"/>
780
783
  </fingerprint>
781
784
 
782
- <fingerprint pattern="^^([^ ]+) Mercury\/32 v([^ ]+\.[^ ]+) (?:SMTP\/)?ESMTP server ready.?$">
785
+ <fingerprint pattern="^^([^ ]{1,512}) Mercury\/32 v([^ ]+\.[^ ]+) (?:SMTP\/)?ESMTP server ready.?$">
783
786
  <description>Mercury/32 for Win9x/NT/2000 ( http://www.pmail.com/index.cfm )</description>
784
- <example service.version="3.01a">foo.bar Mercury/32 v3.01a SMTP/ESMTP server ready.</example>
785
- <example service.version="3.30">foo.bar Mercury/32 v3.30 ESMTP server ready.</example>
787
+ <example service.version="3.01a" host.name="foo.bar">foo.bar Mercury/32 v3.01a SMTP/ESMTP server ready.</example>
788
+ <example service.version="3.30" host.name="foo.bar">foo.bar Mercury/32 v3.30 ESMTP server ready.</example>
786
789
  <param pos="0" name="service.family" value="Mercury Mail Transport System"/>
787
790
  <param pos="0" name="service.product" value="Mercury Mail Transport System"/>
788
791
  <param pos="0" name="os.vendor" value="Microsoft"/>
@@ -793,9 +796,9 @@
793
796
  <param pos="2" name="service.version"/>
794
797
  </fingerprint>
795
798
 
796
- <fingerprint pattern="^([^ ]+) SMTP NAVIEG ([^ ]+\.[^ ]+\.[^ ]+); (.+)* http.*$">
799
+ <fingerprint pattern="^([^ ]{1,512}) SMTP NAVIEG ([^ ]+\.[^ ]+\.[^ ]+); (.+)* http">
797
800
  <description>Norton Antivirus for Internet Email Gateways (becomes NAVGW in 2.1)</description>
798
- <example host.name="foo.bar" service.version="2.0.1">foo.bar SMTP NAVIEG 2.0.1; Sun, 29 Jul 2001 22:02:16 -0500 http://www.symantec.com</example>
801
+ <example host.name="foo.bar" service.version="2.0.1" system.time="Sun, 29 Jul 2001 22:02:16 -0500">foo.bar SMTP NAVIEG 2.0.1; Sun, 29 Jul 2001 22:02:16 -0500 http://www.symantec.com</example>
799
802
  <param pos="0" name="service.vendor" value="Norton"/>
800
803
  <param pos="0" name="service.family" value="Antivirus for Gateways"/>
801
804
  <param pos="0" name="service.product" value="Antivirus for Gateways"/>
@@ -805,7 +808,7 @@
805
808
  <param pos="3" name="system.time"/>
806
809
  </fingerprint>
807
810
 
808
- <fingerprint pattern="^([^ ]+) ESMTP service \(Netscape Messaging Server ([^ ]+\.[^ ]+) Patch ([^ ]+).*$">
811
+ <fingerprint pattern="^([^ ]{1,512}) ESMTP service \(Netscape Messaging Server ([^ ]+\.[^ ]+) Patch ([^ ]+)">
809
812
  <description>Netscape Messaging Server - with patch number</description>
810
813
  <example host.name="foo.bar" service.version="4.15" service.version.version="7">foo.bar ESMTP service (Netscape Messaging Server 4.15 Patch 7 (built Sep 12 2001))</example>
811
814
  <param pos="0" name="service.vendor" value="Netscape"/>
@@ -817,7 +820,7 @@
817
820
  <param pos="0" name="service.cpe23" value="cpe:/a:netscape:messaging_server:{service.version}"/>
818
821
  </fingerprint>
819
822
 
820
- <fingerprint pattern="^([^ ]+) ESMTP server \(Netscape Messaging Server - Version ([\d.]+)\) ready (\w\w\w, \d+ \w\w\w \d\d\d\d [\d:]+ [-+]\d\d\d\d) *$">
823
+ <fingerprint pattern="^([^ ]{1,512}) ESMTP server \(Netscape Messaging Server - Version ([\d.]+)\) ready (\w\w\w, \d+ \w\w\w \d\d\d\d [\d:]+ [-+]\d\d\d\d) *$">
821
824
  <description>Netscape Messaging Server - w/o patch number</description>
822
825
  <example host.name="foo.bar" service.version="3.6" system.time="Thu, 30 Nov 2017 04:19:10 -0500">foo.bar ESMTP server (Netscape Messaging Server - Version 3.6) ready Thu, 30 Nov 2017 04:19:10 -0500</example>
823
826
  <param pos="0" name="service.vendor" value="Netscape"/>
@@ -830,7 +833,7 @@
830
833
  <param pos="3" name="system.time"/>
831
834
  </fingerprint>
832
835
 
833
- <fingerprint pattern="^([^ ]+) Lotus SMTP MTA Service Ready *$">
836
+ <fingerprint pattern="^([^ ]{1,512}) Lotus SMTP MTA Service Ready *$">
834
837
  <description>Lotus Notes 4 SMTP MTA</description>
835
838
  <example host.name="foo.bar">foo.bar Lotus SMTP MTA Service Ready</example>
836
839
  <param pos="0" name="service.vendor" value="Lotus"/>
@@ -846,17 +849,17 @@
846
849
  called IBM Domino as of v9.0 on product and in banners.
847
850
  -->
848
851
 
849
- <fingerprint pattern="^ ?(?:([^ ]+))? *ESMTP Service \(Lotus Domino Release (\d+\.[\w.]+(?: FP\d+)?(?: HF\d+)?)(?: \(Intl\))?\) ready at (.+) *$">
852
+ <fingerprint pattern=" ?(?:([^ ]{1,512}))? {0,8}ESMTP Service \(Lotus Domino Release (\d+\.[\w.]+(?: FP\d+)?(?: HF\d+)?)(?: \(Intl\))?\) ready at (.+) *$">
850
853
  <description>Lotus Domino SMTP MTA</description>
851
- <example service.version="8.5">foo.bar ESMTP Service (Lotus Domino Release 8.5) ready at Thu, 30 Nov 2017 17:01:45 +0800</example>
852
- <example service.version="8.5.3FP6 HF1944">foo.bar ESMTP Service (Lotus Domino Release 8.5.3FP6 HF1944) ready at Thu, 30 Nov 2017 17:17:43 +0800</example>
853
- <example service.version="8.0.2 FP1 HF82">foo.bar ESMTP Service (Lotus Domino Release 8.0.2 FP1 HF82) ready at Thu, 5 Apr 2018 22:03:28 +0200</example>
854
- <example service.version="5.0.13a"> foo.bar ESMTP Service (Lotus Domino Release 5.0.13a) ready at Thu, 16 Nov 2017 17:47:42 +0800</example>
855
- <example service.version="7.0.4">foo.bar ESMTP Service (Lotus Domino Release 7.0.4) ready at Thu, 16 Nov 2017 18:28:36 +0900</example>
856
- <example service.version="8.0.2FP2">foo.bar ESMTP Service (Lotus Domino Release 8.0.2FP2) ready at Thu, 16 Nov 2017 02:17:33 -0700</example>
857
- <example service.version="8.5.3">foo.bar ESMTP Service (Lotus Domino Release 8.5.3) ready at Thu, 16 Nov 2017 17:52:21 +0800</example>
858
- <example service.version="7.0"> ESMTP Service (Lotus Domino Release 7.0) ready at Thu, 30 Nov 2017 17:00:41 +0800</example>
859
- <example host.name="foo.bar" service.version="5.0.1">foo.bar ESMTP Service (Lotus Domino Release 5.0.1 (Intl)) ready at Thu, 30 Nov 2017 12:38:43 +0300</example>
854
+ <example service.version="8.5" host.name="foo.bar" system.time="Thu, 30 Nov 2017 17:01:45 +0800">foo.bar ESMTP Service (Lotus Domino Release 8.5) ready at Thu, 30 Nov 2017 17:01:45 +0800</example>
855
+ <example service.version="8.5.3FP6 HF1944" host.name="foo.bar" system.time="Thu, 30 Nov 2017 17:17:43 +0800">foo.bar ESMTP Service (Lotus Domino Release 8.5.3FP6 HF1944) ready at Thu, 30 Nov 2017 17:17:43 +0800</example>
856
+ <example service.version="8.0.2 FP1 HF82" host.name="foo.bar" system.time="Thu, 5 Apr 2018 22:03:28 +0200">foo.bar ESMTP Service (Lotus Domino Release 8.0.2 FP1 HF82) ready at Thu, 5 Apr 2018 22:03:28 +0200</example>
857
+ <example service.version="5.0.13a" host.name="foo.bar" system.time="Thu, 16 Nov 2017 17:47:42 +0800"> foo.bar ESMTP Service (Lotus Domino Release 5.0.13a) ready at Thu, 16 Nov 2017 17:47:42 +0800</example>
858
+ <example service.version="7.0.4" host.name="foo.bar" system.time="Thu, 16 Nov 2017 18:28:36 +0900">foo.bar ESMTP Service (Lotus Domino Release 7.0.4) ready at Thu, 16 Nov 2017 18:28:36 +0900</example>
859
+ <example service.version="8.0.2FP2" host.name="foo.bar" system.time="Thu, 16 Nov 2017 02:17:33 -0700">foo.bar ESMTP Service (Lotus Domino Release 8.0.2FP2) ready at Thu, 16 Nov 2017 02:17:33 -0700</example>
860
+ <example service.version="8.5.3" host.name="foo.bar" system.time="Thu, 16 Nov 2017 17:52:21 +0800">foo.bar ESMTP Service (Lotus Domino Release 8.5.3) ready at Thu, 16 Nov 2017 17:52:21 +0800</example>
861
+ <example service.version="7.0" system.time="Thu, 30 Nov 2017 17:00:41 +0800"> ESMTP Service (Lotus Domino Release 7.0) ready at Thu, 30 Nov 2017 17:00:41 +0800</example>
862
+ <example host.name="foo.bar" service.version="5.0.1" system.time="Thu, 30 Nov 2017 12:38:43 +0300">foo.bar ESMTP Service (Lotus Domino Release 5.0.1 (Intl)) ready at Thu, 30 Nov 2017 12:38:43 +0300</example>
860
863
  <param pos="0" name="service.vendor" value="IBM"/>
861
864
  <param pos="0" name="service.family" value="Lotus Domino"/>
862
865
  <param pos="0" name="service.product" value="Lotus Domino"/>
@@ -867,11 +870,11 @@
867
870
  <param pos="3" name="system.time"/>
868
871
  </fingerprint>
869
872
 
870
- <fingerprint pattern="^ ?(?:([^ ]+))? *ESMTP Service \(IBM Domino Release (\d+\.[\w.]+(?: HF\d+)?)\) ready at (.+) *$">
873
+ <fingerprint pattern="^ ?(?:([^ ]{1,512}))? {0,8}ESMTP Service \(IBM Domino Release (\d+\.[\w.]+(?: HF\d+)?)\) ready at (.+) *$">
871
874
  <description>IBM Domino SMTP MTA</description>
872
- <example host.name="foo.bar" service.version="9.0.1FP8 HF475">foo.bar ESMTP Service (IBM Domino Release 9.0.1FP8 HF475) ready at Thu, 30 Nov 2017 17:55:48 +0900</example>
873
- <example host.name="foo.bar" service.version="9.0.1"> foo.bar ESMTP Service (IBM Domino Release 9.0.1) ready at Thu, 30 Nov 2017 10:12:26 +0100</example>
874
- <example service.version="9.0.1FP8"> ESMTP Service (IBM Domino Release 9.0.1FP8) ready at Thu, 30 Nov 2017 13:51:59 -0800</example>
875
+ <example host.name="foo.bar" service.version="9.0.1FP8 HF475" system.time="Thu, 30 Nov 2017 17:55:48 +0900">foo.bar ESMTP Service (IBM Domino Release 9.0.1FP8 HF475) ready at Thu, 30 Nov 2017 17:55:48 +0900</example>
876
+ <example host.name="foo.bar" service.version="9.0.1" system.time="Thu, 30 Nov 2017 10:12:26 +0100"> foo.bar ESMTP Service (IBM Domino Release 9.0.1) ready at Thu, 30 Nov 2017 10:12:26 +0100</example>
877
+ <example service.version="9.0.1FP8" system.time="Thu, 30 Nov 2017 13:51:59 -0800"> ESMTP Service (IBM Domino Release 9.0.1FP8) ready at Thu, 30 Nov 2017 13:51:59 -0800</example>
875
878
  <param pos="0" name="service.vendor" value="IBM"/>
876
879
  <param pos="0" name="service.family" value="IBM Domino"/>
877
880
  <param pos="0" name="service.product" value="IBM Domino"/>
@@ -882,10 +885,10 @@
882
885
  <param pos="3" name="system.time"/>
883
886
  </fingerprint>
884
887
 
885
- <fingerprint pattern="^([^ ]+) ESMTP Service \(Lotus Domino Build (V?[\w.]+)\) ready at (.+) *$">
888
+ <fingerprint pattern="^([^ ]{1,512}) ESMTP Service \(Lotus Domino Build (V?[\w.]+)\) ready at (.+) *$">
886
889
  <description>Lotus Domino (some early build)</description>
887
- <example notes.build.version="166.1">foo.bar ESMTP Service (Lotus Domino Build 166.1) ready at Thu, 16 Nov 2017 10:39:22 +0200</example>
888
- <example notes.build.version="V85_M2_08202008">foo.bar ESMTP Service (Lotus Domino Build V85_M2_08202008) ready at Thu, 16 Nov 2017 03:57:40 -0500</example>
890
+ <example notes.build.version="166.1" host.name="foo.bar" system.time="Thu, 16 Nov 2017 10:39:22 +0200">foo.bar ESMTP Service (Lotus Domino Build 166.1) ready at Thu, 16 Nov 2017 10:39:22 +0200</example>
891
+ <example notes.build.version="V85_M2_08202008" host.name="foo.bar" system.time="Thu, 16 Nov 2017 03:57:40 -0500">foo.bar ESMTP Service (Lotus Domino Build V85_M2_08202008) ready at Thu, 16 Nov 2017 03:57:40 -0500</example>
889
892
  <param pos="0" name="service.vendor" value="Lotus"/>
890
893
  <param pos="0" name="service.family" value="Lotus Domino"/>
891
894
  <param pos="0" name="service.product" value="Lotus Domino"/>
@@ -907,7 +910,7 @@
907
910
  <param pos="2" name="system.time"/>
908
911
  </fingerprint>
909
912
 
910
- <fingerprint pattern="^([^ ]+) NTMail \(v(\d+\.\d+\.\d+)/([^ ]+)\) ready for ESMTP transfer *$">
913
+ <fingerprint pattern="^([^ ]{1,512}) NTMail \(v(\d+\.\d+\.\d+)/([^ ]+)\) ready for ESMTP transfer *$">
911
914
  <description>NTMail (http://www.gordano.com)</description>
912
915
  <example host.name="foo.bar" service.version="7.02.3037" ntmail.id="NU1319.01.5b000000">foo.bar NTMail (v7.02.3037/NU1319.01.5b000000) ready for ESMTP transfer </example>
913
916
  <param pos="0" name="service.vendor" value="Gordano"/>
@@ -918,9 +921,9 @@
918
921
  <param pos="3" name="ntmail.id"/>
919
922
  </fingerprint>
920
923
 
921
- <fingerprint pattern="^([^ ]+) WindowsNT SMTP Server v([^ ]+\.[^ ]+\.[^ ]+)/([^ ]+)/SP ESMTP ready at (.+) *$">
924
+ <fingerprint pattern="^([^ ]{1,512}) WindowsNT SMTP Server v([^ ]+\.[^ ]+\.[^ ]+)/([^ ]+)/SP ESMTP ready at (.+) *$">
922
925
  <description>NTMail - versions 3.x and earlier (it was called Internet Shopper's something or other)</description>
923
- <example host.name="foo.bar" service.version="3.03.0018" ntmail.id="7.aavn">foo.bar WindowsNT SMTP Server v3.03.0018/7.aavn/SP ESMTP ready at Thu, 30 Nov 2017 10:15:31 +0100</example>
926
+ <example host.name="foo.bar" service.version="3.03.0018" ntmail.id="7.aavn" system.time="Thu, 30 Nov 2017 10:15:31 +0100">foo.bar WindowsNT SMTP Server v3.03.0018/7.aavn/SP ESMTP ready at Thu, 30 Nov 2017 10:15:31 +0100</example>
924
927
  <param pos="0" name="service.vendor" value="Gordano"/>
925
928
  <param pos="0" name="service.family" value="NTMail"/>
926
929
  <param pos="0" name="service.product" value="NTMail"/>
@@ -931,7 +934,7 @@
931
934
  <param pos="4" name="system.time"/>
932
935
  </fingerprint>
933
936
 
934
- <fingerprint pattern="^(\S+)(?: UCX)? V\S+, OpenVMS V(\S+) (\S+) ready at .*$">
937
+ <fingerprint pattern="^([^ ]{1,512})(?: UCX)? V\S+, OpenVMS V(\S+) (\S+) ready at">
935
938
  <description>Some unknown mail server on OpenVMS</description>
936
939
  <example host.name="foo.bar" os.arch="IA64" os.version="8.4">foo.bar V5.7-ECO4, OpenVMS V8.4 IA64 ready at Wed, 20 May 2015 01:22:32 +0100 (BST)</example>
937
940
  <example host.name="foo.bar" os.arch="Alpha" os.version="7.3-2">foo.bar V5.4-15E, OpenVMS V7.3-2 Alpha ready at Wed, 20 May 2015 01:22:18 +0100 (BST)</example>
@@ -946,10 +949,10 @@
946
949
  <param pos="0" name="os.cpe23" value="cpe:/o:hp:openvms:{os.version}"/>
947
950
  </fingerprint>
948
951
 
949
- <fingerprint pattern="^(\S+) E?SMTP PMailServer(?: \[Free Edition\])? ([\d\.]+); (\w\w\w, +\d+ \w\w\w \d\d\d\d [\d:]+)$">
952
+ <fingerprint pattern="^([^ ]{1,512}) E?SMTP PMailServer(?: \[Free Edition\])? ([\d\.]+); (\w\w\w, +\d+ \w\w\w \d\d\d\d [\d:]+)$">
950
953
  <description>A.K.I PMail</description>
951
- <example host.name="foo.bar" service.version="1.91">foo.bar ESMTP PMailServer [Free Edition] 1.91; Fri, 22 May 2015 02:04:56</example>
952
- <example host.name="foo.bar" service.version="1.78">foo.bar ESMTP PMailServer 1.78; Fri, 6 Apr 2018 04:34:11</example>
954
+ <example host.name="foo.bar" service.version="1.91" system.time="Fri, 22 May 2015 02:04:56">foo.bar ESMTP PMailServer [Free Edition] 1.91; Fri, 22 May 2015 02:04:56</example>
955
+ <example host.name="foo.bar" service.version="1.78" system.time="Fri, 6 Apr 2018 04:34:11">foo.bar ESMTP PMailServer 1.78; Fri, 6 Apr 2018 04:34:11</example>
953
956
  <param pos="0" name="service.vendor" value="A.K.I Software"/>
954
957
  <param pos="0" name="service.product" value="PMail Server"/>
955
958
  <param pos="0" name="system.time.format" value="EEE, d MMM yyyy HH:mm:ss"/>
@@ -958,7 +961,7 @@
958
961
  <param pos="3" name="system.time"/>
959
962
  </fingerprint>
960
963
 
961
- <fingerprint pattern="^([^ ]+) Postfix \(Postfix-([^ ]+)-([^ ]+)\) \(([^ ]+)\) *$">
964
+ <fingerprint pattern="^([^ ]{1,512}) Postfix \(Postfix-([^ ]+)-([^ ]+)\) \(([^ ]+)\) *$">
962
965
  <description>Postfix - version + build, followed by os</description>
963
966
  <param pos="0" name="service.vendor" value="Postfix"/>
964
967
  <param pos="0" name="service.family" value="Postfix"/>
@@ -970,10 +973,10 @@
970
973
  <param pos="4" name="postfix.os.info"/>
971
974
  </fingerprint>
972
975
 
973
- <fingerprint pattern="^([^ ]+) ESMTP Postfix \(?([\d.]+)\)?$">
976
+ <fingerprint pattern="^([^ ]{1,512}) ESMTP Postfix \(?([\d.]+)\)?$">
974
977
  <description>Postfix - Std semantic versioning, w/ optional parens</description>
975
- <example service.version="3.1.4">foo.bar ESMTP Postfix (3.1.4)</example>
976
- <example service.version="2.7.1">foo.bar ESMTP Postfix 2.7.1</example>
978
+ <example service.version="3.1.4" host.name="foo.bar">foo.bar ESMTP Postfix (3.1.4)</example>
979
+ <example service.version="2.7.1" host.name="foo.bar">foo.bar ESMTP Postfix 2.7.1</example>
977
980
  <param pos="0" name="service.vendor" value="Postfix"/>
978
981
  <param pos="0" name="service.family" value="Postfix"/>
979
982
  <param pos="0" name="service.product" value="Postfix"/>
@@ -982,9 +985,9 @@
982
985
  <param pos="0" name="service.cpe23" value="cpe:/a:postfix:postfix:{service.version}"/>
983
986
  </fingerprint>
984
987
 
985
- <fingerprint pattern="^([^ ]+) ESMTP Postfix \((?:Postfix-)?([\d.]+)-([^ ]+)\)$">
988
+ <fingerprint pattern="^([^ ]{1,512}) ESMTP Postfix \((?:Postfix-)?([\d.]+)-([^ ]+)\)$">
986
989
  <description>Postfix - version + build</description>
987
- <example service.version="2.8" service.version.version="20100306">foo.bar ESMTP Postfix (2.8-20100306)</example>
990
+ <example service.version="2.8" service.version.version="20100306" host.name="foo.bar">foo.bar ESMTP Postfix (2.8-20100306)</example>
988
991
  <param pos="0" name="service.vendor" value="Postfix"/>
989
992
  <param pos="0" name="service.family" value="Postfix"/>
990
993
  <param pos="0" name="service.product" value="Postfix"/>
@@ -994,9 +997,9 @@
994
997
  <param pos="0" name="service.cpe23" value="cpe:/a:postfix:postfix:{service.version}"/>
995
998
  </fingerprint>
996
999
 
997
- <fingerprint pattern="^([^ ]+) +E?SMTP Postfix \(Ubuntu\)$">
1000
+ <fingerprint pattern="^([^ ]{1,512}) +E?SMTP Postfix \(Ubuntu\)$">
998
1001
  <description>Postfix - Ubuntu</description>
999
- <example>foo.bar ESMTP Postfix (Ubuntu)</example>
1002
+ <example host.name="foo.bar">foo.bar ESMTP Postfix (Ubuntu)</example>
1000
1003
  <param pos="0" name="service.vendor" value="Postfix"/>
1001
1004
  <param pos="0" name="service.family" value="Postfix"/>
1002
1005
  <param pos="0" name="service.product" value="Postfix"/>
@@ -1008,10 +1011,10 @@
1008
1011
  <param pos="0" name="os.cpe23" value="cpe:/o:canonical:ubuntu_linux:-"/>
1009
1012
  </fingerprint>
1010
1013
 
1011
- <fingerprint pattern="^([^ ]+)(?: ESMTP)? Hi, I'm a Mail-in-a-Box \(Ubuntu/Postfix; see https://mailinabox.email/\)$">
1014
+ <fingerprint pattern="^([^ ]{1,512})(?: ESMTP)? Hi, I'm a Mail-in-a-Box \(Ubuntu/Postfix; see https://mailinabox.email/\)$">
1012
1015
  <description>Postfix - Ubuntu, Mail-in-a-Box package</description>
1013
- <example>foo.bar ESMTP Hi, I'm a Mail-in-a-Box (Ubuntu/Postfix; see https://mailinabox.email/)</example>
1014
- <example>foo.bar Hi, I'm a Mail-in-a-Box (Ubuntu/Postfix; see https://mailinabox.email/)</example>
1016
+ <example host.name="foo.bar">foo.bar ESMTP Hi, I'm a Mail-in-a-Box (Ubuntu/Postfix; see https://mailinabox.email/)</example>
1017
+ <example host.name="foo.bar">foo.bar Hi, I'm a Mail-in-a-Box (Ubuntu/Postfix; see https://mailinabox.email/)</example>
1015
1018
  <param pos="0" name="service.vendor" value="Postfix"/>
1016
1019
  <param pos="0" name="service.family" value="Postfix"/>
1017
1020
  <param pos="0" name="service.product" value="Postfix"/>
@@ -1023,9 +1026,9 @@
1023
1026
  <param pos="0" name="os.cpe23" value="cpe:/o:canonical:ubuntu_linux:-"/>
1024
1027
  </fingerprint>
1025
1028
 
1026
- <fingerprint pattern="^([^ ]+) +E?SMTP Postfix \(Debian/GNU\)$">
1029
+ <fingerprint pattern="^([^ ]{1,512}) +E?SMTP Postfix \(Debian/GNU\)$">
1027
1030
  <description>Postfix - Debian</description>
1028
- <example>foo.bar ESMTP Postfix (Debian/GNU)</example>
1031
+ <example host.name="foo.bar">foo.bar ESMTP Postfix (Debian/GNU)</example>
1029
1032
  <param pos="0" name="service.vendor" value="Postfix"/>
1030
1033
  <param pos="0" name="service.family" value="Postfix"/>
1031
1034
  <param pos="0" name="service.product" value="Postfix"/>
@@ -1037,9 +1040,9 @@
1037
1040
  <param pos="0" name="os.cpe23" value="cpe:/o:debian:debian_linux:-"/>
1038
1041
  </fingerprint>
1039
1042
 
1040
- <fingerprint pattern="^([^ ]+) ESMTP.* Postfix *\(.+\) *$">
1043
+ <fingerprint pattern="^([^ ]{1,512}) ESMTP.* Postfix *\(.+\) *$">
1041
1044
  <description>Postfix - generic banner with amusing comments in parentheses</description>
1042
- <example>foo.bar ESMTP Postfix (lol)</example>
1045
+ <example host.name="foo.bar">foo.bar ESMTP Postfix (lol)</example>
1043
1046
  <param pos="0" name="service.vendor" value="Postfix"/>
1044
1047
  <param pos="0" name="service.family" value="Postfix"/>
1045
1048
  <param pos="0" name="service.product" value="Postfix"/>
@@ -1047,10 +1050,10 @@
1047
1050
  <param pos="1" name="host.name"/>
1048
1051
  </fingerprint>
1049
1052
 
1050
- <fingerprint pattern="^(?i)([^ ]+) +E?SMTP.* Postfix *$">
1053
+ <fingerprint pattern="(?i)^([^ ]{1,512}) {1,8}E?SMTP.* Postfix *$">
1051
1054
  <description>Postfix - generic banner</description>
1052
- <example>foo.bar ESMTP Postfix</example>
1053
- <example>foo.bar SMTP Postfix</example>
1055
+ <example host.name="foo.bar">foo.bar ESMTP Postfix</example>
1056
+ <example host.name="foo.bar">foo.bar SMTP Postfix</example>
1054
1057
  <param pos="0" name="service.vendor" value="Postfix"/>
1055
1058
  <param pos="0" name="service.family" value="Postfix"/>
1056
1059
  <param pos="0" name="service.product" value="Postfix"/>
@@ -1058,7 +1061,7 @@
1058
1061
  <param pos="1" name="host.name"/>
1059
1062
  </fingerprint>
1060
1063
 
1061
- <fingerprint pattern="^ *ESMTP Postfix$">
1064
+ <fingerprint pattern="^ {0,512}ESMTP Postfix$">
1062
1065
  <description>Postfix - banner without hostname or version</description>
1063
1066
  <example>ESMTP Postfix</example>
1064
1067
  <param pos="0" name="service.vendor" value="Postfix"/>
@@ -1067,7 +1070,7 @@
1067
1070
  <param pos="0" name="service.cpe23" value="cpe:/a:postfix:postfix:-"/>
1068
1071
  </fingerprint>
1069
1072
 
1070
- <fingerprint pattern="^(?i)([^ ]+) POSTFIX$">
1073
+ <fingerprint pattern="(?i)^([^ ]{1,512}) POSTFIX$">
1071
1074
  <description>Postfix - generic w/o ESMTP</description>
1072
1075
  <example host.name="foo.bar">foo.bar Postfix</example>
1073
1076
  <param pos="0" name="service.vendor" value="Postfix"/>
@@ -1077,7 +1080,7 @@
1077
1080
  <param pos="1" name="host.name"/>
1078
1081
  </fingerprint>
1079
1082
 
1080
- <fingerprint pattern="^([^ ]+) ESMTP server \((?i:P)ost\.(?i:O)ffice v([^ ]+\.[^ ]+)(?: release)? (.+) ID# ([^ ]+)\) ready (.+) *$">
1083
+ <fingerprint pattern="^([^ ]{1,512}) ESMTP server \((?i:P)ost\.(?i:O)ffice v([^ ]+\.[^ ]+)(?: release)? (.+) ID# ([^ ]+)\) ready (.+) *$">
1081
1084
  <description>Post.Office</description>
1082
1085
  <example host.name="foo.bar" service.version="3.8.4" postoffice.build="116" postoffice.id="1001-65749U100L10S0V38" system.time="Thu, 30 Nov 2017 18:46:24 +0900">foo.bar ESMTP server (post.office v3.8.4 release 116 ID# 1001-65749U100L10S0V38) ready Thu, 30 Nov 2017 18:46:24 +0900</example>
1083
1086
  <example host.name="foo.bar" service.version="3.1" postoffice.build="PO205e" postoffice.id="0-42000U100L2S100" system.time="Tue, 6 Feb 2001 19:38:32 +0100">foo.bar ESMTP server (Post.Office v3.1 release PO205e ID# 0-42000U100L2S100) ready Tue, 6 Feb 2001 19:38:32 +0100</example>
@@ -1091,14 +1094,14 @@
1091
1094
  <param pos="5" name="system.time"/>
1092
1095
  </fingerprint>
1093
1096
 
1094
- <fingerprint pattern="^([^ ]+) Generic SMTP handler *$">
1097
+ <fingerprint pattern="^([^ ]{1,512}) Generic SMTP handler *$">
1095
1098
  <description>Raptor Firewall (low confidence)</description>
1096
1099
  <example host.name="foo.bar">foo.bar Generic SMTP handler</example>
1097
1100
  <param pos="0" name="service.product" value="raptor"/>
1098
1101
  <param pos="1" name="host.name"/>
1099
1102
  </fingerprint>
1100
1103
 
1101
- <fingerprint pattern="^(\S+) SAP (\S+) E?SMTP service ready$">
1104
+ <fingerprint pattern="^(\S{1,512}) SAP (\S+) E?SMTP service ready$">
1102
1105
  <description>SAP SMTP Server</description>
1103
1106
  <example host.name="foo.bar" service.version="8.04(53)">foo.bar SAP 8.04(53) ESMTP service ready</example>
1104
1107
  <param pos="0" name="service.vendor" value="SAP"/>
@@ -1116,9 +1119,9 @@
1116
1119
  <param pos="0" name="service.cpe23" value="cpe:/a:sendmail:sendmail:-"/>
1117
1120
  </fingerprint>
1118
1121
 
1119
- <fingerprint pattern="^([^ ]+) +ESMTP +Sendmail +([^ ]+) \(PHNE_([^ ]+)\) */ *(.+); *(.+) \(.+\)$">
1122
+ <fingerprint pattern="^([^ ]{1,512}) +ESMTP +Sendmail +([^ ]+) \(PHNE_([^ ]+)\) */ *(.+); *(.+) \(.+\)$">
1120
1123
  <description>Sendmail - HP-UX with a PHNE (HP Networking patch) installed</description>
1121
- <example host.name="foo.bar" service.version="8.8.6" sendmail.config.version="8.7.1">foo.bar ESMTP Sendmail 8.8.6 (PHNE_14041)/8.7.1; Tue, 6 Feb 2001 10:04:32 -0300 (SAT)</example>
1124
+ <example host.name="foo.bar" service.version="8.8.6" sendmail.config.version="8.7.1" sendmail.hpux.phne.version="14041" system.time="Tue, 6 Feb 2001 10:04:32 -0300">foo.bar ESMTP Sendmail 8.8.6 (PHNE_14041)/8.7.1; Tue, 6 Feb 2001 10:04:32 -0300 (SAT)</example>
1122
1125
  <param pos="0" name="service.vendor" value="Sendmail"/>
1123
1126
  <param pos="0" name="service.family" value="Sendmail"/>
1124
1127
  <param pos="0" name="service.product" value="Sendmail"/>
@@ -1135,9 +1138,9 @@
1135
1138
  <param pos="5" name="system.time"/>
1136
1139
  </fingerprint>
1137
1140
 
1138
- <fingerprint pattern="^(\S+) ESMTP Sendmail \S+ version ([\d\.]+) - Revision \S+ HP-UX([\d\.]+).*(\w\w\w, \d+ \w\w\w \d\d\d\d [\d:]+ \w\w\w)$">
1141
+ <fingerprint pattern="^(\S{1,512}) ESMTP Sendmail \S+ version ([\d\.]+) - Revision \S+ HP-UX([\d\.]+).*(\w\w\w, \d+ \w\w\w \d\d\d\d [\d:]+ \w\w\w)$">
1139
1142
  <description>Sendmail - HP-UX</description>
1140
- <example host.name="foo.bar" os.version="11.31" service.version="8.13.3">foo.bar ESMTP Sendmail @(#)Sendmail version 8.13.3 - Revision 1.004:: HP-UX11.31 - 03rd February,2010/8.11.1; Wed, 20 May 2015 23:35:38 GMT</example>
1143
+ <example host.name="foo.bar" os.version="11.31" service.version="8.13.3" system.time="Wed, 20 May 2015 23:35:38 GMT">foo.bar ESMTP Sendmail @(#)Sendmail version 8.13.3 - Revision 1.004:: HP-UX11.31 - 03rd February,2010/8.11.1; Wed, 20 May 2015 23:35:38 GMT</example>
1141
1144
  <param pos="0" name="service.vendor" value="Sendmail"/>
1142
1145
  <param pos="0" name="service.family" value="Sendmail"/>
1143
1146
  <param pos="0" name="service.product" value="Sendmail"/>
@@ -1153,9 +1156,9 @@
1153
1156
  <param pos="4" name="system.time"/>
1154
1157
  </fingerprint>
1155
1158
 
1156
- <fingerprint pattern="^([^ ]+) +ESMTP +Sendmail +([^ ]+)/UW([^ ]+) ready at *(.+) \(.+\) *$">
1159
+ <fingerprint pattern="^([^ ]{1,512}) {1,8}ESMTP +Sendmail +([^ ]+)/UW([^ ]+) ready at *(.+) \(.+\) *$">
1157
1160
  <description>Sendmail - Unixware</description>
1158
- <example service.version="8.8.7">foo.bar ESMTP Sendmail 8.8.7/UW7.1.0 ready at Tue, 6 Feb 2001 16:39:30 -0300 (GMT-0300)</example>
1161
+ <example service.version="8.8.7" host.name="foo.bar" os.version="7.1.0" system.time="Tue, 6 Feb 2001 16:39:30 -0300">foo.bar ESMTP Sendmail 8.8.7/UW7.1.0 ready at Tue, 6 Feb 2001 16:39:30 -0300 (GMT-0300)</example>
1159
1162
  <param pos="0" name="service.vendor" value="Sendmail"/>
1160
1163
  <param pos="0" name="service.family" value="Sendmail"/>
1161
1164
  <param pos="0" name="service.product" value="Sendmail"/>
@@ -1170,9 +1173,9 @@
1170
1173
  <param pos="4" name="system.time"/>
1171
1174
  </fingerprint>
1172
1175
 
1173
- <fingerprint pattern="^([^ ]+) ESMTP Sendmail AIX([^/]+)/UCB ([^;]+); (.+) \(.+\)$">
1176
+ <fingerprint pattern="^([^ ]{1,512}) ESMTP Sendmail AIX([^/]+)/UCB ([^;]+); (.+) \(.+\)$">
1174
1177
  <description>Sendmail - AIX (UCB variant)</description>
1175
- <example os.version="4.2" service.version="8.7">foo.bar ESMTP Sendmail AIX4.2/UCB 8.7; Sun, 29 Jul 2001 22:34:37 -0400 (EDT)</example>
1178
+ <example os.version="4.2" service.version="8.7" host.name="foo.bar" system.time="Sun, 29 Jul 2001 22:34:37 -0400">foo.bar ESMTP Sendmail AIX4.2/UCB 8.7; Sun, 29 Jul 2001 22:34:37 -0400 (EDT)</example>
1176
1179
  <param pos="0" name="service.vendor" value="Sendmail"/>
1177
1180
  <param pos="0" name="service.family" value="Sendmail"/>
1178
1181
  <param pos="0" name="service.product" value="Sendmail"/>
@@ -1188,9 +1191,9 @@
1188
1191
  <param pos="4" name="system.time"/>
1189
1192
  </fingerprint>
1190
1193
 
1191
- <fingerprint pattern="^([^ ]+) Sendmail AIX([^/]+)/UCB ([^/]+)/([^ ]+) ready at (.+)$">
1194
+ <fingerprint pattern="^([^ ]{1,512}) Sendmail AIX([^/]+)/UCB ([^/]+)/([^ ]+) ready at (.+)$">
1192
1195
  <description>Sendmail - AIX (UCB/ready at variant)</description>
1193
- <example>foo.bar Sendmail AIX 4.1/UCB 5.64/4.03 ready at Mon, 30 Jul 2001 00:42:21 -0500</example>
1196
+ <example host.name="foo.bar" os.version=" 4.1" service.version="5.64" sendmail.config.version="4.03" system.time="Mon, 30 Jul 2001 00:42:21 -0500">foo.bar Sendmail AIX 4.1/UCB 5.64/4.03 ready at Mon, 30 Jul 2001 00:42:21 -0500</example>
1194
1197
  <param pos="0" name="service.vendor" value="Sendmail"/>
1195
1198
  <param pos="0" name="service.family" value="Sendmail"/>
1196
1199
  <param pos="0" name="service.product" value="Sendmail"/>
@@ -1207,10 +1210,10 @@
1207
1210
  <param pos="5" name="system.time"/>
1208
1211
  </fingerprint>
1209
1212
 
1210
- <fingerprint pattern="^([^ ]+) ESMTP Sendmail AIX([^/]+)/([^/]+)/([^;]+); (.+)(?: \(.+\))?$">
1213
+ <fingerprint pattern="^([^ ]{1,512}) ESMTP Sendmail AIX([^/]+)/([^/]+)/([^;]+); (.+)(?: \(.+\))?$">
1211
1214
  <description>Sendmail - AIX</description>
1212
- <example host.name="foo.bar" os.version="4.2" service.version="8.7" sendmail.config.version="8.8">foo.bar ESMTP Sendmail AIX4.2/8.7/8.8; Sun, 29 Jul 2001 22:34:37 -0400 (EDT)</example>
1213
- <example host.name="foo.bar" os.version="5.1" service.version="8.11.6p2" sendmail.config.version="8.11.0">foo.bar ESMTP Sendmail AIX5.1/8.11.6p2/8.11.0; Fri, 28 Aug 1970 19:42:05 -0800</example>
1215
+ <example host.name="foo.bar" os.version="4.2" service.version="8.7" sendmail.config.version="8.8" system.time="Sun, 29 Jul 2001 22:34:37 -0400 (EDT)">foo.bar ESMTP Sendmail AIX4.2/8.7/8.8; Sun, 29 Jul 2001 22:34:37 -0400 (EDT)</example>
1216
+ <example host.name="foo.bar" os.version="5.1" service.version="8.11.6p2" sendmail.config.version="8.11.0" system.time="Fri, 28 Aug 1970 19:42:05 -0800">foo.bar ESMTP Sendmail AIX5.1/8.11.6p2/8.11.0; Fri, 28 Aug 1970 19:42:05 -0800</example>
1214
1217
  <param pos="0" name="service.vendor" value="Sendmail"/>
1215
1218
  <param pos="0" name="service.family" value="Sendmail"/>
1216
1219
  <param pos="0" name="service.product" value="Sendmail"/>
@@ -1227,9 +1230,9 @@
1227
1230
  <param pos="5" name="system.time"/>
1228
1231
  </fingerprint>
1229
1232
 
1230
- <fingerprint pattern="^([^ ]+) ESMTP Sendmail ([^/]+)/([^/]+)/SuSE Linux ([^;]+); (.+)$">
1233
+ <fingerprint pattern="^([^ ]{1,512}) ESMTP Sendmail ([^/]+)/([^/]+)/SuSE Linux ([^;]+); (.+)$">
1231
1234
  <description>Sendmail - SuSE Linux</description>
1232
- <example>foo.bar ESMTP Sendmail 8.9.3/8.9.3/SuSE Linux 8.9.3-0.1; Mon, 30 Jul 2001 04:48:54 +0200</example>
1235
+ <example host.name="foo.bar" service.version="8.9.3" sendmail.config.version="8.9.3" sendmail.vendor.version="8.9.3-0.1" system.time="Mon, 30 Jul 2001 04:48:54 +0200">foo.bar ESMTP Sendmail 8.9.3/8.9.3/SuSE Linux 8.9.3-0.1; Mon, 30 Jul 2001 04:48:54 +0200</example>
1233
1236
  <param pos="0" name="service.vendor" value="Sendmail"/>
1234
1237
  <param pos="0" name="service.family" value="Sendmail"/>
1235
1238
  <param pos="0" name="service.product" value="Sendmail"/>
@@ -1246,9 +1249,9 @@
1246
1249
  <param pos="5" name="system.time"/>
1247
1250
  </fingerprint>
1248
1251
 
1249
- <fingerprint pattern="^([^ ]+) ESMTP Sendmail ([^ ]+)\+Sun/([^ ]+); (.+)$">
1252
+ <fingerprint pattern="^([^ ]{1,512}) ESMTP Sendmail ([^ ]+)\+Sun/([^ ]+); (.+)$">
1250
1253
  <description>Sendmail - Solaris with date (no time offeset variant)</description>
1251
- <example>foo.bar ESMTP Sendmail 8.9.3+Sun/8.9.1; Mon, 30 Jul 2001 02:50:22 GMT</example>
1254
+ <example host.name="foo.bar" service.version="8.9.3" sendmail.config.version="8.9.1" system.time="Mon, 30 Jul 2001 02:50:22 GMT">foo.bar ESMTP Sendmail 8.9.3+Sun/8.9.1; Mon, 30 Jul 2001 02:50:22 GMT</example>
1252
1255
  <param pos="0" name="service.vendor" value="Sendmail"/>
1253
1256
  <param pos="0" name="service.family" value="Sendmail"/>
1254
1257
  <param pos="0" name="service.product" value="Sendmail"/>
@@ -1264,9 +1267,9 @@
1264
1267
  <param pos="4" name="system.time"/>
1265
1268
  </fingerprint>
1266
1269
 
1267
- <fingerprint pattern="^([^ ]+) ESMTP Sendmail ([^ ]+)\+Sun/([^ ]+) ready at (.+) \(.+\)$">
1270
+ <fingerprint pattern="^([^ ]{1,512}) ESMTP Sendmail ([^ ]+)\+Sun/([^ ]+) ready at (.+) \(.+\)$">
1268
1271
  <description>Sendmail - Solaris with date (ready variant)</description>
1269
- <example>foo.bar ESMTP Sendmail 8.8.8+Sun/8.6.4 ready at Thu, 15 Nov 2000 11:40:32 -0800 (PST)</example>
1272
+ <example host.name="foo.bar" service.version="8.8.8" sendmail.config.version="8.6.4" system.time="Thu, 15 Nov 2000 11:40:32 -0800">foo.bar ESMTP Sendmail 8.8.8+Sun/8.6.4 ready at Thu, 15 Nov 2000 11:40:32 -0800 (PST)</example>
1270
1273
  <param pos="0" name="service.vendor" value="Sendmail"/>
1271
1274
  <param pos="0" name="service.family" value="Sendmail"/>
1272
1275
  <param pos="0" name="service.product" value="Sendmail"/>
@@ -1282,10 +1285,10 @@
1282
1285
  <param pos="4" name="system.time"/>
1283
1286
  </fingerprint>
1284
1287
 
1285
- <fingerprint pattern="^([^ ]+) ESMTP (?:Debian )?Sendmail ([^/]+)/([^/]+)/Debian ([^/]+); (.+) *$">
1288
+ <fingerprint pattern="^([^ ]{1,512}) ESMTP (?:Debian )?Sendmail ([^/]+)/([^/]+)/Debian ([^/]+); (.+) *$">
1286
1289
  <description>Sendmail - Debian</description>
1287
- <example service.version="8.12.0.Beta7" sendmail.config.version="8.12.0.Beta7" sendmail.vendor.version="8.12.0.Beta7-1">foo.bar ESMTP Debian Sendmail 8.12.0.Beta7/8.12.0.Beta7/Debian 8.12.0.Beta7-1; Sun, 29 Jul 2001 18:52:20 -0800</example>
1288
- <example service.version="8.11.0" sendmail.config.version="8.9.3" sendmail.vendor.version="8.9.3-21">foo.bar ESMTP Sendmail 8.11.0/8.9.3/Debian 8.9.3-21; Sun, 29 Jul 2001 19:51:00 -0700</example>
1290
+ <example service.version="8.12.0.Beta7" sendmail.config.version="8.12.0.Beta7" sendmail.vendor.version="8.12.0.Beta7-1" host.name="foo.bar" system.time="Sun, 29 Jul 2001 18:52:20 -0800">foo.bar ESMTP Debian Sendmail 8.12.0.Beta7/8.12.0.Beta7/Debian 8.12.0.Beta7-1; Sun, 29 Jul 2001 18:52:20 -0800</example>
1291
+ <example service.version="8.11.0" sendmail.config.version="8.9.3" sendmail.vendor.version="8.9.3-21" host.name="foo.bar" system.time="Sun, 29 Jul 2001 19:51:00 -0700">foo.bar ESMTP Sendmail 8.11.0/8.9.3/Debian 8.9.3-21; Sun, 29 Jul 2001 19:51:00 -0700</example>
1289
1292
  <param pos="0" name="service.vendor" value="Sendmail"/>
1290
1293
  <param pos="0" name="service.family" value="Sendmail"/>
1291
1294
  <param pos="0" name="service.product" value="Sendmail"/>
@@ -1302,10 +1305,10 @@
1302
1305
  <param pos="5" name="system.time"/>
1303
1306
  </fingerprint>
1304
1307
 
1305
- <fingerprint pattern="^([^ ]+) ESMTP Sendmail ([^/]+)/([^/]+)/Debian-\d\+(?:wheezy|deb7u)\d; (.+); .*$">
1308
+ <fingerprint pattern="^([^ ]{1,512}) ESMTP Sendmail ([^/]+)/([^/]+)/Debian-\d\+(?:wheezy|deb7u)\d; (.+);">
1306
1309
  <description>Sendmail - Debian 7.x (wheezy)</description>
1307
- <example service.version="8.14.4">foo.bar ESMTP Sendmail 8.14.4/8.14.4/Debian-4+wheezy1; Thu, 30 Nov 2017 10:33:05 +0100; (No UCE/UBE) logging access from: xyz.foo.bar(OK)-xyz.foo.bar [10.0.0.1]</example>
1308
- <example service.version="8.14.4">foo.bar ESMTP Sendmail 8.14.4/8.14.4/Debian-4+deb7u1; Thu, 30 Nov 2017 11:00:33 +0100; (No UCE/UBE) logging access from: xyz.foo.bar(OK)-xyz.foo.bar [10.0.0.1]</example>
1310
+ <example host.name="foo.bar" service.version="8.14.4" sendmail.config.version="8.14.4" system.time="Thu, 30 Nov 2017 10:33:05 +0100">foo.bar ESMTP Sendmail 8.14.4/8.14.4/Debian-4+wheezy1; Thu, 30 Nov 2017 10:33:05 +0100; (No UCE/UBE) logging access from: xyz.foo.bar(OK)-xyz.foo.bar [10.0.0.1]</example>
1311
+ <example service.version="8.14.4" host.name="foo.bar" sendmail.config.version="8.14.4" system.time="Thu, 30 Nov 2017 11:00:33 +0100">foo.bar ESMTP Sendmail 8.14.4/8.14.4/Debian-4+deb7u1; Thu, 30 Nov 2017 11:00:33 +0100; (No UCE/UBE) logging access from: xyz.foo.bar(OK)-xyz.foo.bar [10.0.0.1]</example>
1309
1312
  <param pos="0" name="service.vendor" value="Sendmail"/>
1310
1313
  <param pos="0" name="service.family" value="Sendmail"/>
1311
1314
  <param pos="0" name="service.product" value="Sendmail"/>
@@ -1322,9 +1325,9 @@
1322
1325
  <param pos="4" name="system.time"/>
1323
1326
  </fingerprint>
1324
1327
 
1325
- <fingerprint pattern="^([^ ]+) ESMTP Sendmail ([^/]+)/([^/]+)/Debian-\d\+deb8u\d; (.+); .*$">
1328
+ <fingerprint pattern="^([^ ]{1,512}) ESMTP Sendmail ([^/]+)/([^/]+)/Debian-\d\+deb8u\d; (.+);">
1326
1329
  <description>Sendmail - Debian 8.x (jessie)</description>
1327
- <example service.version="8.14.4">foo.bar ESMTP Sendmail 8.14.4/8.14.4/Debian-8+deb8u2; Thu, 30 Nov 2017 10:25:48 +0100; (No UCE/UBE) logging access from: xyz.foo.bar(OK)-xyz.foo.bar [10.0.0.1]</example>
1330
+ <example service.version="8.14.4" host.name="foo.bar" sendmail.config.version="8.14.4" system.time="Thu, 30 Nov 2017 10:25:48 +0100">foo.bar ESMTP Sendmail 8.14.4/8.14.4/Debian-8+deb8u2; Thu, 30 Nov 2017 10:25:48 +0100; (No UCE/UBE) logging access from: xyz.foo.bar(OK)-xyz.foo.bar [10.0.0.1]</example>
1328
1331
  <param pos="0" name="service.vendor" value="Sendmail"/>
1329
1332
  <param pos="0" name="service.family" value="Sendmail"/>
1330
1333
  <param pos="0" name="service.product" value="Sendmail"/>
@@ -1341,9 +1344,9 @@
1341
1344
  <param pos="4" name="system.time"/>
1342
1345
  </fingerprint>
1343
1346
 
1344
- <fingerprint pattern="^([^ ]+) ESMTP Sendmail ([^/]+)/([^/]+)/Debian-\d\+deb9u1; (.+); .*$">
1347
+ <fingerprint pattern="^([^ ]{1,512}) ESMTP Sendmail ([^/]+)/([^/]+)/Debian-\d\+deb9u1; (.+);">
1345
1348
  <description>Sendmail - Debian 9.1 (stretch)</description>
1346
- <example service.version="8.15.2">foo.bar ESMTP Sendmail 8.15.2/8.15.2/Debian-8+deb9u1; Thu, 29 Apr 2021 06:45:02 +0200; (No UCE/UBE) logging access from: xyz.foo.bar(OK)-xyz.foo.bar [10.0.0.1]</example>
1349
+ <example host.name="foo.bar" service.version="8.15.2" sendmail.config.version="8.15.2" system.time="Thu, 29 Apr 2021 06:45:02 +0200">foo.bar ESMTP Sendmail 8.15.2/8.15.2/Debian-8+deb9u1; Thu, 29 Apr 2021 06:45:02 +0200; (No UCE/UBE) logging access from: xyz.foo.bar(OK)-xyz.foo.bar [10.0.0.1]</example>
1347
1350
  <param pos="0" name="service.vendor" value="Sendmail"/>
1348
1351
  <param pos="0" name="service.family" value="Sendmail"/>
1349
1352
  <param pos="0" name="service.product" value="Sendmail"/>
@@ -1360,9 +1363,9 @@
1360
1363
  <param pos="4" name="system.time"/>
1361
1364
  </fingerprint>
1362
1365
 
1363
- <fingerprint pattern="^([^ ]+) ESMTP Sendmail ([^/]+)/([^/]+)/Debian-\d\+lenny\d; (.+); .*$">
1366
+ <fingerprint pattern="^([^ ]{1,512}) ESMTP Sendmail ([^/]+)/([^/]+)/Debian-\d\+lenny\d; (.+);">
1364
1367
  <description>Sendmail - Debian 5.x (lenny)</description>
1365
- <example service.version="8.14.3">foo.bar ESMTP Sendmail 8.14.3/8.14.3/Debian-5+lenny1; Thu, 30 Nov 2017 12:29:40 +0300; (No UCE/UBE) logging access from: xyz.foo.bar(OK)-xyz.foo.bar [10.0.0.1]</example>
1368
+ <example service.version="8.14.3" host.name="foo.bar" sendmail.config.version="8.14.3" system.time="Thu, 30 Nov 2017 12:29:40 +0300">foo.bar ESMTP Sendmail 8.14.3/8.14.3/Debian-5+lenny1; Thu, 30 Nov 2017 12:29:40 +0300; (No UCE/UBE) logging access from: xyz.foo.bar(OK)-xyz.foo.bar [10.0.0.1]</example>
1366
1369
  <param pos="0" name="service.vendor" value="Sendmail"/>
1367
1370
  <param pos="0" name="service.family" value="Sendmail"/>
1368
1371
  <param pos="0" name="service.product" value="Sendmail"/>
@@ -1379,9 +1382,9 @@
1379
1382
  <param pos="4" name="system.time"/>
1380
1383
  </fingerprint>
1381
1384
 
1382
- <fingerprint pattern="^([^ ]+) ESMTP Sendmail ([^/]+)/([^/]+)/Debian-\d\+etch\d; (.+); .*$">
1385
+ <fingerprint pattern="^([^ ]{1,512}) ESMTP Sendmail ([^/]+)/([^/]+)/Debian-\d\+etch\d; (.+);">
1383
1386
  <description>Sendmail - Debian 4.x (etch)</description>
1384
- <example service.version="8.13.8" sendmail.config.version="8.13.8">foo.bar ESMTP Sendmail 8.13.8/8.13.8/Debian-3+etch1; Thu, 30 Nov 2017 10:28:23 +0100; (No UCE/UBE) logging access from: xyz.foo.bar(OK)-xyz.foo.bar [10.0.0.1]</example>
1387
+ <example service.version="8.13.8" sendmail.config.version="8.13.8" host.name="foo.bar" system.time="Thu, 30 Nov 2017 10:28:23 +0100">foo.bar ESMTP Sendmail 8.13.8/8.13.8/Debian-3+etch1; Thu, 30 Nov 2017 10:28:23 +0100; (No UCE/UBE) logging access from: xyz.foo.bar(OK)-xyz.foo.bar [10.0.0.1]</example>
1385
1388
  <param pos="0" name="service.vendor" value="Sendmail"/>
1386
1389
  <param pos="0" name="service.family" value="Sendmail"/>
1387
1390
  <param pos="0" name="service.product" value="Sendmail"/>
@@ -1398,9 +1401,9 @@
1398
1401
  <param pos="4" name="system.time"/>
1399
1402
  </fingerprint>
1400
1403
 
1401
- <fingerprint pattern="^([^ ]+) ESMTP Sendmail ([^/]+)/([^/]+)/Debian-\dsarge\d; (.+); .*$">
1404
+ <fingerprint pattern="^([^ ]{1,512}) ESMTP Sendmail ([^/]+)/([^/]+)/Debian-\dsarge\d; (.+);">
1402
1405
  <description>Sendmail - Debian 3.1 (sarge)</description>
1403
- <example service.version="8.13.4">foo.bar ESMTP Sendmail 8.13.4/8.13.4/Debian-3sarge1; Thu, 30 Nov 2017 10:55:47 +0100; (No UCE/UBE) logging access from: xyz.foo.bar(OK)-xyz.foo.bar [10.0.0.1]</example>
1406
+ <example service.version="8.13.4" host.name="foo.bar" sendmail.config.version="8.13.4" system.time="Thu, 30 Nov 2017 10:55:47 +0100">foo.bar ESMTP Sendmail 8.13.4/8.13.4/Debian-3sarge1; Thu, 30 Nov 2017 10:55:47 +0100; (No UCE/UBE) logging access from: xyz.foo.bar(OK)-xyz.foo.bar [10.0.0.1]</example>
1404
1407
  <param pos="0" name="service.vendor" value="Sendmail"/>
1405
1408
  <param pos="0" name="service.family" value="Sendmail"/>
1406
1409
  <param pos="0" name="service.product" value="Sendmail"/>
@@ -1417,11 +1420,11 @@
1417
1420
  <param pos="4" name="system.time"/>
1418
1421
  </fingerprint>
1419
1422
 
1420
- <fingerprint pattern="^([^ ]+) ESMTP Sendmail ([^/]+)/([^/]+)/Debian-\d(?:\.\d)?(?:build\d)?;+ (.+); .*$">
1423
+ <fingerprint pattern="^([^ ]{1,512}) ESMTP Sendmail ([^/]+)/([^/]+)/Debian-\d(?:\.\d)?(?:build\d)?;+ (.+);">
1421
1424
  <description>Sendmail - Debian patch only</description>
1422
- <example service.version="8.15.2">foo.bar ESMTP Sendmail 8.15.2/8.15.2/Debian-3; Thu, 30 Nov 2017 10:55:50 +0200; (No UCE/UBE) logging access from: xyz.foo.bar(OK)-xyz.foo.bar [10.0.0.1]</example>
1423
- <example service.version="8.14.3">foo.bar ESMTP Sendmail 8.14.3/8.14.3/Debian-9.4; Thu, 30 Nov 2017 10:11:54 +0100; (No UCE/UBE) logging access from: xyz.foo.bar(OK)-xyz.foo.bar [10.0.0.1]</example>
1424
- <example service.version="8.14.2">foo.bar ESMTP Sendmail 8.14.2/8.14.2/Debian-2build1; Thu, 30 Nov 2017 04:09:50 -0600; (No UCE/UBE) logging access from: xyz.foo.bar(OK)-xyz.foo.bar [10.0.0.1]</example>
1425
+ <example service.version="8.15.2" host.name="foo.bar" sendmail.config.version="8.15.2" system.time="Thu, 30 Nov 2017 10:55:50 +0200">foo.bar ESMTP Sendmail 8.15.2/8.15.2/Debian-3; Thu, 30 Nov 2017 10:55:50 +0200; (No UCE/UBE) logging access from: xyz.foo.bar(OK)-xyz.foo.bar [10.0.0.1]</example>
1426
+ <example service.version="8.14.3" host.name="foo.bar" sendmail.config.version="8.14.3" system.time="Thu, 30 Nov 2017 10:11:54 +0100">foo.bar ESMTP Sendmail 8.14.3/8.14.3/Debian-9.4; Thu, 30 Nov 2017 10:11:54 +0100; (No UCE/UBE) logging access from: xyz.foo.bar(OK)-xyz.foo.bar [10.0.0.1]</example>
1427
+ <example service.version="8.14.2" host.name="foo.bar" sendmail.config.version="8.14.2" system.time="Thu, 30 Nov 2017 04:09:50 -0600">foo.bar ESMTP Sendmail 8.14.2/8.14.2/Debian-2build1; Thu, 30 Nov 2017 04:09:50 -0600; (No UCE/UBE) logging access from: xyz.foo.bar(OK)-xyz.foo.bar [10.0.0.1]</example>
1425
1428
  <param pos="0" name="service.vendor" value="Sendmail"/>
1426
1429
  <param pos="0" name="service.family" value="Sendmail"/>
1427
1430
  <param pos="0" name="service.product" value="Sendmail"/>
@@ -1437,10 +1440,10 @@
1437
1440
  <param pos="4" name="system.time"/>
1438
1441
  </fingerprint>
1439
1442
 
1440
- <fingerprint pattern="^([^ ]+) ESMTP Sendmail ([^/]+)/[^/]+/Debian-[\d.]+ubuntu[^ ]*; (.+); .*$">
1443
+ <fingerprint pattern="^([^ ]{1,512}) ESMTP Sendmail ([^/]+)/[^/]+/Debian-[\d.]+ubuntu[^ ]*; (.+);">
1441
1444
  <description>Sendmail - Ubuntu</description>
1442
- <example service.version="8.13.5.20060308">foo.bar ESMTP Sendmail 8.13.5.20060308/8.13.5/Debian-3ubuntu1.1; Fri, 24 Jul 2009 01:41:21 -0700; (No UCE/UBE) logging access from: xyz.foo.bar(OK)-xyz.foo.bar [10.0.0.1]</example>
1443
- <example service.version="8.14.4">foo.bar ESMTP Sendmail 8.14.4/8.14.4/Debian-4.1ubuntu1; Thu, 30 Nov 2017 11:00:30 +0100; (No UCE/UBE) logging access from: xyz.foo.bar(OK)-xyz.foo.bar [10.0.0.1]</example>
1445
+ <example service.version="8.13.5.20060308" host.name="foo.bar" system.time="Fri, 24 Jul 2009 01:41:21 -0700">foo.bar ESMTP Sendmail 8.13.5.20060308/8.13.5/Debian-3ubuntu1.1; Fri, 24 Jul 2009 01:41:21 -0700; (No UCE/UBE) logging access from: xyz.foo.bar(OK)-xyz.foo.bar [10.0.0.1]</example>
1446
+ <example service.version="8.14.4" host.name="foo.bar" system.time="Thu, 30 Nov 2017 11:00:30 +0100">foo.bar ESMTP Sendmail 8.14.4/8.14.4/Debian-4.1ubuntu1; Thu, 30 Nov 2017 11:00:30 +0100; (No UCE/UBE) logging access from: xyz.foo.bar(OK)-xyz.foo.bar [10.0.0.1]</example>
1444
1447
  <param pos="0" name="service.vendor" value="Sendmail"/>
1445
1448
  <param pos="0" name="service.family" value="Sendmail"/>
1446
1449
  <param pos="0" name="service.product" value="Sendmail"/>
@@ -1455,9 +1458,9 @@
1455
1458
  <param pos="3" name="system.time"/>
1456
1459
  </fingerprint>
1457
1460
 
1458
- <fingerprint pattern="^([^ ]+) (?:E?SMTP )?Sendmail SMI-([^/]+)/(SMI-SVR4) ready at (.+)$">
1461
+ <fingerprint pattern="^([^ ]{1,512}) (?:E?SMTP )?Sendmail SMI-([^/]+)/(SMI-SVR4) ready at (.+)$">
1459
1462
  <description>Sendmail - Solaris (SMI variant)</description>
1460
- <example>foo.bar Sendmail SMI-8.6/SMI-SVR4 ready at Sun, 29 Jul 2001 22:58:46 -0400</example>
1463
+ <example host.name="foo.bar" service.version="8.6" sendmail.config.version="SMI-SVR4" system.time="Sun, 29 Jul 2001 22:58:46 -0400">foo.bar Sendmail SMI-8.6/SMI-SVR4 ready at Sun, 29 Jul 2001 22:58:46 -0400</example>
1461
1464
  <param pos="0" name="service.vendor" value="Sendmail"/>
1462
1465
  <param pos="0" name="service.family" value="Sendmail"/>
1463
1466
  <param pos="0" name="service.product" value="Sendmail"/>
@@ -1473,9 +1476,9 @@
1473
1476
  <param pos="4" name="system.time"/>
1474
1477
  </fingerprint>
1475
1478
 
1476
- <fingerprint pattern="^([^ ]+) ESMTP Sendmail ([^ ]+)/(linuxconf); (.+)$">
1479
+ <fingerprint pattern="^([^ ]{1,512}) ESMTP Sendmail ([^ ]+)/(linuxconf); (.+)$">
1477
1480
  <description>Sendmail - unknown platform (linuxconf variant)</description>
1478
- <example>foo.bar ESMTP Sendmail 8.9.3/linuxconf; Sun, 29 Jul 2001 22:48:28 -0400</example>
1481
+ <example host.name="foo.bar" service.version="8.9.3" sendmail.config.version="linuxconf" system.time="Sun, 29 Jul 2001 22:48:28 -0400">foo.bar ESMTP Sendmail 8.9.3/linuxconf; Sun, 29 Jul 2001 22:48:28 -0400</example>
1479
1482
  <param pos="0" name="service.vendor" value="Sendmail"/>
1480
1483
  <param pos="0" name="service.family" value="Sendmail"/>
1481
1484
  <param pos="0" name="service.product" value="Sendmail"/>
@@ -1489,9 +1492,9 @@
1489
1492
  <param pos="4" name="system.time"/>
1490
1493
  </fingerprint>
1491
1494
 
1492
- <fingerprint pattern="^([^ ]+) ESMTP MetaInfo Sendmail ([^ ]+) Build ([^ ]+) \(Berkeley ([^ ]+)\)/([^;]+); (.+)$">
1495
+ <fingerprint pattern="^([^ ]{1,512}) ESMTP MetaInfo Sendmail ([^ ]+) Build ([^ ]+) \(Berkeley ([^ ]+)\)/([^;]+); (.+)$">
1493
1496
  <description>Sendmail - MetaInfo</description>
1494
- <example host.name="foo.bar" service.version="8.8.6">foo.bar ESMTP MetaInfo Sendmail 2.5 Build 2630 (Berkeley 8.8.6)/8.8.4; Mon, 30 Jul</example>
1497
+ <example host.name="foo.bar" service.version="8.8.6" metainfo.version="2.5" metainfo.version.version="2630" sendmail.config.version="8.8.4" system.time="Mon, 30 Jul">foo.bar ESMTP MetaInfo Sendmail 2.5 Build 2630 (Berkeley 8.8.6)/8.8.4; Mon, 30 Jul</example>
1495
1498
  <param pos="0" name="service.vendor" value="MetaInfo"/>
1496
1499
  <param pos="0" name="service.family" value="Sendmail"/>
1497
1500
  <param pos="0" name="service.product" value="Sendmail"/>
@@ -1508,14 +1511,14 @@
1508
1511
  <param pos="6" name="system.time"/>
1509
1512
  </fingerprint>
1510
1513
 
1511
- <fingerprint pattern="^([^ ]+) +ESMTP .*Sendmail +([^/ ]+) */ *([^/ ]+); *((?:\w\w\w, \d+ \w\w\w \d\d\d\d [\d:]+ [-+]\d\d\d\d)?)(?: \(.+\))?$">
1514
+ <fingerprint pattern="^([^ ]{1,512}) +ESMTP .*Sendmail +([^/ ]+) */ *([^/ ]+); *((?:\w\w\w, \d+ \w\w\w \d\d\d\d [\d:]+ [-+]\d\d\d\d)?)(?: \(.+\))?$">
1512
1515
  <description>Sendmail - optional timezone and timestamp, w/o OS</description>
1513
1516
  <example host.name="foo.bar" service.version="8.9.3+3.4W" sendmail.config.version="8.9.3+3.4W" system.time="Tue, 30 Jan 2001 20:40:09 -0500">foo.bar ESMTP Sendmail 8.9.3+3.4W/8.9.3+3.4W; Tue, 30 Jan 2001 20:40:09 -0500 (EST)</example>
1514
1517
  <example host.name="foo.bar" service.version="8.12.10" sendmail.config.version="8.12.10">foo.bar ESMTP Sendmail 8.12.10/8.12.10;</example>
1515
- <example host.name="foo.bar" service.version="8.8.8" sendmail.config.version="8.8.9">foo.bar ESMTP Sendmail 8.8.8/8.8.9; Wed, 21 Nov 2001 23:39:07 +0100 (CET)</example>
1516
- <example host.name="foo.bar" service.version="8.8.8" sendmail.config.version="8.8.9">foo.bar ESMTP blah Sendmail 8.8.8/8.8.9; Wed, 21 Nov 2001 23:39:07 +0100 (CET)</example>
1517
- <example host.name="foo.bar" service.version="8.10.2" sendmail.config.version="8.10.3">foo.bar ESMTP Sendmail 8.10.2/8.10.3; Mon, 10 Sep 2001 08:37:14 -0400</example>
1518
- <example host.name="foo.bar" service.version="8.13.8" sendmail.config.version="8.13.9">foo.bar ESMTP foo-MTA Sendmail 8.13.8/8.13.9; Mon, 18 Apr 2011 08:52:38 -0700</example>
1518
+ <example host.name="foo.bar" service.version="8.8.8" sendmail.config.version="8.8.9" system.time="Wed, 21 Nov 2001 23:39:07 +0100">foo.bar ESMTP Sendmail 8.8.8/8.8.9; Wed, 21 Nov 2001 23:39:07 +0100 (CET)</example>
1519
+ <example host.name="foo.bar" service.version="8.8.8" sendmail.config.version="8.8.9" system.time="Wed, 21 Nov 2001 23:39:07 +0100">foo.bar ESMTP blah Sendmail 8.8.8/8.8.9; Wed, 21 Nov 2001 23:39:07 +0100 (CET)</example>
1520
+ <example host.name="foo.bar" service.version="8.10.2" sendmail.config.version="8.10.3" system.time="Mon, 10 Sep 2001 08:37:14 -0400">foo.bar ESMTP Sendmail 8.10.2/8.10.3; Mon, 10 Sep 2001 08:37:14 -0400</example>
1521
+ <example host.name="foo.bar" service.version="8.13.8" sendmail.config.version="8.13.9" system.time="Mon, 18 Apr 2011 08:52:38 -0700">foo.bar ESMTP foo-MTA Sendmail 8.13.8/8.13.9; Mon, 18 Apr 2011 08:52:38 -0700</example>
1519
1522
  <param pos="0" name="service.vendor" value="Sendmail"/>
1520
1523
  <param pos="0" name="service.product" value="Sendmail"/>
1521
1524
  <param pos="0" name="system.time.format" value="EEE, d MMM yyyy HH:mm:ss Z"/>
@@ -1526,7 +1529,7 @@
1526
1529
  <param pos="4" name="system.time"/>
1527
1530
  </fingerprint>
1528
1531
 
1529
- <fingerprint pattern="^([^ ]+) +ESMTP .*Sendmail +([^/ ]+) */ *([^/ ]+); *(\w\w\w, \d+ \w\w\w \d\d\d\d [\d:]+ \w+)\.?$">
1532
+ <fingerprint pattern="^([^ ]{1,512}) +ESMTP .*Sendmail +([^/ ]+) */ *([^/ ]+); *(\w\w\w, \d+ \w\w\w \d\d\d\d [\d:]+ \w+)\.?$">
1530
1533
  <description>Sendmail - with timezone and timestamp, w/o timezone offset or OS</description>
1531
1534
  <example host.name="foo.bar" service.version="8.14.4" sendmail.config.version="8.14.4" system.time="Thu, 5 Apr 2018 19:30:58 GMT">foo.bar ESMTP Sendmail 8.14.4/8.14.4; Thu, 5 Apr 2018 19:30:58 GMT</example>
1532
1535
  <param pos="0" name="service.vendor" value="Sendmail"/>
@@ -1539,7 +1542,7 @@
1539
1542
  <param pos="4" name="system.time"/>
1540
1543
  </fingerprint>
1541
1544
 
1542
- <fingerprint pattern="^([^ ]+) +ESMTP +Sendmail ([^ ]+) ready at *(\w\w\w, \d+ \w\w\w \d\d\d\d [\d:]+ [-+]\d\d\d\d)(?: \(.+\))$">
1545
+ <fingerprint pattern="^([^ ]{1,512}) +ESMTP +Sendmail ([^ ]+) ready at *(\w\w\w, \d+ \w\w\w \d\d\d\d [\d:]+ [-+]\d\d\d\d)(?: \(.+\))$">
1543
1546
  <description>Sendmail - with version and date (optional timezone), w/o config version</description>
1544
1547
  <example host.name="foo.bar" service.version="8.8.8" system.time="Tue, 6 Feb 2001 14:37:14 +0100">foo.bar ESMTP Sendmail 8.8.8 ready at Tue, 6 Feb 2001 14:37:14 +0100 (CET)</example>
1545
1548
  <param pos="0" name="service.vendor" value="Sendmail"/>
@@ -1552,9 +1555,9 @@
1552
1555
  <param pos="3" name="system.time"/>
1553
1556
  </fingerprint>
1554
1557
 
1555
- <fingerprint pattern="^([^ ]+) +ESMTP +Sendmail ([^ /]+) - \([^\)]+\)/[^ ]+;? *(\w\w\w, \d+ \w\w\w \d\d\d\d [\d:]+ [-+]\d\d\d\d)(?: \(.+\)) *$">
1558
+ <fingerprint pattern="^([^ ]{1,512}) +ESMTP +Sendmail ([^ /]+) - \([^\)]+\)/[^ ]+;? *(\w\w\w, \d+ \w\w\w \d\d\d\d [\d:]+ [-+]\d\d\d\d)(?: \(.+\)) *$">
1556
1559
  <description>Sendmail - revision variant 1</description>
1557
- <example>foo.foo.bar ESMTP Sendmail 8.11.1 - (Revision 1.010)/8.9.3; Sat, 22 Jan 2011 10:08:35 -0500 (EST)</example>
1560
+ <example host.name="foo.foo.bar" service.version="8.11.1" system.time="Sat, 22 Jan 2011 10:08:35 -0500">foo.foo.bar ESMTP Sendmail 8.11.1 - (Revision 1.010)/8.9.3; Sat, 22 Jan 2011 10:08:35 -0500 (EST)</example>
1558
1561
  <param pos="0" name="service.vendor" value="Sendmail"/>
1559
1562
  <param pos="0" name="service.family" value="Sendmail"/>
1560
1563
  <param pos="0" name="service.product" value="Sendmail"/>
@@ -1565,9 +1568,9 @@
1565
1568
  <param pos="3" name="system.time"/>
1566
1569
  </fingerprint>
1567
1570
 
1568
- <fingerprint pattern="^([^ ]+) +ESMTP +Sendmail +(?:[^ ]+) +version +([^ ]+) +- +(?:[^;]+); *(\w\w\w, \d+ \w\w\w \d\d\d\d [\d:]+ [-+]\d\d\d\d)(?: \(.+\)) *$">
1571
+ <fingerprint pattern="^([^ ]{1,512}) +ESMTP +Sendmail +(?:[^ ]+) +version +([^ ]+) +- +(?:[^;]+); *(\w\w\w, \d+ \w\w\w \d\d\d\d [\d:]+ [-+]\d\d\d\d)(?: \(.+\)) *$">
1569
1572
  <description>Sendmail - revision variant 2</description>
1570
- <example>foo.foo.bar ESMTP Sendmail @(#)Sendmail version 8.13.3 - Revision 2.007 - 8 December 2008/8.8.6; Wed, 21 Jul 2010 11:17:01 -0400 (EDT)</example>
1573
+ <example host.name="foo.foo.bar" service.version="8.13.3" system.time="Wed, 21 Jul 2010 11:17:01 -0400">foo.foo.bar ESMTP Sendmail @(#)Sendmail version 8.13.3 - Revision 2.007 - 8 December 2008/8.8.6; Wed, 21 Jul 2010 11:17:01 -0400 (EDT)</example>
1571
1574
  <param pos="0" name="service.vendor" value="Sendmail"/>
1572
1575
  <param pos="0" name="service.family" value="Sendmail"/>
1573
1576
  <param pos="0" name="service.product" value="Sendmail"/>
@@ -1578,13 +1581,13 @@
1578
1581
  <param pos="3" name="system.time"/>
1579
1582
  </fingerprint>
1580
1583
 
1581
- <fingerprint pattern="^(?i)([^ ]+) +(?:ESMTP +)?Sendmail *(?: Ready.? ?)?(?:;|at)? ?((?:\w\w\w, \d+ \w\w\w \d\d\d\d [\d:]+ [-+]\d\d\d\d)?)(?: \(.+\))?$">
1584
+ <fingerprint pattern="(?i)^([^ ]{1,512}) {1,8}(?:ESMTP +)?Sendmail *(?: Ready.? ?)?(?:;|at)? ?((?:\w\w\w, \d+ \w\w\w \d\d\d\d [\d:]+ [-+]\d\d\d\d)?)(?: \(.+\))?$">
1582
1585
  <description>Sendmail - with date, w/o version or platform, optional status string.</description>
1583
- <example host.name="foo.bar">foo.bar ESMTP Sendmail ; Thu, 30 Nov 2017 17:50:14 +0900</example>
1584
- <example host.name="foo.bar">foo.bar ESMTP Sendmail; Thu, 30 Nov 2017 17:50:14 +0900</example>
1586
+ <example host.name="foo.bar" system.time="Thu, 30 Nov 2017 17:50:14 +0900">foo.bar ESMTP Sendmail ; Thu, 30 Nov 2017 17:50:14 +0900</example>
1587
+ <example host.name="foo.bar" system.time="Thu, 30 Nov 2017 17:50:14 +0900">foo.bar ESMTP Sendmail; Thu, 30 Nov 2017 17:50:14 +0900</example>
1585
1588
  <example host.name="foo.bar" system.time="Wed, 20 May 2015 17:17:56 -0600">foo.bar ESMTP Sendmail Wed, 20 May 2015 17:17:56 -0600</example>
1586
1589
  <example host.name="foo.bar" system.time="Thu, 30 Nov 2017 10:24:14 +0100">foo.bar ESMTP Sendmail Ready; Thu, 30 Nov 2017 10:24:14 +0100</example>
1587
- <example host.name="foo.bar">foo.bar ESMTP Sendmail ready at Fri, 6 Apr 2018 04:57:01 +0900</example>
1590
+ <example host.name="foo.bar" system.time="Fri, 6 Apr 2018 04:57:01 +0900">foo.bar ESMTP Sendmail ready at Fri, 6 Apr 2018 04:57:01 +0900</example>
1588
1591
  <example host.name="foo.bar">foo.bar ESMTP Sendmail ready</example>
1589
1592
  <example host.name="foo.bar">foo.bar ESMTP Sendmail ready. </example>
1590
1593
  <example host.name="foo.bar">foo.bar ESMTP Sendmail</example>
@@ -1612,9 +1615,9 @@
1612
1615
  <param pos="3" name="system.time"/>
1613
1616
  </fingerprint>
1614
1617
 
1615
- <fingerprint pattern="^([^ ]+) +ESMTP +Sendmail ([^ /]+) \([^\)]+\) *(.+) \(.+\)$">
1618
+ <fingerprint pattern="^([^ ]{1,512}) +ESMTP +Sendmail ([^ /]+) \([^\)]+\) *(.+) \(.+\)$">
1616
1619
  <description>Sendmail - unknown (date in version string variant)</description>
1617
- <example>mail.foo.bar ESMTP Sendmail 8.11.1 (1.1.2.11/12Jul01-1016AM) Wed, 8 Jan 2003 11:21:22 +0100 (MET)</example>
1620
+ <example host.name="mail.foo.bar" service.version="8.11.1" system.time="Wed, 8 Jan 2003 11:21:22 +0100">mail.foo.bar ESMTP Sendmail 8.11.1 (1.1.2.11/12Jul01-1016AM) Wed, 8 Jan 2003 11:21:22 +0100 (MET)</example>
1618
1621
  <param pos="0" name="service.vendor" value="Sendmail"/>
1619
1622
  <param pos="0" name="service.family" value="Sendmail"/>
1620
1623
  <param pos="0" name="service.product" value="Sendmail"/>
@@ -1627,7 +1630,7 @@
1627
1630
 
1628
1631
  <!-- *Sendmail* fingerprints after this line had NO matches in 2017.11.30 Project Sonar data set-->
1629
1632
 
1630
- <fingerprint pattern="^([^ ]+) Sendmail ([^;]+); ([^;\.]+)$">
1633
+ <fingerprint pattern="^([^ ]{1,512}) Sendmail ([^;]+); ([^;\.]+)$">
1631
1634
  <description>Sendmail - unknown platform, variant 1</description>
1632
1635
  <param pos="0" name="service.vendor" value="Sendmail"/>
1633
1636
  <param pos="0" name="service.family" value="Sendmail"/>
@@ -1650,7 +1653,7 @@
1650
1653
  <param pos="3" name="host.name"/>
1651
1654
  </fingerprint>
1652
1655
 
1653
- <fingerprint pattern="^([^ ]+) -- Server ESMTP \(Sun Internet Mail Server sims\.(\d\.[\w.]+)\)$">
1656
+ <fingerprint pattern="^([^ ]{1,512}) -- Server ESMTP \(Sun Internet Mail Server sims\.(\d\.[\w.]+)\)$">
1654
1657
  <description>Sun Internet Mail Server</description>
1655
1658
  <example host.name="foo.bar" service.version="4.0.2000.10.12.16.25.p8">foo.bar -- Server ESMTP (Sun Internet Mail Server sims.4.0.2000.10.12.16.25.p8)</example>
1656
1659
  <param pos="0" name="service.vendor" value="Sun"/>
@@ -1664,12 +1667,12 @@
1664
1667
  <param pos="2" name="service.version"/>
1665
1668
  </fingerprint>
1666
1669
 
1667
- <fingerprint pattern="^(?:2.0.0 )?([^ ]+) ESMTP ecelerity (\d\.[\d.]+) r\(([^)]+)\) (\w\w\w, \d+ \w\w\w \d\d\d\d [\d:]+ [-+]\d\d\d\d) *$">
1670
+ <fingerprint pattern="^(?:2.0.0 )?([^ ]{1,512}) ESMTP ecelerity (\d\.[\d.]+) r\(([^)]+)\) (\w\w\w, \d+ \w\w\w \d\d\d\d [\d:]+ [-+]\d\d\d\d) *$">
1668
1671
  <description>Ecelerity</description>
1669
- <example host.name="foo.bar" system.time="Thu, 30 Nov 2017 05:11:00 -0500">2.0.0 foo.bar ESMTP ecelerity 4.0.0.43760 r(Platform:4.0.0.1) Thu, 30 Nov 2017 05:11:00 -0500</example>
1670
- <example>foo.bar ESMTP ecelerity 3.3.1.44388 r(44388) Thu, 30 Nov 2017 03:10:11 -0700</example>
1671
- <example>foo.bar ESMTP ecelerity 3.6.25.56547 r(Core:3.6.25.0) Thu, 30 Nov 2017 03:17:07 -0600</example>
1672
- <example service.version="4.2.37.61980" service.component.version=":">foo.bar ESMTP ecelerity 4.2.37.61980 r(:) Thu, 30 Nov 2017 09:58:54 +0000</example>
1672
+ <example host.name="foo.bar" system.time="Thu, 30 Nov 2017 05:11:00 -0500" service.version="4.0.0.43760" service.component.version="Platform:4.0.0.1">2.0.0 foo.bar ESMTP ecelerity 4.0.0.43760 r(Platform:4.0.0.1) Thu, 30 Nov 2017 05:11:00 -0500</example>
1673
+ <example host.name="foo.bar" service.version="3.3.1.44388" service.component.version="44388" system.time="Thu, 30 Nov 2017 03:10:11 -0700">foo.bar ESMTP ecelerity 3.3.1.44388 r(44388) Thu, 30 Nov 2017 03:10:11 -0700</example>
1674
+ <example host.name="foo.bar" service.version="3.6.25.56547" service.component.version="Core:3.6.25.0" system.time="Thu, 30 Nov 2017 03:17:07 -0600">foo.bar ESMTP ecelerity 3.6.25.56547 r(Core:3.6.25.0) Thu, 30 Nov 2017 03:17:07 -0600</example>
1675
+ <example service.version="4.2.37.61980" service.component.version=":" host.name="foo.bar" system.time="Thu, 30 Nov 2017 09:58:54 +0000">foo.bar ESMTP ecelerity 4.2.37.61980 r(:) Thu, 30 Nov 2017 09:58:54 +0000</example>
1673
1676
  <param pos="0" name="service.vendor" value="Ecelerity"/>
1674
1677
  <param pos="0" name="service.family" value="Ecelerity Mail Server"/>
1675
1678
  <param pos="0" name="service.product" value="Ecelerity Mail Server"/>
@@ -1680,11 +1683,11 @@
1680
1683
  <param pos="4" name="system.time"/>
1681
1684
  </fingerprint>
1682
1685
 
1683
- <fingerprint pattern="^(?i)([^ ]+) SMTP Server SLMail v?(\d\.[\d.]+) Ready ESMTP spoken here *$">
1686
+ <fingerprint pattern="(?i)^([^ ]{1,512}) SMTP Server SLMail v?(\d\.[\d.]+) Ready ESMTP spoken here *$">
1684
1687
  <description>Seattle Labs SLMail server for Windows NT/2k (v2.7 runs on Win9x)</description>
1685
- <example service.version="2.7">foo.bar Smtp Server SLMail v2.7 Ready ESMTP spoken here</example>
1686
- <example service.version="3.2.3113">foo.bar SMTP Server SLmail 3.2.3113 Ready ESMTP spoken here</example>
1687
- <example service.version="5.5.0.4433">foo.bar SMTP Server SLmail 5.5.0.4433 Ready ESMTP spoken here</example>
1688
+ <example service.version="2.7" host.name="foo.bar">foo.bar Smtp Server SLMail v2.7 Ready ESMTP spoken here</example>
1689
+ <example service.version="3.2.3113" host.name="foo.bar">foo.bar SMTP Server SLmail 3.2.3113 Ready ESMTP spoken here</example>
1690
+ <example service.version="5.5.0.4433" host.name="foo.bar">foo.bar SMTP Server SLmail 5.5.0.4433 Ready ESMTP spoken here</example>
1688
1691
  <param pos="0" name="service.vendor" value="Seattle Labs"/>
1689
1692
  <param pos="0" name="service.family" value="SLMail"/>
1690
1693
  <param pos="0" name="service.product" value="SLMail"/>
@@ -1692,7 +1695,7 @@
1692
1695
  <param pos="2" name="service.version"/>
1693
1696
  </fingerprint>
1694
1697
 
1695
- <fingerprint pattern="^([^ ]+) +ESMTP Symantec Mail Security$">
1698
+ <fingerprint pattern="^([^ ]{1,512}) +ESMTP Symantec Mail Security$">
1696
1699
  <description>Symantec Mail Security for SMTP</description>
1697
1700
  <example host.name="foo.bar">foo.bar ESMTP Symantec Mail Security</example>
1698
1701
  <param pos="0" name="service.vendor" value="Symantec"/>
@@ -1701,7 +1704,7 @@
1701
1704
  <param pos="1" name="host.name"/>
1702
1705
  </fingerprint>
1703
1706
 
1704
- <fingerprint pattern="^([^ ]+) ESMTP Symantec Messaging Gateway$">
1707
+ <fingerprint pattern="^([^ ]{1,512}) ESMTP Symantec Messaging Gateway$">
1705
1708
  <description>Symantec Mail Gateway</description>
1706
1709
  <example host.name="foo.bar">foo.bar ESMTP Symantec Messaging Gateway</example>
1707
1710
  <param pos="0" name="service.vendor" value="Symantec"/>
@@ -1712,7 +1715,7 @@
1712
1715
 
1713
1716
  <!-- SonicWall makes hardware, virtual appliances, and Windows software. The banner doesn't indicate which. -->
1714
1717
 
1715
- <fingerprint pattern="^(?i)([^ ]+) ESMTP SonicWALL \(([\d.]+)\)$">
1718
+ <fingerprint pattern="(?i)^([^ ]{1,512}) ESMTP SonicWALL \(([\d.]+)\)$">
1716
1719
  <description>SonicWall Email Security</description>
1717
1720
  <example host.name="foo.bar" service.version="9.0.5.2077">foo.bar ESMTP SonicWALL (9.0.5.2077)</example>
1718
1721
  <example host.name="foo.bar" service.version="9.1.1.3113">foo.bar ESMTP SonicWall (9.1.1.3113)</example>
@@ -1721,9 +1724,10 @@
1721
1724
  <param pos="0" name="service.product" value="Email Security"/>
1722
1725
  <param pos="1" name="host.name"/>
1723
1726
  <param pos="2" name="service.version"/>
1727
+ <param pos="0" name="service.cpe23" value="cpe:/a:sonicwall:email_security:{service.version}"/>
1724
1728
  </fingerprint>
1725
1729
 
1726
- <fingerprint pattern="^([^ ]+) \(PowerMTA\(TM\) v([\d.r]+)\) ESMTP service ready$">
1730
+ <fingerprint pattern="^([^ ]{1,512}) \(PowerMTA\(TM\) v([\d.r]+)\) ESMTP service ready$">
1727
1731
  <description>PowerMTA</description>
1728
1732
  <example host.name="foo.bar" service.version="3.2r24">foo.bar (PowerMTA(TM) v3.2r24) ESMTP service ready</example>
1729
1733
  <param pos="0" name="service.vendor" value="port25"/>
@@ -1733,7 +1737,7 @@
1733
1737
  <param pos="2" name="service.version"/>
1734
1738
  </fingerprint>
1735
1739
 
1736
- <fingerprint pattern="^([^ ]+) +VOPmail ESMTP Receiver Version (\d\.[\d.]+) Ready$">
1740
+ <fingerprint pattern="^([^ ]{1,512}) +VOPmail ESMTP Receiver Version (\d\.[\d.]+) Ready$">
1737
1741
  <description>VOPMail http://www.vircom.com/en/products/vopmail/vopmail.shtml</description>
1738
1742
  <example host.name="foo.bar" service.version="4.0.179.0">foo.bar VOPmail ESMTP Receiver Version 4.0.179.0 Ready</example>
1739
1743
  <param pos="0" name="service.vendor" value="Vircom"/>
@@ -1743,20 +1747,20 @@
1743
1747
  <param pos="2" name="service.version"/>
1744
1748
  </fingerprint>
1745
1749
 
1746
- <fingerprint pattern="^([^ ]+) VPOP3 E?SMTP Server (?:Ready|access not allowed!)$">
1750
+ <fingerprint pattern="^([^ ]{1,512}) VPOP3 E?SMTP Server (?:Ready|access not allowed!)$">
1747
1751
  <description>VPOP3 Email server: http://www.pscs.co.uk/products/vpop3/index.html</description>
1748
- <example>foo.bar VPOP3 ESMTP Server Ready</example>
1749
- <example>foo.bar VPOP3 SMTP Server Ready</example>
1750
- <example>foo.bar VPOP3 SMTP Server access not allowed!</example>
1752
+ <example host.name="foo.bar">foo.bar VPOP3 ESMTP Server Ready</example>
1753
+ <example host.name="foo.bar">foo.bar VPOP3 SMTP Server Ready</example>
1754
+ <example host.name="foo.bar">foo.bar VPOP3 SMTP Server access not allowed!</example>
1751
1755
  <param pos="0" name="service.vendor" value="Paul Smith Computer Services"/>
1752
1756
  <param pos="0" name="service.family" value="VPOP3"/>
1753
1757
  <param pos="0" name="service.product" value="VPOP3"/>
1754
1758
  <param pos="1" name="host.name"/>
1755
1759
  </fingerprint>
1756
1760
 
1757
- <fingerprint pattern="^([^ ]+) WebShield SMTP V([^ ]+\.[^ ]+) (:?[^ ]+)? ?Network Associates.*Ready at (.+) *$">
1761
+ <fingerprint pattern="^([^ ]{1,512}) WebShield SMTP V([^ ]+\.[^ ]+) ([^ ]+)? ?Network Associates.*Ready at (.+) *$">
1758
1762
  <description>McAfee WebShield</description>
1759
- <example host.name="foo.bar" service.version="4.5" service.version.version="MR1a">foo.bar WebShield SMTP V4.5 MR1a Network Associates, Inc. Ready at Thu Nov 30 09:15:32 2017</example>
1763
+ <example host.name="foo.bar" service.version="4.5" service.version.version="MR1a" system.time="Thu Nov 30 09:15:32 2017">foo.bar WebShield SMTP V4.5 MR1a Network Associates, Inc. Ready at Thu Nov 30 09:15:32 2017</example>
1760
1764
  <example host.name="foo.bar" service.version="4.5" system.time="Thu Nov 30 09:15:32 2017">foo.bar WebShield SMTP V4.5 Network Associates, Inc. Ready at Thu Nov 30 09:15:32 2017</example>
1761
1765
  <param pos="0" name="service.vendor" value="McAfee"/>
1762
1766
  <param pos="0" name="service.family" value="WebShield"/>
@@ -1769,7 +1773,7 @@
1769
1773
  <param pos="4" name="system.time"/>
1770
1774
  </fingerprint>
1771
1775
 
1772
- <fingerprint pattern="^([^ ]+) McAfee WebShield ASaP v([^ ]+\.[^ ]+\.[^ ]+): (.+) *$">
1776
+ <fingerprint pattern="^([^ ]{1,512}) McAfee WebShield ASaP v([^ ]+\.[^ ]+\.[^ ]+): (.+) *$">
1773
1777
  <description>McAfee Webshield ASaP (bundled hardware / software)</description>
1774
1778
  <example host.name="foo.bar" service.version="1.0.1" system.time="Sun, 29 Jul 2001 22:46:18 -0700">foo.bar McAfee WebShield ASaP v1.0.1: Sun, 29 Jul 2001 22:46:18 -0700</example>
1775
1779
  <param pos="0" name="service.vendor" value="McAfee"/>
@@ -1785,7 +1789,7 @@
1785
1789
  <param pos="3" name="system.time"/>
1786
1790
  </fingerprint>
1787
1791
 
1788
- <fingerprint pattern="^([^ ]+) McAfee VirusScreen ASaP v([^ ]+\.[^ ]+): (.+) *$">
1792
+ <fingerprint pattern="^([^ ]{1,512}) McAfee VirusScreen ASaP v([^ ]+\.[^ ]+): (.+) *$">
1789
1793
  <description>McAfee VirusScreen</description>
1790
1794
  <example host.name="foo.bar" service.version="1.1" system.time="Sun, 20 Jul 2003 09:20:52 -0700">foo.bar McAfee VirusScreen ASaP v1.1: Sun, 20 Jul 2003 09:20:52 -0700</example>
1791
1795
  <param pos="0" name="service.vendor" value="McAfee"/>
@@ -1801,7 +1805,7 @@
1801
1805
  <param pos="3" name="system.time"/>
1802
1806
  </fingerprint>
1803
1807
 
1804
- <fingerprint pattern="^([^ ]+) ESMTP Lyris ListManager service ready$">
1808
+ <fingerprint pattern="^([^ ]{1,512}) ESMTP Lyris ListManager service ready$">
1805
1809
  <description>Lyris ListManager</description>
1806
1810
  <example host.name="foo.bar">foo.bar ESMTP Lyris ListManager service ready</example>
1807
1811
  <param pos="0" name="service.vendor" value="Lyris"/>
@@ -1810,7 +1814,7 @@
1810
1814
  <param pos="1" name="host.name"/>
1811
1815
  </fingerprint>
1812
1816
 
1813
- <fingerprint pattern="^([^ ]+) ESMTP - WinRoute Pro ([^ ]+\.[^ ]+)$">
1817
+ <fingerprint pattern="^([^ ]{1,512}) ESMTP - WinRoute Pro ([^ ]+\.[^ ]+)$">
1814
1818
  <description>WinRoute Pro, runs on 9x/NT/2k http://www.tinysoftware.com/winpro.php</description>
1815
1819
  <example host.name="foo.bar" service.version="4.2.4">foo.bar ESMTP - WinRoute Pro 4.2.4</example>
1816
1820
  <param pos="0" name="service.family" value="WinRoute"/>
@@ -1821,7 +1825,7 @@
1821
1825
 
1822
1826
  <fingerprint pattern="^ESMTP - WinRoute Pro ([^ ]+\.[^ ]+) *(?: #\d)? ?.?((?:\w\w\w, \d+ \w\w\w \d\d\d\d [\d:]+ [-+]\d\d\d\d)?)$">
1823
1827
  <description>WinRoute Pro w/o hostname</description>
1824
- <example service.version="4.2.1">ESMTP - WinRoute Pro 4.2.1 Thu, 16 Nov 2017 11:48:15 +0300</example>
1828
+ <example service.version="4.2.1" system.time="Thu, 16 Nov 2017 11:48:15 +0300">ESMTP - WinRoute Pro 4.2.1 Thu, 16 Nov 2017 11:48:15 +0300</example>
1825
1829
  <param pos="0" name="service.family" value="WinRoute"/>
1826
1830
  <param pos="0" name="service.product" value="WinRoute"/>
1827
1831
  <param pos="0" name="system.time.format" value="EEE, dd MMM yyyy HH:mm:ss Z"/>
@@ -1829,9 +1833,9 @@
1829
1833
  <param pos="2" name="system.time"/>
1830
1834
  </fingerprint>
1831
1835
 
1832
- <fingerprint pattern="^([^ ]+) ZMailer Server (\d\.[\d.]+) #([^ ]+) ESMTP ready at (.+) *$">
1836
+ <fingerprint pattern="^([^ ]{1,512}) ZMailer Server (\d\.[\d.]+) #([^ ]+) ESMTP ready at (.+) *$">
1833
1837
  <description>ZMailer http://www.zmailer.org/technical.html</description>
1834
- <example service.version="2.99.57" service.version.version="1">foo.bar ZMailer Server 2.99.57 #1 ESMTP ready at Thu, 16 Nov 2017 12:00:12 +0300</example>
1838
+ <example service.version="2.99.57" service.version.version="1" host.name="foo.bar" system.time="Thu, 16 Nov 2017 12:00:12 +0300">foo.bar ZMailer Server 2.99.57 #1 ESMTP ready at Thu, 16 Nov 2017 12:00:12 +0300</example>
1835
1839
  <param pos="0" name="service.vendor" value="ZMailer"/>
1836
1840
  <param pos="0" name="service.family" value="ZMailer"/>
1837
1841
  <param pos="0" name="service.product" value="ZMailer"/>
@@ -1842,9 +1846,9 @@
1842
1846
  <param pos="4" name="system.time"/>
1843
1847
  </fingerprint>
1844
1848
 
1845
- <fingerprint pattern="^([^ ]+) ZMailer Server (\d\.[\d.]+) #([^ ]+) ESMTP\+IDENT ready at (.+) *$">
1849
+ <fingerprint pattern="^([^ ]{1,512}) ZMailer Server (\d\.[\d.]+) #([^ ]+) ESMTP\+IDENT ready at (.+) *$">
1846
1850
  <description>ZMailer server that supports IDENT</description>
1847
- <example service.version="2.99.55" service.version.version="16">foo.bar ZMailer Server 2.99.55 #16 ESMTP+IDENT ready at Thu, 16 Nov 2017 06:51:42 -0300</example>
1851
+ <example service.version="2.99.55" service.version.version="16" host.name="foo.bar" system.time="Thu, 16 Nov 2017 06:51:42 -0300">foo.bar ZMailer Server 2.99.55 #16 ESMTP+IDENT ready at Thu, 16 Nov 2017 06:51:42 -0300</example>
1848
1852
  <param pos="0" name="service.vendor" value="ZMailer"/>
1849
1853
  <param pos="0" name="service.family" value="ZMailer"/>
1850
1854
  <param pos="0" name="service.product" value="ZMailer"/>
@@ -1856,10 +1860,10 @@
1856
1860
  <param pos="4" name="system.time"/>
1857
1861
  </fingerprint>
1858
1862
 
1859
- <fingerprint pattern="^([^ ]+) Kerio Connect (\d\.[\d.]+) (?:patch (\d) )?ESMTP ready$">
1863
+ <fingerprint pattern="^([^ ]{1,512}) Kerio Connect (\d\.[\d.]+) (?:patch (\d) )?ESMTP ready$">
1860
1864
  <description>Kerio Connect ESMTP</description>
1861
1865
  <example host.name="foo.bar" service.version="8.0.2">foo.bar Kerio Connect 8.0.2 ESMTP ready</example>
1862
- <example service.version="9.2.5" service.version.version="3">foo.bar Kerio Connect 9.2.5 patch 3 ESMTP ready</example>
1866
+ <example service.version="9.2.5" service.version.version="3" host.name="foo.bar">foo.bar Kerio Connect 9.2.5 patch 3 ESMTP ready</example>
1863
1867
  <param pos="0" name="service.vendor" value="Kerio"/>
1864
1868
  <param pos="0" name="service.family" value="Connect"/>
1865
1869
  <param pos="0" name="service.product" value="ESMTP"/>
@@ -1868,7 +1872,7 @@
1868
1872
  <param pos="3" name="service.version.version"/>
1869
1873
  </fingerprint>
1870
1874
 
1871
- <fingerprint pattern="^([^ ]+) ESMTP CommuniGate Pro (\d\.[\w.]+)(?:. It is you again :-\()?$">
1875
+ <fingerprint pattern="^([^ ]{1,512}) ESMTP CommuniGate Pro (\d\.[\w.]+)(?:. It is you again :-\()?$">
1872
1876
  <description>Communigate Pro</description>
1873
1877
  <example host.name="foo.bar" service.version="5.3.1">foo.bar ESMTP CommuniGate Pro 5.3.1</example>
1874
1878
  <example host.name="foo.bar" service.version="6.2c3">foo.bar ESMTP CommuniGate Pro 6.2c3</example>
@@ -1881,7 +1885,7 @@
1881
1885
  <param pos="0" name="service.cpe23" value="cpe:/a:communigate:communigate_pro:{service.version}"/>
1882
1886
  </fingerprint>
1883
1887
 
1884
- <fingerprint pattern="^(\S+) NO UCE NO UBE NO RELAY PROBES ESMTP">
1888
+ <fingerprint pattern="^(\S{1,512}) NO UCE NO UBE NO RELAY PROBES ESMTP">
1885
1889
  <description>Twisted SMTP server</description>
1886
1890
  <example host.name="foo.bar">foo.bar NO UCE NO UBE NO RELAY PROBES ESMTP</example>
1887
1891
  <param pos="0" name="service.vendor" value="Twisted Matrix Labs"/>
@@ -1909,9 +1913,9 @@
1909
1913
  <param pos="1" name="service.version"/>
1910
1914
  </fingerprint>
1911
1915
 
1912
- <fingerprint pattern="^([^ ]+) Service ready by David.fx \((\d+)\) ESMTP Server \(Tobit.Software, Germany\)$">
1916
+ <fingerprint pattern="^([^ ]{1,512}) Service ready by David.fx \((\d+)\) ESMTP Server \(Tobit.Software, Germany\)$">
1913
1917
  <description>Tobit Software David</description>
1914
- <example service.version="0486">foo.bar Service ready by David.fx (0486) ESMTP Server (Tobit.Software, Germany)</example>
1918
+ <example service.version="0486" host.name="foo.bar">foo.bar Service ready by David.fx (0486) ESMTP Server (Tobit.Software, Germany)</example>
1915
1919
  <param pos="0" name="service.vendor" value="Tobit Software"/>
1916
1920
  <param pos="0" name="service.family" value="David"/>
1917
1921
  <param pos="0" name="service.product" value="ESMTP"/>
@@ -1919,14 +1923,14 @@
1919
1923
  <param pos="2" name="service.version"/>
1920
1924
  </fingerprint>
1921
1925
 
1922
- <fingerprint pattern="^(?i)(\S+) E?SMTP Perl">
1926
+ <fingerprint pattern="(?i)^(\S{1,512}) E?SMTP Perl">
1923
1927
  <description>Some simple PERL SMTP server</description>
1924
1928
  <example host.name="foo.bar">foo.bar ESMTP Perl</example>
1925
1929
  <param pos="0" name="service.product" value="Perl"/>
1926
1930
  <param pos="1" name="host.name"/>
1927
1931
  </fingerprint>
1928
1932
 
1929
- <fingerprint pattern="^(?i)(?:([^ ]+) )?E?SMTP(?: (?:Service )?Ready\.?)?$">
1933
+ <fingerprint pattern="(?i)^(?:([^ ]{1,512}) )?E?SMTP(?: (?:Service )?Ready\.?)?$">
1930
1934
  <description>Non-specific banner with optional hostname</description>
1931
1935
  <example host.name="foo.bar">foo.bar ESMTP</example>
1932
1936
  <example host.name="foo.bar">foo.bar ESMTP Ready</example>
@@ -1938,7 +1942,7 @@
1938
1942
  <param pos="1" name="host.name"/>
1939
1943
  </fingerprint>
1940
1944
 
1941
- <fingerprint pattern="^([^ ]+) ESMTP OpenSMTPD$">
1945
+ <fingerprint pattern="^([^ ]{1,512}) ESMTP OpenSMTPD$">
1942
1946
  <description>OpenSMPTD</description>
1943
1947
  <example host.name="foo.bar">foo.bar ESMTP OpenSMTPD</example>
1944
1948
  <param pos="0" name="service.vendor" value="OpenBSD"/>