recog 2.3.20 → 2.3.23
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/.github/dependabot.yml +8 -0
- data/.github/workflows/ci.yml +1 -1
- data/.github/workflows/verify.yml +89 -0
- data/.vscode/bin/monitor-recog-fingerprints.sh +54 -0
- data/.vscode/extensions.json +5 -0
- data/.vscode/settings.json +8 -0
- data/.vscode/tasks.json +77 -0
- data/CONTRIBUTING.md +8 -0
- data/README.md +17 -0
- data/bin/recog_standardize +28 -13
- data/bin/recog_verify +42 -8
- data/cpe-remap.yaml +62 -3
- data/features/data/schema_failure.xml +4 -0
- data/features/data/tests_with_failures.xml +6 -0
- data/features/support/hooks.rb +9 -0
- data/features/verify.feature +85 -21
- data/identifiers/fields.txt +6 -5
- data/identifiers/hw_device.txt +8 -0
- data/identifiers/hw_family.txt +8 -0
- data/identifiers/hw_product.txt +54 -0
- data/identifiers/os_device.txt +2 -0
- data/identifiers/os_family.txt +2 -0
- data/identifiers/os_product.txt +18 -2
- data/identifiers/service_product.txt +26 -0
- data/identifiers/vendor.txt +62 -1
- data/lib/recog/db.rb +2 -1
- data/lib/recog/fingerprint.rb +33 -6
- data/lib/recog/fingerprint_parse_error.rb +10 -0
- data/lib/recog/nizer.rb +1 -82
- data/lib/recog/verifier.rb +9 -9
- data/lib/recog/verify_reporter.rb +17 -6
- data/lib/recog/version.rb +1 -1
- data/requirements.txt +1 -1
- data/spec/data/external_example_fingerprint/hp_printer_ex_01.txt +1 -0
- data/spec/data/external_example_fingerprint/hp_printer_ex_02.txt +1 -0
- data/spec/data/external_example_fingerprint.xml +8 -0
- data/spec/data/external_example_illegal_path_fingerprint.xml +7 -0
- data/spec/lib/fingerprint_self_test_spec.rb +1 -0
- data/spec/lib/recog/db_spec.rb +84 -61
- data/spec/lib/recog/fingerprint_spec.rb +4 -4
- data/spec/lib/recog/verify_reporter_spec.rb +73 -4
- data/tools/dev/hooks/pre-commit +21 -0
- data/update_cpes.py +130 -37
- data/xml/apache_os.xml +98 -56
- data/xml/architecture.xml +15 -1
- data/xml/dhcp_vendor_class.xml +206 -0
- data/xml/dns_versionbind.xml +26 -13
- data/xml/favicons.xml +236 -47
- data/xml/fingerprints.xsd +9 -1
- data/xml/ftp_banners.xml +213 -197
- data/xml/h323_callresp.xml +101 -101
- data/xml/hp_pjl_id.xml +84 -84
- data/xml/html_title.xml +715 -45
- data/xml/http_cookies.xml +143 -80
- data/xml/http_servers.xml +510 -310
- data/xml/http_wwwauth.xml +177 -75
- data/xml/imap_banners.xml +10 -10
- data/xml/mdns_device-info_txt.xml +421 -26
- data/xml/mysql_banners.xml +3 -2
- data/xml/nntp_banners.xml +12 -9
- data/xml/ntp_banners.xml +97 -97
- data/xml/operating_system.xml +98 -83
- data/xml/pop_banners.xml +27 -27
- data/xml/rsh_resp.xml +3 -3
- data/xml/sip_banners.xml +46 -8
- data/xml/sip_user_agents.xml +180 -27
- data/xml/smb_native_lm.xml +5 -5
- data/xml/smb_native_os.xml +28 -25
- data/xml/smtp_banners.xml +258 -254
- data/xml/smtp_ehlo.xml +1 -1
- data/xml/smtp_help.xml +11 -11
- data/xml/smtp_noop.xml +2 -2
- data/xml/snmp_sysdescr.xml +1554 -1429
- data/xml/snmp_sysobjid.xml +27 -27
- data/xml/ssh_banners.xml +27 -20
- data/xml/telnet_banners.xml +256 -57
- data/xml/tls_jarm.xml +48 -6
- data/xml/x11_banners.xml +3 -3
- data/xml/x509_issuers.xml +69 -2
- data/xml/x509_subjects.xml +144 -33
- metadata +24 -4
- data/lib/recog/verifier_factory.rb +0 -13
data/xml/smtp_banners.xml
CHANGED
@@ -23,7 +23,7 @@
|
|
23
23
|
|
24
24
|
<fingerprint pattern="^X1 NT-ESMTP Server ([^ ]+) \(IMail (\d+\.[^ ]+) EVAL \d+-\d+\)$">
|
25
25
|
<description>IMail - EVAL version</description>
|
26
|
-
<example service.version="6.06">X1 NT-ESMTP Server foo.bar (IMail 6.06 EVAL 11347-1)</example>
|
26
|
+
<example service.version="6.06" host.name="foo.bar">X1 NT-ESMTP Server foo.bar (IMail 6.06 EVAL 11347-1)</example>
|
27
27
|
<param pos="0" name="service.vendor" value="Ipswitch"/>
|
28
28
|
<param pos="0" name="service.family" value="IMail Server"/>
|
29
29
|
<param pos="0" name="service.product" value="IMail Server"/>
|
@@ -35,7 +35,7 @@
|
|
35
35
|
|
36
36
|
<fingerprint pattern="^X1 NT-ESMTP Server ([^ ]+) \(IMail (\d+\.[^ ]+) \d+-\d+\)$">
|
37
37
|
<description>IMail - non-EVAL version</description>
|
38
|
-
<example service.version="6.06">X1 NT-ESMTP Server foo.bar (IMail 6.06 899085-1)</example>
|
38
|
+
<example service.version="6.06" host.name="foo.bar">X1 NT-ESMTP Server foo.bar (IMail 6.06 899085-1)</example>
|
39
39
|
<param pos="0" name="service.vendor" value="Ipswitch"/>
|
40
40
|
<param pos="0" name="service.family" value="IMail Server"/>
|
41
41
|
<param pos="0" name="service.product" value="IMail Server"/>
|
@@ -44,9 +44,9 @@
|
|
44
44
|
<param pos="1" name="host.name"/>
|
45
45
|
</fingerprint>
|
46
46
|
|
47
|
-
<fingerprint pattern="^([^ ]
|
47
|
+
<fingerprint pattern="^([^ ]{1,512}) \(IMail (\d+\.[^ ]+) \d+-\d+\) NT-ESMTP Server X1$">
|
48
48
|
<description>IMail - non-EVAL version, NT-ESMTP at end</description>
|
49
|
-
<example service.version="12.4.2.27">foo.bar (IMail 12.4.2.27 21349-1) NT-ESMTP Server X1</example>
|
49
|
+
<example host.name="foo.bar" service.version="12.4.2.27">foo.bar (IMail 12.4.2.27 21349-1) NT-ESMTP Server X1</example>
|
50
50
|
<param pos="0" name="service.vendor" value="Ipswitch"/>
|
51
51
|
<param pos="0" name="service.family" value="IMail Server"/>
|
52
52
|
<param pos="0" name="service.product" value="IMail Server"/>
|
@@ -55,7 +55,7 @@
|
|
55
55
|
<param pos="1" name="host.name"/>
|
56
56
|
</fingerprint>
|
57
57
|
|
58
|
-
<fingerprint pattern="^([^ ]
|
58
|
+
<fingerprint pattern="^([^ ]{1,512}) SMTP AnalogX Proxy ([^ ]+\.[^ ]+) \(Release\) ready *$">
|
59
59
|
<description>AnalogX proxy (http://www.analogx.com/contents/download/network/proxy.htm)</description>
|
60
60
|
<example host.name="192.168.1.1" service.version="4.15">192.168.1.1 SMTP AnalogX Proxy 4.15 (Release) ready</example>
|
61
61
|
<param pos="0" name="service.vendor" value="AnalogX"/>
|
@@ -80,7 +80,7 @@
|
|
80
80
|
<param pos="0" name="service.cpe23" value="cpe:/a:argosoft:mail_server:{service.version}"/>
|
81
81
|
</fingerprint>
|
82
82
|
|
83
|
-
<fingerprint pattern="
|
83
|
+
<fingerprint pattern="^(?:(\S{1,512}) {1,8})?ArGoSoft Mail Server Freeware, Version [^ ]+ \(([^ ]+\.[^ ]+\.[^ ]+\.[^ ]+)\) *$">
|
84
84
|
<description>ArGoSoft Mail Server - freeware version</description>
|
85
85
|
<example host.name="foo.bar" service.version="1.8.8.8">foo.bar ArGoSoft Mail Server Freeware, Version 1.8 (1.8.8.8)</example>
|
86
86
|
<example service.version="1.8.8.8">ArGoSoft Mail Server Freeware, Version 1.8 (1.8.8.8)</example>
|
@@ -96,7 +96,7 @@
|
|
96
96
|
<param pos="1" name="host.name"/>
|
97
97
|
</fingerprint>
|
98
98
|
|
99
|
-
<fingerprint pattern="^(?:(\S
|
99
|
+
<fingerprint pattern="^(?:(\S{1,512}) {1,8})?ArGoSoft Mail Server Pro for WinNT\/2000(?:\/XP)?, Version [^ ]+ \(([^ ]+\.[^ ]+\.[^ ]+\.[^ ]+)\) *$">
|
100
100
|
<description>ArGoSoft Mail Server - Pro version</description>
|
101
101
|
<example service.version="1.6.1.8">ArGoSoft Mail Server Pro for WinNT/2000, Version 1.61 (1.6.1.8)</example>
|
102
102
|
<example service.version="1.8.9.5">ArGoSoft Mail Server Pro for WinNT/2000/XP, Version 1.8 (1.8.9.5)</example>
|
@@ -113,10 +113,10 @@
|
|
113
113
|
<param pos="0" name="service.cpe23" value="cpe:/a:argosoft:mail_server:{service.version}"/>
|
114
114
|
</fingerprint>
|
115
115
|
|
116
|
-
<fingerprint pattern="^([^ ]
|
116
|
+
<fingerprint pattern="^([^ ]{1,512}) +AppleShare IP Mail Server ([^ ]+\.[\d.]+) SMTP Server Ready *$">
|
117
117
|
<description>AppleShare IP Mail Server</description>
|
118
|
-
<example service.version="6.2.1">foo.bar AppleShare IP Mail Server 6.2.1 SMTP Server Ready</example>
|
119
|
-
<example service.version="6.2">foo.bar AppleShare IP Mail Server 6.2 SMTP Server Ready</example>
|
118
|
+
<example service.version="6.2.1" host.name="foo.bar">foo.bar AppleShare IP Mail Server 6.2.1 SMTP Server Ready</example>
|
119
|
+
<example service.version="6.2" host.name="foo.bar">foo.bar AppleShare IP Mail Server 6.2 SMTP Server Ready</example>
|
120
120
|
<param pos="0" name="service.vendor" value="Apple"/>
|
121
121
|
<param pos="0" name="service.family" value="AppleShare IP Mail Server"/>
|
122
122
|
<param pos="0" name="service.product" value="AppleShare IP Mail Server"/>
|
@@ -162,7 +162,7 @@
|
|
162
162
|
Search Cisco's documentation for "fixup protocol SMTP" for more information.
|
163
163
|
-->
|
164
164
|
|
165
|
-
<fingerprint pattern="^[\*20 ]
|
165
|
+
<fingerprint pattern="^[\*20 ]{1,1000}$">
|
166
166
|
<description>Cisco PIX firewall MailGuard banner stripping</description>
|
167
167
|
<example os.product="PIX">***************************</example>
|
168
168
|
<param pos="0" name="os.vendor" value="Cisco"/>
|
@@ -171,7 +171,7 @@
|
|
171
171
|
<param pos="0" name="os.cpe23" value="cpe:/o:cisco:pix_firewall_software:-"/>
|
172
172
|
</fingerprint>
|
173
173
|
|
174
|
-
<fingerprint pattern="^([^ ]
|
174
|
+
<fingerprint pattern="^([^ ]{1,512}) +ESMTP CPMTA-([^ ]+)_([^ ]+)_([^ ]+)_([^ ]+) - NO UCE *$">
|
175
175
|
<description>Critical Path (aka InScribe) Messaging Server on Windows NT4/2k, Solaris 2.6/2.7/2.8 Sparc/Intel, SGI IRIX 6.5.3 or later, or AIX </description>
|
176
176
|
<param pos="0" name="service.vendor" value="Critical Path"/>
|
177
177
|
<param pos="0" name="service.family" value="Messaging Server"/>
|
@@ -192,7 +192,7 @@
|
|
192
192
|
<param pos="0" name="service.product" value="Internet Mail Scanner"/>
|
193
193
|
</fingerprint>
|
194
194
|
|
195
|
-
<fingerprint pattern="^([^ ]
|
195
|
+
<fingerprint pattern="^([^ ]{1,512}) +IMS SMTP Receiver Version ([^ ]+\.[^ ]+) Ready *$">
|
196
196
|
<description>EMWAC Internet Mail Services (http://emwac.ed.ac.uk/html/internet_toolchest/ims/ims.htm)</description>
|
197
197
|
<example service.version="0.83" host.name="foo.bar">foo.bar IMS SMTP Receiver Version 0.83 Ready</example>
|
198
198
|
<param pos="0" name="service.vendor" value="EMWAC"/>
|
@@ -202,7 +202,7 @@
|
|
202
202
|
<param pos="2" name="service.version"/>
|
203
203
|
</fingerprint>
|
204
204
|
|
205
|
-
<fingerprint pattern="^([^ ]
|
205
|
+
<fingerprint pattern="^([^ ]{1,512}) running Eudora Internet Mail Server (\d\.[\d.]+) *$">
|
206
206
|
<description>Eudora Internet Mail Server</description>
|
207
207
|
<example service.version="3.0.2" host.name="foo.bar">foo.bar running Eudora Internet Mail Server 3.0.2</example>
|
208
208
|
<example service.version="2.2" host.name="foo.bar">foo.bar running Eudora Internet Mail Server 2.2</example>
|
@@ -212,12 +212,12 @@
|
|
212
212
|
<param pos="0" name="os.vendor" value="Apple"/>
|
213
213
|
<param pos="0" name="os.family" value="Mac OS"/>
|
214
214
|
<param pos="0" name="os.product" value="Mac OS"/>
|
215
|
-
<param pos="0" name="os.cpe23" value="cpe:/o:apple:
|
215
|
+
<param pos="0" name="os.cpe23" value="cpe:/o:apple:macos:-"/>
|
216
216
|
<param pos="1" name="host.name"/>
|
217
217
|
<param pos="2" name="service.version"/>
|
218
218
|
</fingerprint>
|
219
219
|
|
220
|
-
<fingerprint pattern="^([^ ]
|
220
|
+
<fingerprint pattern="^([^ ]{1,512}) +ESMTP Server \(Microsoft Exchange Internet Mail Service (\d+\.\d+\.\d+\.\d+)\) ready *$">
|
221
221
|
<description>Microsoft Exchange Server 5.5 and above (for sure, can't be confused with the IIS builtin SMTP service)</description>
|
222
222
|
<example host.name="foo.bar" service.version="5.5.2653.13">foo.bar ESMTP Server (Microsoft Exchange Internet Mail Service 5.5.2653.13) ready</example>
|
223
223
|
<param pos="0" name="service.vendor" value="Microsoft"/>
|
@@ -232,7 +232,7 @@
|
|
232
232
|
<param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows:-"/>
|
233
233
|
</fingerprint>
|
234
234
|
|
235
|
-
<fingerprint pattern="^([^ ]
|
235
|
+
<fingerprint pattern="^([^ ]{1,512}) Microsoft Exchange Internet Mail Service (\d+\.\d+\.\d+\.\d+) ready *$">
|
236
236
|
<description>Microsoft Exchange Server 5.0 (for sure, can't be confused with the IIS builtin SMTP service)</description>
|
237
237
|
<example host.name="foo.bar" service.version="5.0.1460.8">foo.bar Microsoft Exchange Internet Mail Service 5.0.1460.8 ready</example>
|
238
238
|
<param pos="0" name="service.vendor" value="Microsoft"/>
|
@@ -247,9 +247,9 @@
|
|
247
247
|
<param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows:-"/>
|
248
248
|
</fingerprint>
|
249
249
|
|
250
|
-
<fingerprint pattern="^([^ ]
|
250
|
+
<fingerprint pattern="^([^ ]{1,512}) Microsoft ESMTP MAIL Service ready at">
|
251
251
|
<description>Microsoft Exchange 2007/2010 (for sure, can't be confused with the IIS builtin SMTP service)</description>
|
252
|
-
<example>foo.bar Microsoft ESMTP MAIL Service ready at Wed, 21 Jul 2010 19:04:24 -0700</example>
|
252
|
+
<example host.name="foo.bar">foo.bar Microsoft ESMTP MAIL Service ready at Wed, 21 Jul 2010 19:04:24 -0700</example>
|
253
253
|
<param pos="0" name="service.vendor" value="Microsoft"/>
|
254
254
|
<param pos="0" name="service.family" value="Exchange Server"/>
|
255
255
|
<param pos="0" name="service.product" value="Exchange Server"/>
|
@@ -261,9 +261,10 @@
|
|
261
261
|
<param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows:-"/>
|
262
262
|
</fingerprint>
|
263
263
|
|
264
|
-
<fingerprint pattern="^(
|
264
|
+
<fingerprint pattern="^([^ ]{1,512})? ?Microsoft ESMTP MAIL Service, Version: +(10\.0\.14393\.[\d.]+) +ready +(?:at +)?(.+)$">
|
265
265
|
<description>Microsoft IIS builtin SMTP service - Windows Server 2016</description>
|
266
|
-
<example host.name="foo.bar" service.version="10.0.14393.2608">foo.bar Microsoft ESMTP MAIL Service, Version: 10.0.14393.2608 ready at Sun, 19 May 2019 09:04:29 -0500</example>
|
266
|
+
<example host.name="foo.bar" service.version="10.0.14393.2608" system.time="Sun, 19 May 2019 09:04:29 -0500">foo.bar Microsoft ESMTP MAIL Service, Version: 10.0.14393.2608 ready at Sun, 19 May 2019 09:04:29 -0500</example>
|
267
|
+
<example service.version="10.0.14393.2608" system.time="Sun, 19 May 2019 09:04:29 -0500"> Microsoft ESMTP MAIL Service, Version: 10.0.14393.2608 ready at Sun, 19 May 2019 09:04:29 -0500</example>
|
267
268
|
<param pos="0" name="service.vendor" value="Microsoft"/>
|
268
269
|
<param pos="0" name="service.family" value="IIS"/>
|
269
270
|
<param pos="0" name="service.product" value="IIS"/>
|
@@ -278,9 +279,9 @@
|
|
278
279
|
<param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows_server_2016:-"/>
|
279
280
|
</fingerprint>
|
280
281
|
|
281
|
-
<fingerprint pattern="^(
|
282
|
+
<fingerprint pattern="^([^ ]{1,512})? ?Microsoft ESMTP MAIL Service, Version: +(10\.0\.17763\.[\d.]+) +ready +(?:at +)?(.+)$">
|
282
283
|
<description>Microsoft IIS builtin SMTP service - Windows Server 2019</description>
|
283
|
-
<example host.name="foo.bar" service.version="10.0.17763.1">foo.bar Microsoft ESMTP MAIL Service, Version: 10.0.17763.1 ready at Sun, 19 May 2019 09:04:29 -0500</example>
|
284
|
+
<example host.name="foo.bar" service.version="10.0.17763.1" system.time="Sun, 19 May 2019 09:04:29 -0500">foo.bar Microsoft ESMTP MAIL Service, Version: 10.0.17763.1 ready at Sun, 19 May 2019 09:04:29 -0500</example>
|
284
285
|
<param pos="0" name="service.vendor" value="Microsoft"/>
|
285
286
|
<param pos="0" name="service.family" value="IIS"/>
|
286
287
|
<param pos="0" name="service.product" value="IIS"/>
|
@@ -295,9 +296,9 @@
|
|
295
296
|
<param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows_server_2019:-"/>
|
296
297
|
</fingerprint>
|
297
298
|
|
298
|
-
<fingerprint pattern="^([^ ]
|
299
|
+
<fingerprint pattern="^([^ ]{1,512}) Microsoft SMTP MAIL ready at (.+) Version: +(\d+\.\d+\.\d+\.\d+\.\d+) *$">
|
299
300
|
<description>Microsoft IIS builtin SMTP service, or Microsoft Exchange Server (they are differentiated from each other in smtp-iis.clp) - variant 1</description>
|
300
|
-
<example host.name="foo.bar" service.version="5.5.1877.197.19">foo.bar Microsoft SMTP MAIL ready at Wed, 29 Nov 2017 23:48:59 +0000 Version: 5.5.1877.197.19</example>
|
301
|
+
<example host.name="foo.bar" service.version="5.5.1877.197.19" system.time="Wed, 29 Nov 2017 23:48:59 +0000">foo.bar Microsoft SMTP MAIL ready at Wed, 29 Nov 2017 23:48:59 +0000 Version: 5.5.1877.197.19</example>
|
301
302
|
<param pos="0" name="service.vendor" value="Microsoft"/>
|
302
303
|
<param pos="0" name="service.family" value="IIS"/>
|
303
304
|
<param pos="0" name="service.product" value="IIS"/>
|
@@ -312,10 +313,10 @@
|
|
312
313
|
<param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows:-"/>
|
313
314
|
</fingerprint>
|
314
315
|
|
315
|
-
<fingerprint pattern="^(
|
316
|
+
<fingerprint pattern="^([^ ]{1,512})? ?Microsoft ESMTP MAIL Service, Version: +(\d+\.\d+\.\d+\.\d+)(?: +ready)?(?: +(?:at +)?(\w\w\w, \d.+))?$">
|
316
317
|
<description>Microsoft IIS builtin SMTP service, or Microsoft Exchange Server (they are differentiated from each other in smtp-iis.clp) - variant 2 </description>
|
317
|
-
<example service.version="5.0.2195.5329"> Microsoft ESMTP MAIL Service, Version: 5.0.2195.5329 ready Thu, 30 Nov 2017 11:40:25 +0200</example>
|
318
|
-
<example service.version="6.0.3790.4675" host.name="foo.bar">foo.bar Microsoft ESMTP MAIL Service, Version: 6.0.3790.4675 ready at Wed, 21 Jul 2010 19:04:24 -0700</example>
|
318
|
+
<example service.version="5.0.2195.5329" system.time="Thu, 30 Nov 2017 11:40:25 +0200"> Microsoft ESMTP MAIL Service, Version: 5.0.2195.5329 ready Thu, 30 Nov 2017 11:40:25 +0200</example>
|
319
|
+
<example service.version="6.0.3790.4675" host.name="foo.bar" system.time="Wed, 21 Jul 2010 19:04:24 -0700">foo.bar Microsoft ESMTP MAIL Service, Version: 6.0.3790.4675 ready at Wed, 21 Jul 2010 19:04:24 -0700</example>
|
319
320
|
<example service.version="6.0.2600.5512" system.time="Thu, 30 Nov 2017 18:22:40 +0900">Microsoft ESMTP MAIL Service, Version: 6.0.2600.5512 ready at Thu, 30 Nov 2017 18:22:40 +0900</example>
|
320
321
|
<example service.version="6.0.3790.3959" host.name="foo.bar">foo.bar Microsoft ESMTP MAIL Service, Version: 6.0.3790.3959 ready</example>
|
321
322
|
<example service.version="6.0.3790.1830" host.name="foo.bar">foo.bar Microsoft ESMTP MAIL Service, Version: 6.0.3790.1830</example>
|
@@ -344,19 +345,19 @@
|
|
344
345
|
<param pos="1" name="system.time"/>
|
345
346
|
</fingerprint>
|
346
347
|
|
347
|
-
<fingerprint pattern="^ ?([^, ]
|
348
|
+
<fingerprint pattern="^ ?([^, ]{1,512}),? +ESMTP \(?(?i:Exim) +(\d+\.[\d_.bdRC-]+)\)?(?: +#\d+)? ?.?((?:\w\w\w, \d+ \w\w\w \d\d\d\d [\d:]+ [-+]\d{3,4})?) *(?:We do not authorize the use of this system to transport unsolicited, and\/or bulk e-mail.)?$">
|
348
349
|
<description>Exim - with version string and optional timestamp</description>
|
349
|
-
<example service.version="4.91" host.name="foo.bar">foo.bar ESMTP Exim 4.91 Thu, 29 Apr 2021 05:41:36 +400</example>
|
350
|
+
<example service.version="4.91" host.name="foo.bar" system.time="Thu, 29 Apr 2021 05:41:36 +400">foo.bar ESMTP Exim 4.91 Thu, 29 Apr 2021 05:41:36 +400</example>
|
350
351
|
<example service.version="4.89" host.name="foo.bar">foo.bar ESMTP Exim 4.89 "</example>
|
351
352
|
<example service.version="4.83" host.name="foo.bar">foo.bar, ESMTP EXIM 4.83</example>
|
352
353
|
<example service.version="4.84_2" host.name="foo.bar">foo.bar ESMTP Exim 4.84_2 </example>
|
353
|
-
<example service.version="4.90_RC3" host.name="foo.bar">foo.bar ESMTP Exim 4.90_RC3 Thu, 30 Nov 2017 03:52:16 -0700 </example>
|
354
|
-
<example service.version="4.89_1b" host.name="foo.bar">foo.bar ESMTP Exim 4.89_1b Thu, 05 Apr 2018 21:30:37 +0200</example>
|
355
|
-
<example service.version="4.89-122312">foo.bar ESMTP Exim 4.89-122312 Thu, 16 Nov 2017 10:33:38 +0200 </example>
|
356
|
-
<example service.version="4.87">foo.bar ESMTP (Exim 4.87) Thu, 30 Nov 2017 03:25:58 -0800 </example>
|
357
|
-
<example service.version="4.80" system.time="Thu, 16 Nov 2017 01:04:30 -0800">foo.bar ESMTP Exim 4.80 Thu, 16 Nov 2017 01:04:30 -0800 </example>
|
358
|
-
<example service.version="4.92.2" system.time="Thu, 29 Apr 2021 07:43:39 +0200">foo.bar ESMTP Exim 4.92.2 #89 Thu, 29 Apr 2021 07:43:39 +0200 </example>
|
359
|
-
<example service.version="4.89" host.name="foo.bar"> foo.bar ESMTP Exim 4.89 #1 Thu, 16 Nov 2017 04:55:31 -0500 We do not authorize the use of this system to transport unsolicited, and/or bulk e-mail.</example>
|
354
|
+
<example service.version="4.90_RC3" host.name="foo.bar" system.time="Thu, 30 Nov 2017 03:52:16 -0700">foo.bar ESMTP Exim 4.90_RC3 Thu, 30 Nov 2017 03:52:16 -0700 </example>
|
355
|
+
<example service.version="4.89_1b" host.name="foo.bar" system.time="Thu, 05 Apr 2018 21:30:37 +0200">foo.bar ESMTP Exim 4.89_1b Thu, 05 Apr 2018 21:30:37 +0200</example>
|
356
|
+
<example service.version="4.89-122312" host.name="foo.bar" system.time="Thu, 16 Nov 2017 10:33:38 +0200">foo.bar ESMTP Exim 4.89-122312 Thu, 16 Nov 2017 10:33:38 +0200 </example>
|
357
|
+
<example service.version="4.87" host.name="foo.bar" system.time="Thu, 30 Nov 2017 03:25:58 -0800">foo.bar ESMTP (Exim 4.87) Thu, 30 Nov 2017 03:25:58 -0800 </example>
|
358
|
+
<example service.version="4.80" system.time="Thu, 16 Nov 2017 01:04:30 -0800" host.name="foo.bar">foo.bar ESMTP Exim 4.80 Thu, 16 Nov 2017 01:04:30 -0800 </example>
|
359
|
+
<example service.version="4.92.2" system.time="Thu, 29 Apr 2021 07:43:39 +0200" host.name="foo.bar">foo.bar ESMTP Exim 4.92.2 #89 Thu, 29 Apr 2021 07:43:39 +0200 </example>
|
360
|
+
<example service.version="4.89" host.name="foo.bar" system.time="Thu, 16 Nov 2017 04:55:31 -0500"> foo.bar ESMTP Exim 4.89 #1 Thu, 16 Nov 2017 04:55:31 -0500 We do not authorize the use of this system to transport unsolicited, and/or bulk e-mail.</example>
|
360
361
|
<param pos="0" name="service.vendor" value="exim"/>
|
361
362
|
<param pos="0" name="service.family" value="exim"/>
|
362
363
|
<param pos="0" name="service.product" value="exim"/>
|
@@ -367,9 +368,9 @@
|
|
367
368
|
<param pos="3" name="system.time"/>
|
368
369
|
</fingerprint>
|
369
370
|
|
370
|
-
<fingerprint pattern="^([^, ]
|
371
|
+
<fingerprint pattern="^([^, ]{1,512}),? ESMTP (?i:Exim) +(\d+) ((?:\w\w\w, \d+ \w\w\w \d\d\d\d [\d:]+ [-+]\d\d\d\d)?) *$">
|
371
372
|
<description>Exim - with digit only version string and optional timestamp</description>
|
372
|
-
<example service.version="125302" host.name="foo.bar">foo.bar ESMTP Exim 125302 Thu, 16 Nov 2017 04:55:11 -0500 </example>
|
373
|
+
<example service.version="125302" host.name="foo.bar" system.time="Thu, 16 Nov 2017 04:55:11 -0500">foo.bar ESMTP Exim 125302 Thu, 16 Nov 2017 04:55:11 -0500 </example>
|
373
374
|
<param pos="0" name="service.vendor" value="exim"/>
|
374
375
|
<param pos="0" name="service.family" value="exim"/>
|
375
376
|
<param pos="0" name="service.product" value="exim"/>
|
@@ -380,9 +381,9 @@
|
|
380
381
|
<param pos="3" name="system.time"/>
|
381
382
|
</fingerprint>
|
382
383
|
|
383
|
-
<fingerprint pattern="^([^, ]
|
384
|
+
<fingerprint pattern="^([^, ]{1,512}),? ESMTP (?i:Exim) +(\d+\.[\d_.]+)(?: +#\d)? Ubuntu ((?:\w\w\w, \d+ \w\w\w \d\d\d\d [\d:]+ [-+]\d\d\d\d)?) *$">
|
384
385
|
<description>Exim - with version string and optional timestamp (Ubuntu)</description>
|
385
|
-
<example service.version="4.82" system.time="Thu, 16 Nov 2017 11:30:44 +0300">foo.bar ESMTP Exim 4.82 Ubuntu Thu, 16 Nov 2017 11:30:44 +0300 </example>
|
386
|
+
<example service.version="4.82" system.time="Thu, 16 Nov 2017 11:30:44 +0300" host.name="foo.bar">foo.bar ESMTP Exim 4.82 Ubuntu Thu, 16 Nov 2017 11:30:44 +0300 </example>
|
386
387
|
<param pos="0" name="os.vendor" value="Ubuntu"/>
|
387
388
|
<param pos="0" name="os.family" value="Linux"/>
|
388
389
|
<param pos="0" name="os.product" value="Linux"/>
|
@@ -397,7 +398,7 @@
|
|
397
398
|
<param pos="3" name="system.time"/>
|
398
399
|
</fingerprint>
|
399
400
|
|
400
|
-
<fingerprint pattern="^([^, ]
|
401
|
+
<fingerprint pattern="^([^, ]{1,512}),? ESMTP (?i:Exim)(?: +#\d)? *((?:\w\w\w, \d+ \w\w\w \d\d\d\d [\d:]+ [-+]\d\d\d\d)?) *$">
|
401
402
|
<description>Exim - without version string and with optional timestamp</description>
|
402
403
|
<example host.name="foo.bar">foo.bar ESMTP Exim</example>
|
403
404
|
<example host.name="foo.bar" system.time="Thu, 16 Nov 2017 01:11:30 -0800">foo.bar ESMTP Exim Thu, 16 Nov 2017 01:11:30 -0800 </example>
|
@@ -414,8 +415,8 @@
|
|
414
415
|
<fingerprint pattern="^ ?ESMTP (?i:Exim) (\d+\.[\d_.]+)(?: +#\d)? ?.?((?:\w\w\w, \d+ \w\w\w \d\d\d\d [\d:]+ [-+]\d\d\d\d)?) *$">
|
415
416
|
<description>Exim - without hostname</description>
|
416
417
|
<example service.version="4.82" system.time="Thu, 16 Nov 2017 12:19:22 +0300">ESMTP Exim 4.82 Thu, 16 Nov 2017 12:19:22 +0300 </example>
|
417
|
-
<example service.version="4.82"> ESMTP Exim 4.82 Thu, 16 Nov 2017 11:41:41 +0300 </example>
|
418
|
-
<example service.version="4.89"> ESMTP Exim 4.89 #1 Thu, 16 Nov 2017 07:32:28 -0200 </example>
|
418
|
+
<example service.version="4.82" system.time="Thu, 16 Nov 2017 11:41:41 +0300"> ESMTP Exim 4.82 Thu, 16 Nov 2017 11:41:41 +0300 </example>
|
419
|
+
<example service.version="4.89" system.time="Thu, 16 Nov 2017 07:32:28 -0200"> ESMTP Exim 4.89 #1 Thu, 16 Nov 2017 07:32:28 -0200 </example>
|
419
420
|
<param pos="0" name="service.vendor" value="exim"/>
|
420
421
|
<param pos="0" name="service.family" value="exim"/>
|
421
422
|
<param pos="0" name="service.product" value="exim"/>
|
@@ -425,7 +426,7 @@
|
|
425
426
|
<param pos="2" name="system.time"/>
|
426
427
|
</fingerprint>
|
427
428
|
|
428
|
-
<fingerprint pattern="^ ?([^, ]
|
429
|
+
<fingerprint pattern="^ ?([^, ]{1,512}) Exim ESMTP Service ready$">
|
429
430
|
<description>Exim - with hostname </description>
|
430
431
|
<example host.name="foo.bar">foo.bar Exim ESMTP Service ready</example>
|
431
432
|
<param pos="0" name="service.vendor" value="exim"/>
|
@@ -435,7 +436,7 @@
|
|
435
436
|
<param pos="1" name="host.name"/>
|
436
437
|
</fingerprint>
|
437
438
|
|
438
|
-
<fingerprint pattern="^([\w.-]
|
439
|
+
<fingerprint pattern="^([\w.-]{1,512}) ESMTP \([a-z0-9]{32}\)$">
|
439
440
|
<description>Barracuda Email Security Gateway - physical or virtual appliance</description>
|
440
441
|
<example host.name="barracuda.foo.bar">barracuda.foo.bar ESMTP (0a8d40ef45300cc1bd0f16ced5c9e6f1)</example>
|
441
442
|
<param pos="0" name="service.vendor" value="Barracuda"/>
|
@@ -445,7 +446,7 @@
|
|
445
446
|
<param pos="1" name="host.name"/>
|
446
447
|
</fingerprint>
|
447
448
|
|
448
|
-
<fingerprint pattern="^([^ ]
|
449
|
+
<fingerprint pattern="^([^ ]{1,512}) FTGate server ready">
|
449
450
|
<description>FTGate mail server, runs on Windows 9x/NT/2k (http://www.ftgate.com)</description>
|
450
451
|
<example host.name="foo.bar">foo.bar FTGate server ready -attitude [C.o.r.E]</example>
|
451
452
|
<param pos="0" name="service.vendor" value="Floosietek"/>
|
@@ -454,7 +455,7 @@
|
|
454
455
|
<param pos="1" name="host.name"/>
|
455
456
|
</fingerprint>
|
456
457
|
|
457
|
-
<fingerprint pattern="^([^ ]
|
458
|
+
<fingerprint pattern="^([^ ]{1,512}) +SMTP/smap Ready\.$">
|
458
459
|
<description>TIS FWTK and derivatives (other firewalls, like Gauntlet, are derived from TIS)</description>
|
459
460
|
<example host.name="foo.bar">foo.bar SMTP/smap Ready.</example>
|
460
461
|
<param pos="0" name="service.vendor" value="TIS"/>
|
@@ -463,9 +464,9 @@
|
|
463
464
|
<param pos="1" name="host.name"/>
|
464
465
|
</fingerprint>
|
465
466
|
|
466
|
-
<fingerprint pattern="^([^ ]
|
467
|
+
<fingerprint pattern="^([^ ]{1,512}) GroupWise Internet Agent ([^ ]+\.[^ ]+\.[^ ]+) Ready \(C\).* Novell, Inc\. *$">
|
467
468
|
<description>Novell GroupWise Internet Agent - versions 5 and higher</description>
|
468
|
-
<example service.version="5.5.1">foo.bar GroupWise Internet Agent 5.5.1 Ready (C)1993, 1998 Novell, Inc.</example>
|
469
|
+
<example service.version="5.5.1" host.name="foo.bar">foo.bar GroupWise Internet Agent 5.5.1 Ready (C)1993, 1998 Novell, Inc.</example>
|
469
470
|
<param pos="0" name="service.vendor" value="Novell"/>
|
470
471
|
<param pos="0" name="service.family" value="GroupWise"/>
|
471
472
|
<param pos="0" name="service.product" value="GroupWise"/>
|
@@ -474,10 +475,10 @@
|
|
474
475
|
<param pos="0" name="service.cpe23" value="cpe:/a:novell:groupwise:{service.version}"/>
|
475
476
|
</fingerprint>
|
476
477
|
|
477
|
-
<fingerprint pattern="^([^ ]
|
478
|
+
<fingerprint pattern="^([^ ]{1,512}) GroupWise Internet Agent (\d+\.[\d.]+) Copyright .*\d{4}-\d{4} Novell, Inc..* All rights reserved. Ready *$">
|
478
479
|
<description>Novell GroupWise Internet Agent - versions 5 and higher, second variant</description>
|
479
|
-
<example service.version="8.0.3">foo.bar GroupWise Internet Agent 8.0.3 Copyright (c) 1993-2012 Novell, Inc. All rights reserved. Ready</example>
|
480
|
-
<example service.version="14.2.1">foo.bar GroupWise Internet Agent 14.2.1 Copyright 1993-2016 Novell, Inc., a Micro Focus Company. All rights reserved. Ready</example>
|
480
|
+
<example service.version="8.0.3" host.name="foo.bar">foo.bar GroupWise Internet Agent 8.0.3 Copyright (c) 1993-2012 Novell, Inc. All rights reserved. Ready</example>
|
481
|
+
<example service.version="14.2.1" host.name="foo.bar">foo.bar GroupWise Internet Agent 14.2.1 Copyright 1993-2016 Novell, Inc., a Micro Focus Company. All rights reserved. Ready</example>
|
481
482
|
<param pos="0" name="service.vendor" value="Novell"/>
|
482
483
|
<param pos="0" name="service.family" value="GroupWise"/>
|
483
484
|
<param pos="0" name="service.product" value="GroupWise"/>
|
@@ -486,7 +487,7 @@
|
|
486
487
|
<param pos="0" name="service.cpe23" value="cpe:/a:novell:groupwise:{service.version}"/>
|
487
488
|
</fingerprint>
|
488
489
|
|
489
|
-
<fingerprint pattern="^([^ ]
|
490
|
+
<fingerprint pattern="^([^ ]{1,512}) GroupWise SMTP/MIME Daemon ([^ ]+\.[^ ]+) v([^ ]+) Ready \(C\).* Novell, Inc\. *$">
|
490
491
|
<description>Novell GroupWise - versions below 5</description>
|
491
492
|
<example host.name="foo.bar" service.version="4.1" service.version.version="3">foo.bar GroupWise SMTP/MIME Daemon 4.1 v3 Ready (C)1993, 1996 Novell, Inc.</example>
|
492
493
|
<param pos="0" name="service.vendor" value="Novell"/>
|
@@ -498,11 +499,11 @@
|
|
498
499
|
<param pos="0" name="service.cpe23" value="cpe:/a:novell:groupwise:{service.version}"/>
|
499
500
|
</fingerprint>
|
500
501
|
|
501
|
-
<fingerprint pattern="^([^ ]
|
502
|
+
<fingerprint pattern="^([^ ]{1,512}) (?:ESMTP )?running IBM VM SMTP (.+)(?:; | on )(.+) *$">
|
502
503
|
<description>IBM SMTP server for VM/ESA on IBM S/390 and IBM eserver z/Series 900.</description>
|
503
|
-
<example service.version="Level 640" system.time="Thu, 30 Nov 2017 01:08:59 PDT">foo.bar running IBM VM SMTP Level 640 on Thu, 30 Nov 2017 01:08:59 PDT</example>
|
504
|
-
<example service.version="Level 3A0">foo.bar running IBM VM SMTP Level 3A0 on Mon, 10 Sep 2001 07:21:54 EDT</example>
|
505
|
-
<example service.version="V2R4" system.time="Mon, 10 Sep 2001 07:24:35 -0400 (EDT)">foo.bar ESMTP running IBM VM SMTP V2R4; Mon, 10 Sep 2001 07:24:35 -0400 (EDT)</example>
|
504
|
+
<example service.version="Level 640" system.time="Thu, 30 Nov 2017 01:08:59 PDT" host.name="foo.bar">foo.bar running IBM VM SMTP Level 640 on Thu, 30 Nov 2017 01:08:59 PDT</example>
|
505
|
+
<example service.version="Level 3A0" host.name="foo.bar" system.time="Mon, 10 Sep 2001 07:21:54 EDT">foo.bar running IBM VM SMTP Level 3A0 on Mon, 10 Sep 2001 07:21:54 EDT</example>
|
506
|
+
<example service.version="V2R4" system.time="Mon, 10 Sep 2001 07:24:35 -0400 (EDT)" host.name="foo.bar">foo.bar ESMTP running IBM VM SMTP V2R4; Mon, 10 Sep 2001 07:24:35 -0400 (EDT)</example>
|
506
507
|
<param pos="0" name="service.vendor" value="IBM"/>
|
507
508
|
<param pos="0" name="service.family" value="VM"/>
|
508
509
|
<param pos="0" name="service.product" value="VM"/>
|
@@ -512,7 +513,7 @@
|
|
512
513
|
<param pos="3" name="system.time"/>
|
513
514
|
</fingerprint>
|
514
515
|
|
515
|
-
<fingerprint pattern="^([^ ]
|
516
|
+
<fingerprint pattern="^([^ ]{1,512}) \(IntraStore TurboSendmail\) ESMTP Service ready *$">
|
516
517
|
<description>
|
517
518
|
Syntegra/CDC IntraStore TurboSendmail, part of the IntraStore server which runs on
|
518
519
|
the following platforms ONLY: Linux, HP-UX, Solaris, AIX, and Windows NT/2000
|
@@ -525,9 +526,9 @@
|
|
525
526
|
<param pos="1" name="host.name"/>
|
526
527
|
</fingerprint>
|
527
528
|
|
528
|
-
<fingerprint pattern="^(\S
|
529
|
+
<fingerprint pattern="^(\S{1,512}) E?SMTP Server \(JAMES E?SMTP Server ([\d\.]+)\) ready (\w\w\w, \d+ \w\w\w \d\d\d\d [\d:]+ [-+]\d\d\d\d) \(.+\)$">
|
529
530
|
<description>JAMES SMTP Server</description>
|
530
|
-
<example host.name="foo.bar" service.version="2.3.2">foo.bar SMTP Server (JAMES SMTP Server 2.3.2) ready Tue, 19 May 2015 00:36:13 +0200 (CEST)</example>
|
531
|
+
<example host.name="foo.bar" service.version="2.3.2" system.time="Tue, 19 May 2015 00:36:13 +0200">foo.bar SMTP Server (JAMES SMTP Server 2.3.2) ready Tue, 19 May 2015 00:36:13 +0200 (CEST)</example>
|
531
532
|
<param pos="0" name="service.vendor" value="Apache"/>
|
532
533
|
<param pos="0" name="service.product" value="James"/>
|
533
534
|
<param pos="2" name="service.version"/>
|
@@ -537,9 +538,10 @@
|
|
537
538
|
<param pos="0" name="system.time.format" value="EEE, d MMM yyyy HH:mm:ss Z"/>
|
538
539
|
</fingerprint>
|
539
540
|
|
540
|
-
<fingerprint pattern="^(?:(\S
|
541
|
+
<fingerprint pattern="^(?:(\S{1,512}) {1,8})?ESMTP MailEnable Service, Version: ([\d.]+)$">
|
541
542
|
<description>MailEnable - Simple</description>
|
542
543
|
<example service.version="9.53">ESMTP MailEnable Service, Version: 9.53</example>
|
544
|
+
<example host.name="foo.home" service.version="10.34">foo.home ESMTP MailEnable Service, Version: 10.34</example>
|
543
545
|
<param pos="0" name="os.vendor" value="Microsoft"/>
|
544
546
|
<param pos="0" name="os.family" value="Windows"/>
|
545
547
|
<param pos="0" name="os.product" value="Windows"/>
|
@@ -554,10 +556,11 @@
|
|
554
556
|
|
555
557
|
<!-- MailEnable has an odd, three version string. Not sure about the meaning the second and third version #s. -->
|
556
558
|
|
557
|
-
<fingerprint pattern="^(?:(\S
|
559
|
+
<fingerprint pattern="^(?:(\S{1,512}) {1,8})?ESMTP MailEnable Service, Version: (?:([\d.]+))?-[\d.]*-[\d.]* (?:ready|denied access) at (\d{2}/\d{2}/\d{2} \d{2}:\d{2}:\d{2})$">
|
558
560
|
<description>MailEnable - Complex</description>
|
559
|
-
<example host.name="foo.bar" service.version="1.8">foo.bar ESMTP MailEnable Service, Version: 1.8-- ready at 05/20/15 08:50:22</example>
|
560
|
-
<example host.name="foo.bar" service.version="9.53"
|
561
|
+
<example host.name="foo.bar" service.version="1.8" system.time="05/20/15 08:50:22">foo.bar ESMTP MailEnable Service, Version: 1.8-- ready at 05/20/15 08:50:22</example>
|
562
|
+
<example host.name="*.foo.bar" service.version="9.53" system.time="11/30/17 00:57:37">*.foo.bar ESMTP MailEnable Service, Version: 9.53-9.53- ready at 11/30/17 00:57:37</example>
|
563
|
+
<example host.name="%WPI_HOSTNAME%" service.version="10.27" system.time="07/07/21 18:24:47">%WPI_HOSTNAME% ESMTP MailEnable Service, Version: 10.27-- ready at 07/07/21 18:24:47</example>
|
561
564
|
<example host.name="foo.bar" service.version="9.00" system.time="11/30/17 09:30:34">foo.bar ESMTP MailEnable Service, Version: 9.00--9.00 ready at 11/30/17 09:30:34</example>
|
562
565
|
<example host.name="foo.bar" service.version="1.986" system.time="04/05/18 16:15:25">foo.bar ESMTP MailEnable Service, Version: 1.986-- denied access at 04/05/18 16:15:25</example>
|
563
566
|
<param pos="0" name="os.vendor" value="Microsoft"/>
|
@@ -574,10 +577,10 @@
|
|
574
577
|
<param pos="3" name="system.time"/>
|
575
578
|
</fingerprint>
|
576
579
|
|
577
|
-
<fingerprint pattern="^([^ ]
|
580
|
+
<fingerprint pattern="^([^ ]{1,512}) \(Mail-Max Version (\d+\.[\d\.]+), (.+, .+)\) ESMTP Mail Server Ready. *$">
|
578
581
|
<description>Mail Max</description>
|
579
|
-
<example host.name="foo.bar" service.version="4.2.4.7">foo.bar (Mail-Max Version 4.2.4.7, Wed, 31 Jan 2001 03:44:35 +0100 WST) ESMTP Mail Server Ready.</example>
|
580
|
-
<example host.name="foo.bar" service.version="3.073">foo.bar (Mail-Max Version 3.073, Thu, 30 Nov 2017 17:24:59 +0800 ) ESMTP Mail Server Ready.</example>
|
582
|
+
<example host.name="foo.bar" service.version="4.2.4.7" system.time="Wed, 31 Jan 2001 03:44:35 +0100 WST">foo.bar (Mail-Max Version 4.2.4.7, Wed, 31 Jan 2001 03:44:35 +0100 WST) ESMTP Mail Server Ready.</example>
|
583
|
+
<example host.name="foo.bar" service.version="3.073" system.time="Thu, 30 Nov 2017 17:24:59 +0800 ">foo.bar (Mail-Max Version 3.073, Thu, 30 Nov 2017 17:24:59 +0800 ) ESMTP Mail Server Ready.</example>
|
581
584
|
<param pos="0" name="service.vendor" value="Mail-Max"/>
|
582
585
|
<param pos="0" name="service.family" value="Mail-Max"/>
|
583
586
|
<param pos="0" name="service.product" value="Mail-Max"/>
|
@@ -587,7 +590,7 @@
|
|
587
590
|
<param pos="3" name="system.time"/>
|
588
591
|
</fingerprint>
|
589
592
|
|
590
|
-
<fingerprint pattern="^([^ ]
|
593
|
+
<fingerprint pattern="^([^ ]{1,512}) {1,8}MailSite E?SMTP Receiver Version (\d+\.[\d.]+) Ready *$">
|
591
594
|
<description>Rockliffe MailSite - with version (http://www.rockliffe.com)</description>
|
592
595
|
<example host.name="foo.bar" service.version="3.4.6.0">foo.bar MailSite ESMTP Receiver Version 3.4.6.0 Ready</example>
|
593
596
|
<example host.name="foo.bar" service.version="2.1.7">foo.bar MailSite SMTP Receiver Version 2.1.7 Ready</example>
|
@@ -598,7 +601,7 @@
|
|
598
601
|
<param pos="2" name="service.version"/>
|
599
602
|
</fingerprint>
|
600
603
|
|
601
|
-
<fingerprint pattern="^([^ ]
|
604
|
+
<fingerprint pattern="^([^ ]{1,512}) {1,8}MailSite E?SMTP Receiver Ready *$">
|
602
605
|
<description>Rockliffe MailSite - without version (http://www.rockliffe.com)</description>
|
603
606
|
<example host.name="foo.bar">foo.bar MailSite SMTP Receiver Ready</example>
|
604
607
|
<param pos="0" name="service.vendor" value="Rockliffe"/>
|
@@ -616,9 +619,9 @@
|
|
616
619
|
<param pos="1" name="service.version"/>
|
617
620
|
</fingerprint>
|
618
621
|
|
619
|
-
<fingerprint pattern="^([^ ]
|
622
|
+
<fingerprint pattern="^([^ ]{1,512}) {1,8}MAILsweeper ESMTP Receiver Version (\d\.[\d.]+) Ready *$">
|
620
623
|
<description>Content Security MAILsweeper for SMTP (http://www.contenttechnologies.com/products/msw4smtp/default.asp)</description>
|
621
|
-
<example service.version="4.2.1.0">foo.bar MAILsweeper ESMTP Receiver Version 4.2.1.0 Ready</example>
|
624
|
+
<example service.version="4.2.1.0" host.name="foo.bar">foo.bar MAILsweeper ESMTP Receiver Version 4.2.1.0 Ready</example>
|
622
625
|
<param pos="0" name="service.vendor" value="Clearswift"/>
|
623
626
|
<param pos="0" name="service.family" value="MAILsweeper"/>
|
624
627
|
<param pos="0" name="service.product" value="MAILsweeper"/>
|
@@ -626,9 +629,9 @@
|
|
626
629
|
<param pos="2" name="service.version"/>
|
627
630
|
</fingerprint>
|
628
631
|
|
629
|
-
<fingerprint pattern="^([^ ]
|
632
|
+
<fingerprint pattern="^([^ ]{1,512}) {1,8}ESMTP MDaemon ([^ ]+\.[^ ]+\.[^ ]+) UNREGISTERED; *(.+) *$">
|
630
633
|
<description>MDaemon mail server - with timestamp, unregistered</description>
|
631
|
-
<example service.version="4.0.5">foo.bar ESMTP MDaemon 4.0.5 UNREGISTERED; Sat, 06 Oct 2001 09:10:56 +0400</example>
|
634
|
+
<example service.version="4.0.5" host.name="foo.bar" system.time="Sat, 06 Oct 2001 09:10:56 +0400">foo.bar ESMTP MDaemon 4.0.5 UNREGISTERED; Sat, 06 Oct 2001 09:10:56 +0400</example>
|
632
635
|
<param pos="0" name="service.vendor" value="Alt-N"/>
|
633
636
|
<param pos="0" name="service.family" value="MDaemon"/>
|
634
637
|
<param pos="0" name="service.product" value="MDaemon"/>
|
@@ -645,9 +648,9 @@
|
|
645
648
|
<param pos="3" name="system.time"/>
|
646
649
|
</fingerprint>
|
647
650
|
|
648
|
-
<fingerprint pattern="^([^ ]
|
651
|
+
<fingerprint pattern="^([^ ]{1,512}) {1,8}ESMTP MDaemon ([^ ]+\.[^ ]+\.[^ ]+); *(.+) *$">
|
649
652
|
<description>MDaemon mail server - with timestamp</description>
|
650
|
-
<example service.version="4.0.2">foo.bar ESMTP MDaemon 4.0.2; Sat, 06 Oct 2001 01:46:44 -0500</example>
|
653
|
+
<example service.version="4.0.2" host.name="foo.bar" system.time="Sat, 06 Oct 2001 01:46:44 -0500">foo.bar ESMTP MDaemon 4.0.2; Sat, 06 Oct 2001 01:46:44 -0500</example>
|
651
654
|
<param pos="0" name="service.vendor" value="Alt-N"/>
|
652
655
|
<param pos="0" name="service.family" value="MDaemon"/>
|
653
656
|
<param pos="0" name="service.product" value="MDaemon"/>
|
@@ -663,9 +666,9 @@
|
|
663
666
|
<param pos="3" name="system.time"/>
|
664
667
|
</fingerprint>
|
665
668
|
|
666
|
-
<fingerprint pattern="^([^ ]
|
669
|
+
<fingerprint pattern="^([^ ]{1,512}) {1,8}ESMTP MDaemon ([^ ]+\.[^ ]+\.[^ ]+) ready *$">
|
667
670
|
<description>MDaemon mail server - without timestamp</description>
|
668
|
-
<example service.version="3.5.7">foo.bar ESMTP MDaemon 3.5.7 ready</example>
|
671
|
+
<example service.version="3.5.7" host.name="foo.bar">foo.bar ESMTP MDaemon 3.5.7 ready</example>
|
669
672
|
<param pos="0" name="service.vendor" value="Alt-N"/>
|
670
673
|
<param pos="0" name="service.family" value="MDaemon"/>
|
671
674
|
<param pos="0" name="service.product" value="MDaemon"/>
|
@@ -679,11 +682,11 @@
|
|
679
682
|
<param pos="0" name="service.cpe23" value="cpe:/a:altn:mdaemon:{service.version}"/>
|
680
683
|
</fingerprint>
|
681
684
|
|
682
|
-
<fingerprint pattern="^([^ ]
|
685
|
+
<fingerprint pattern="^([^ ]{1,512}) {1,8}ESMTP service ready \[[0-9]+\] (?:using )?MDaemon v(\d+\.[\d.]+) ([^ ]+) *$">
|
683
686
|
<description>MDaemon mail server - with version revision</description>
|
684
|
-
<example service.version="2.84" service.version.version="R">foo.bar ESMTP service ready [1] MDaemon v2.84 R</example>
|
685
|
-
<example service.version="3.0.3" service.version.version="R">foo.bar ESMTP service ready [1] using MDaemon v3.0.3 R</example>
|
686
|
-
<example service.version="2.8.7.0" service.version.version="R">foo.bar ESMTP service ready [1] MDaemon v2.8.7.0 R</example>
|
687
|
+
<example service.version="2.84" service.version.version="R" host.name="foo.bar">foo.bar ESMTP service ready [1] MDaemon v2.84 R</example>
|
688
|
+
<example service.version="3.0.3" service.version.version="R" host.name="foo.bar">foo.bar ESMTP service ready [1] using MDaemon v3.0.3 R</example>
|
689
|
+
<example service.version="2.8.7.0" service.version.version="R" host.name="foo.bar">foo.bar ESMTP service ready [1] MDaemon v2.8.7.0 R</example>
|
687
690
|
<param pos="0" name="service.vendor" value="Alt-N"/>
|
688
691
|
<param pos="0" name="service.family" value="MDaemon"/>
|
689
692
|
<param pos="0" name="service.product" value="MDaemon"/>
|
@@ -698,10 +701,10 @@
|
|
698
701
|
<param pos="0" name="service.cpe23" value="cpe:/a:altn:mdaemon:{service.version}"/>
|
699
702
|
</fingerprint>
|
700
703
|
|
701
|
-
<fingerprint pattern="^([^ ]
|
704
|
+
<fingerprint pattern="^([^ ]{1,512}) {1,8}ESMTP service ready \[[0-9]+\] (?:\()?MDaemon v([\d.]+) ([^ ]+) ([^ )]+)(?:\))? *$">
|
702
705
|
<description>MDaemon mail server - with service pack</description>
|
703
|
-
<example service.version="2.7" service.version.version="SP5" service.version.version.version="R">foo.bar ESMTP service ready [1] MDaemon v2.7 SP5 R</example>
|
704
|
-
<example service.version="2.7" service.version.version="SP4" service.version.version.version="R">foo.bar ESMTP service ready [1] (MDaemon v2.7 SP4 R)</example>
|
706
|
+
<example service.version="2.7" service.version.version="SP5" service.version.version.version="R" host.name="foo.bar">foo.bar ESMTP service ready [1] MDaemon v2.7 SP5 R</example>
|
707
|
+
<example service.version="2.7" service.version.version="SP4" service.version.version.version="R" host.name="foo.bar">foo.bar ESMTP service ready [1] (MDaemon v2.7 SP4 R)</example>
|
705
708
|
<param pos="0" name="service.vendor" value="Alt-N"/>
|
706
709
|
<param pos="0" name="service.family" value="MDaemon"/>
|
707
710
|
<param pos="0" name="service.product" value="MDaemon"/>
|
@@ -717,9 +720,9 @@
|
|
717
720
|
<param pos="0" name="service.cpe23" value="cpe:/a:altn:mdaemon:{service.version}"/>
|
718
721
|
</fingerprint>
|
719
722
|
|
720
|
-
<fingerprint pattern="^([^ ]
|
723
|
+
<fingerprint pattern="^([^ ]{1,512}) {1,8}ESMTP service ready \[[0-9]+\] \(MDaemon v([^ ]+\.[^ ]+) ([^ ]+) ([^ ]+) ([^ ]+)\) *$">
|
721
724
|
<description>MDaemon mail server</description>
|
722
|
-
<example service.version="2.5" service.version.version.version="b1">foo.bar ESMTP service ready [1] (MDaemon v2.5 rB b1 32-T)</example>
|
725
|
+
<example service.version="2.5" service.version.version.version="b1" host.name="foo.bar" service.version.version="rB" service.version.version.version.version="32-T">foo.bar ESMTP service ready [1] (MDaemon v2.5 rB b1 32-T)</example>
|
723
726
|
<param pos="0" name="service.vendor" value="Alt-N"/>
|
724
727
|
<param pos="0" name="service.family" value="MDaemon"/>
|
725
728
|
<param pos="0" name="service.product" value="MDaemon"/>
|
@@ -738,11 +741,11 @@
|
|
738
741
|
|
739
742
|
<!-- example: 220 mail.db-list.com ESMTP MERAK 3.00.140; Tue, 24 Jul 2001 21:30:47 -0700 -->
|
740
743
|
|
741
|
-
<fingerprint pattern="^([^ ]
|
744
|
+
<fingerprint pattern="^([^ ]{1,512}) +E?SMTP (?i:MERAK) ([^ ]+\.[^ ]+\.[^ ]+); *(.+) *$">
|
742
745
|
<description>Merak mail server - http://www.icewarp.com/merakmail/ (runs on 2000/NT/9x)</description>
|
743
|
-
<example host.name="foo.bar" service.version="8.0.3">foo.bar SMTP Merak 8.0.3; Thu, 30 Nov 2017 20:01:41 +1000</example>
|
744
|
-
<example host.name="foo.bar" service.version="8.0.3">foo.bar ESMTP Merak 8.0.3; Thu, 30 Nov 2017 12:08:09 +0200</example>
|
745
|
-
<example host.name="foo.bar" service.version="2.10.284">foo.bar ESMTP MERAK 2.10.284; Thu, 30 Nov 2017 17:55:10 +0800</example>
|
746
|
+
<example host.name="foo.bar" service.version="8.0.3" system.time="Thu, 30 Nov 2017 20:01:41 +1000">foo.bar SMTP Merak 8.0.3; Thu, 30 Nov 2017 20:01:41 +1000</example>
|
747
|
+
<example host.name="foo.bar" service.version="8.0.3" system.time="Thu, 30 Nov 2017 12:08:09 +0200">foo.bar ESMTP Merak 8.0.3; Thu, 30 Nov 2017 12:08:09 +0200</example>
|
748
|
+
<example host.name="foo.bar" service.version="2.10.284" system.time="Thu, 30 Nov 2017 17:55:10 +0800">foo.bar ESMTP MERAK 2.10.284; Thu, 30 Nov 2017 17:55:10 +0800</example>
|
746
749
|
<param pos="0" name="service.vendor" value="Merak"/>
|
747
750
|
<param pos="0" name="service.family" value="Mail Server"/>
|
748
751
|
<param pos="0" name="service.product" value="Mail Server"/>
|
@@ -754,7 +757,7 @@
|
|
754
757
|
|
755
758
|
<fingerprint pattern="^MERCUR SMTP-Server \(v([^ ]+\.[^ ])0\.([^ ]+) ([^ ]+)\) for (.+) ready at (.+) *$">
|
756
759
|
<description>Atrium's MERCUR SMTP server (http://www.atrium-software.com/pub/support_e.cfm)</description>
|
757
|
-
<example service.version="3.3" service.version.version="09" service.version.version.version="SA-0000005" mercur.os.info="Windows NT">MERCUR SMTP-Server (v3.30.09 SA-0000005) for Windows NT ready at Thu, 30 Nov 2017 10:01:06 +0100</example>
|
760
|
+
<example service.version="3.3" service.version.version="09" service.version.version.version="SA-0000005" mercur.os.info="Windows NT" system.time="Thu, 30 Nov 2017 10:01:06 +0100">MERCUR SMTP-Server (v3.30.09 SA-0000005) for Windows NT ready at Thu, 30 Nov 2017 10:01:06 +0100</example>
|
758
761
|
<param pos="0" name="service.vendor" value="Atrium Software"/>
|
759
762
|
<param pos="0" name="service.family" value="MERCUR"/>
|
760
763
|
<param pos="0" name="service.product" value="MERCUR"/>
|
@@ -766,9 +769,9 @@
|
|
766
769
|
<param pos="5" name="system.time"/>
|
767
770
|
</fingerprint>
|
768
771
|
|
769
|
-
<fingerprint pattern="^([^ ]
|
772
|
+
<fingerprint pattern="^([^ ]{1,512}) Mercury ([^ ]+\.[^ ]+) ESMTP server ready.$">
|
770
773
|
<description>Mercury NLM for Netware ( http://www.pmail.com/index.cfm )</description>
|
771
|
-
<example service.version="1.43">foo.bar Mercury 1.43 ESMTP server ready.</example>
|
774
|
+
<example host.name="foo.bar" service.version="1.43">foo.bar Mercury 1.43 ESMTP server ready.</example>
|
772
775
|
<param pos="0" name="service.family" value="Mercury Mail Transport System"/>
|
773
776
|
<param pos="0" name="service.product" value="Mercury Mail Transport System"/>
|
774
777
|
<param pos="0" name="os.vendor" value="Novell"/>
|
@@ -779,10 +782,10 @@
|
|
779
782
|
<param pos="2" name="service.version"/>
|
780
783
|
</fingerprint>
|
781
784
|
|
782
|
-
<fingerprint pattern="^^([^ ]
|
785
|
+
<fingerprint pattern="^^([^ ]{1,512}) Mercury\/32 v([^ ]+\.[^ ]+) (?:SMTP\/)?ESMTP server ready.?$">
|
783
786
|
<description>Mercury/32 for Win9x/NT/2000 ( http://www.pmail.com/index.cfm )</description>
|
784
|
-
<example service.version="3.01a">foo.bar Mercury/32 v3.01a SMTP/ESMTP server ready.</example>
|
785
|
-
<example service.version="3.30">foo.bar Mercury/32 v3.30 ESMTP server ready.</example>
|
787
|
+
<example service.version="3.01a" host.name="foo.bar">foo.bar Mercury/32 v3.01a SMTP/ESMTP server ready.</example>
|
788
|
+
<example service.version="3.30" host.name="foo.bar">foo.bar Mercury/32 v3.30 ESMTP server ready.</example>
|
786
789
|
<param pos="0" name="service.family" value="Mercury Mail Transport System"/>
|
787
790
|
<param pos="0" name="service.product" value="Mercury Mail Transport System"/>
|
788
791
|
<param pos="0" name="os.vendor" value="Microsoft"/>
|
@@ -793,9 +796,9 @@
|
|
793
796
|
<param pos="2" name="service.version"/>
|
794
797
|
</fingerprint>
|
795
798
|
|
796
|
-
<fingerprint pattern="^([^ ]
|
799
|
+
<fingerprint pattern="^([^ ]{1,512}) SMTP NAVIEG ([^ ]+\.[^ ]+\.[^ ]+); (.+)* http">
|
797
800
|
<description>Norton Antivirus for Internet Email Gateways (becomes NAVGW in 2.1)</description>
|
798
|
-
<example host.name="foo.bar" service.version="2.0.1">foo.bar SMTP NAVIEG 2.0.1; Sun, 29 Jul 2001 22:02:16 -0500 http://www.symantec.com</example>
|
801
|
+
<example host.name="foo.bar" service.version="2.0.1" system.time="Sun, 29 Jul 2001 22:02:16 -0500">foo.bar SMTP NAVIEG 2.0.1; Sun, 29 Jul 2001 22:02:16 -0500 http://www.symantec.com</example>
|
799
802
|
<param pos="0" name="service.vendor" value="Norton"/>
|
800
803
|
<param pos="0" name="service.family" value="Antivirus for Gateways"/>
|
801
804
|
<param pos="0" name="service.product" value="Antivirus for Gateways"/>
|
@@ -805,7 +808,7 @@
|
|
805
808
|
<param pos="3" name="system.time"/>
|
806
809
|
</fingerprint>
|
807
810
|
|
808
|
-
<fingerprint pattern="^([^ ]
|
811
|
+
<fingerprint pattern="^([^ ]{1,512}) ESMTP service \(Netscape Messaging Server ([^ ]+\.[^ ]+) Patch ([^ ]+)">
|
809
812
|
<description>Netscape Messaging Server - with patch number</description>
|
810
813
|
<example host.name="foo.bar" service.version="4.15" service.version.version="7">foo.bar ESMTP service (Netscape Messaging Server 4.15 Patch 7 (built Sep 12 2001))</example>
|
811
814
|
<param pos="0" name="service.vendor" value="Netscape"/>
|
@@ -817,7 +820,7 @@
|
|
817
820
|
<param pos="0" name="service.cpe23" value="cpe:/a:netscape:messaging_server:{service.version}"/>
|
818
821
|
</fingerprint>
|
819
822
|
|
820
|
-
<fingerprint pattern="^([^ ]
|
823
|
+
<fingerprint pattern="^([^ ]{1,512}) ESMTP server \(Netscape Messaging Server - Version ([\d.]+)\) ready (\w\w\w, \d+ \w\w\w \d\d\d\d [\d:]+ [-+]\d\d\d\d) *$">
|
821
824
|
<description>Netscape Messaging Server - w/o patch number</description>
|
822
825
|
<example host.name="foo.bar" service.version="3.6" system.time="Thu, 30 Nov 2017 04:19:10 -0500">foo.bar ESMTP server (Netscape Messaging Server - Version 3.6) ready Thu, 30 Nov 2017 04:19:10 -0500</example>
|
823
826
|
<param pos="0" name="service.vendor" value="Netscape"/>
|
@@ -830,7 +833,7 @@
|
|
830
833
|
<param pos="3" name="system.time"/>
|
831
834
|
</fingerprint>
|
832
835
|
|
833
|
-
<fingerprint pattern="^([^ ]
|
836
|
+
<fingerprint pattern="^([^ ]{1,512}) Lotus SMTP MTA Service Ready *$">
|
834
837
|
<description>Lotus Notes 4 SMTP MTA</description>
|
835
838
|
<example host.name="foo.bar">foo.bar Lotus SMTP MTA Service Ready</example>
|
836
839
|
<param pos="0" name="service.vendor" value="Lotus"/>
|
@@ -846,17 +849,17 @@
|
|
846
849
|
called IBM Domino as of v9.0 on product and in banners.
|
847
850
|
-->
|
848
851
|
|
849
|
-
<fingerprint pattern="
|
852
|
+
<fingerprint pattern=" ?(?:([^ ]{1,512}))? {0,8}ESMTP Service \(Lotus Domino Release (\d+\.[\w.]+(?: FP\d+)?(?: HF\d+)?)(?: \(Intl\))?\) ready at (.+) *$">
|
850
853
|
<description>Lotus Domino SMTP MTA</description>
|
851
|
-
<example service.version="8.5">foo.bar ESMTP Service (Lotus Domino Release 8.5) ready at Thu, 30 Nov 2017 17:01:45 +0800</example>
|
852
|
-
<example service.version="8.5.3FP6 HF1944">foo.bar ESMTP Service (Lotus Domino Release 8.5.3FP6 HF1944) ready at Thu, 30 Nov 2017 17:17:43 +0800</example>
|
853
|
-
<example service.version="8.0.2 FP1 HF82">foo.bar ESMTP Service (Lotus Domino Release 8.0.2 FP1 HF82) ready at Thu, 5 Apr 2018 22:03:28 +0200</example>
|
854
|
-
<example service.version="5.0.13a"> foo.bar ESMTP Service (Lotus Domino Release 5.0.13a) ready at Thu, 16 Nov 2017 17:47:42 +0800</example>
|
855
|
-
<example service.version="7.0.4">foo.bar ESMTP Service (Lotus Domino Release 7.0.4) ready at Thu, 16 Nov 2017 18:28:36 +0900</example>
|
856
|
-
<example service.version="8.0.2FP2">foo.bar ESMTP Service (Lotus Domino Release 8.0.2FP2) ready at Thu, 16 Nov 2017 02:17:33 -0700</example>
|
857
|
-
<example service.version="8.5.3">foo.bar ESMTP Service (Lotus Domino Release 8.5.3) ready at Thu, 16 Nov 2017 17:52:21 +0800</example>
|
858
|
-
<example service.version="7.0"> ESMTP Service (Lotus Domino Release 7.0) ready at Thu, 30 Nov 2017 17:00:41 +0800</example>
|
859
|
-
<example host.name="foo.bar" service.version="5.0.1">foo.bar ESMTP Service (Lotus Domino Release 5.0.1 (Intl)) ready at Thu, 30 Nov 2017 12:38:43 +0300</example>
|
854
|
+
<example service.version="8.5" host.name="foo.bar" system.time="Thu, 30 Nov 2017 17:01:45 +0800">foo.bar ESMTP Service (Lotus Domino Release 8.5) ready at Thu, 30 Nov 2017 17:01:45 +0800</example>
|
855
|
+
<example service.version="8.5.3FP6 HF1944" host.name="foo.bar" system.time="Thu, 30 Nov 2017 17:17:43 +0800">foo.bar ESMTP Service (Lotus Domino Release 8.5.3FP6 HF1944) ready at Thu, 30 Nov 2017 17:17:43 +0800</example>
|
856
|
+
<example service.version="8.0.2 FP1 HF82" host.name="foo.bar" system.time="Thu, 5 Apr 2018 22:03:28 +0200">foo.bar ESMTP Service (Lotus Domino Release 8.0.2 FP1 HF82) ready at Thu, 5 Apr 2018 22:03:28 +0200</example>
|
857
|
+
<example service.version="5.0.13a" host.name="foo.bar" system.time="Thu, 16 Nov 2017 17:47:42 +0800"> foo.bar ESMTP Service (Lotus Domino Release 5.0.13a) ready at Thu, 16 Nov 2017 17:47:42 +0800</example>
|
858
|
+
<example service.version="7.0.4" host.name="foo.bar" system.time="Thu, 16 Nov 2017 18:28:36 +0900">foo.bar ESMTP Service (Lotus Domino Release 7.0.4) ready at Thu, 16 Nov 2017 18:28:36 +0900</example>
|
859
|
+
<example service.version="8.0.2FP2" host.name="foo.bar" system.time="Thu, 16 Nov 2017 02:17:33 -0700">foo.bar ESMTP Service (Lotus Domino Release 8.0.2FP2) ready at Thu, 16 Nov 2017 02:17:33 -0700</example>
|
860
|
+
<example service.version="8.5.3" host.name="foo.bar" system.time="Thu, 16 Nov 2017 17:52:21 +0800">foo.bar ESMTP Service (Lotus Domino Release 8.5.3) ready at Thu, 16 Nov 2017 17:52:21 +0800</example>
|
861
|
+
<example service.version="7.0" system.time="Thu, 30 Nov 2017 17:00:41 +0800"> ESMTP Service (Lotus Domino Release 7.0) ready at Thu, 30 Nov 2017 17:00:41 +0800</example>
|
862
|
+
<example host.name="foo.bar" service.version="5.0.1" system.time="Thu, 30 Nov 2017 12:38:43 +0300">foo.bar ESMTP Service (Lotus Domino Release 5.0.1 (Intl)) ready at Thu, 30 Nov 2017 12:38:43 +0300</example>
|
860
863
|
<param pos="0" name="service.vendor" value="IBM"/>
|
861
864
|
<param pos="0" name="service.family" value="Lotus Domino"/>
|
862
865
|
<param pos="0" name="service.product" value="Lotus Domino"/>
|
@@ -867,11 +870,11 @@
|
|
867
870
|
<param pos="3" name="system.time"/>
|
868
871
|
</fingerprint>
|
869
872
|
|
870
|
-
<fingerprint pattern="^ ?(?:([^ ]
|
873
|
+
<fingerprint pattern="^ ?(?:([^ ]{1,512}))? {0,8}ESMTP Service \(IBM Domino Release (\d+\.[\w.]+(?: HF\d+)?)\) ready at (.+) *$">
|
871
874
|
<description>IBM Domino SMTP MTA</description>
|
872
|
-
<example host.name="foo.bar" service.version="9.0.1FP8 HF475">foo.bar ESMTP Service (IBM Domino Release 9.0.1FP8 HF475) ready at Thu, 30 Nov 2017 17:55:48 +0900</example>
|
873
|
-
<example host.name="foo.bar" service.version="9.0.1"> foo.bar ESMTP Service (IBM Domino Release 9.0.1) ready at Thu, 30 Nov 2017 10:12:26 +0100</example>
|
874
|
-
<example service.version="9.0.1FP8"> ESMTP Service (IBM Domino Release 9.0.1FP8) ready at Thu, 30 Nov 2017 13:51:59 -0800</example>
|
875
|
+
<example host.name="foo.bar" service.version="9.0.1FP8 HF475" system.time="Thu, 30 Nov 2017 17:55:48 +0900">foo.bar ESMTP Service (IBM Domino Release 9.0.1FP8 HF475) ready at Thu, 30 Nov 2017 17:55:48 +0900</example>
|
876
|
+
<example host.name="foo.bar" service.version="9.0.1" system.time="Thu, 30 Nov 2017 10:12:26 +0100"> foo.bar ESMTP Service (IBM Domino Release 9.0.1) ready at Thu, 30 Nov 2017 10:12:26 +0100</example>
|
877
|
+
<example service.version="9.0.1FP8" system.time="Thu, 30 Nov 2017 13:51:59 -0800"> ESMTP Service (IBM Domino Release 9.0.1FP8) ready at Thu, 30 Nov 2017 13:51:59 -0800</example>
|
875
878
|
<param pos="0" name="service.vendor" value="IBM"/>
|
876
879
|
<param pos="0" name="service.family" value="IBM Domino"/>
|
877
880
|
<param pos="0" name="service.product" value="IBM Domino"/>
|
@@ -882,10 +885,10 @@
|
|
882
885
|
<param pos="3" name="system.time"/>
|
883
886
|
</fingerprint>
|
884
887
|
|
885
|
-
<fingerprint pattern="^([^ ]
|
888
|
+
<fingerprint pattern="^([^ ]{1,512}) ESMTP Service \(Lotus Domino Build (V?[\w.]+)\) ready at (.+) *$">
|
886
889
|
<description>Lotus Domino (some early build)</description>
|
887
|
-
<example notes.build.version="166.1">foo.bar ESMTP Service (Lotus Domino Build 166.1) ready at Thu, 16 Nov 2017 10:39:22 +0200</example>
|
888
|
-
<example notes.build.version="V85_M2_08202008">foo.bar ESMTP Service (Lotus Domino Build V85_M2_08202008) ready at Thu, 16 Nov 2017 03:57:40 -0500</example>
|
890
|
+
<example notes.build.version="166.1" host.name="foo.bar" system.time="Thu, 16 Nov 2017 10:39:22 +0200">foo.bar ESMTP Service (Lotus Domino Build 166.1) ready at Thu, 16 Nov 2017 10:39:22 +0200</example>
|
891
|
+
<example notes.build.version="V85_M2_08202008" host.name="foo.bar" system.time="Thu, 16 Nov 2017 03:57:40 -0500">foo.bar ESMTP Service (Lotus Domino Build V85_M2_08202008) ready at Thu, 16 Nov 2017 03:57:40 -0500</example>
|
889
892
|
<param pos="0" name="service.vendor" value="Lotus"/>
|
890
893
|
<param pos="0" name="service.family" value="Lotus Domino"/>
|
891
894
|
<param pos="0" name="service.product" value="Lotus Domino"/>
|
@@ -907,7 +910,7 @@
|
|
907
910
|
<param pos="2" name="system.time"/>
|
908
911
|
</fingerprint>
|
909
912
|
|
910
|
-
<fingerprint pattern="^([^ ]
|
913
|
+
<fingerprint pattern="^([^ ]{1,512}) NTMail \(v(\d+\.\d+\.\d+)/([^ ]+)\) ready for ESMTP transfer *$">
|
911
914
|
<description>NTMail (http://www.gordano.com)</description>
|
912
915
|
<example host.name="foo.bar" service.version="7.02.3037" ntmail.id="NU1319.01.5b000000">foo.bar NTMail (v7.02.3037/NU1319.01.5b000000) ready for ESMTP transfer </example>
|
913
916
|
<param pos="0" name="service.vendor" value="Gordano"/>
|
@@ -918,9 +921,9 @@
|
|
918
921
|
<param pos="3" name="ntmail.id"/>
|
919
922
|
</fingerprint>
|
920
923
|
|
921
|
-
<fingerprint pattern="^([^ ]
|
924
|
+
<fingerprint pattern="^([^ ]{1,512}) WindowsNT SMTP Server v([^ ]+\.[^ ]+\.[^ ]+)/([^ ]+)/SP ESMTP ready at (.+) *$">
|
922
925
|
<description>NTMail - versions 3.x and earlier (it was called Internet Shopper's something or other)</description>
|
923
|
-
<example host.name="foo.bar" service.version="3.03.0018" ntmail.id="7.aavn">foo.bar WindowsNT SMTP Server v3.03.0018/7.aavn/SP ESMTP ready at Thu, 30 Nov 2017 10:15:31 +0100</example>
|
926
|
+
<example host.name="foo.bar" service.version="3.03.0018" ntmail.id="7.aavn" system.time="Thu, 30 Nov 2017 10:15:31 +0100">foo.bar WindowsNT SMTP Server v3.03.0018/7.aavn/SP ESMTP ready at Thu, 30 Nov 2017 10:15:31 +0100</example>
|
924
927
|
<param pos="0" name="service.vendor" value="Gordano"/>
|
925
928
|
<param pos="0" name="service.family" value="NTMail"/>
|
926
929
|
<param pos="0" name="service.product" value="NTMail"/>
|
@@ -931,7 +934,7 @@
|
|
931
934
|
<param pos="4" name="system.time"/>
|
932
935
|
</fingerprint>
|
933
936
|
|
934
|
-
<fingerprint pattern="^(
|
937
|
+
<fingerprint pattern="^([^ ]{1,512})(?: UCX)? V\S+, OpenVMS V(\S+) (\S+) ready at">
|
935
938
|
<description>Some unknown mail server on OpenVMS</description>
|
936
939
|
<example host.name="foo.bar" os.arch="IA64" os.version="8.4">foo.bar V5.7-ECO4, OpenVMS V8.4 IA64 ready at Wed, 20 May 2015 01:22:32 +0100 (BST)</example>
|
937
940
|
<example host.name="foo.bar" os.arch="Alpha" os.version="7.3-2">foo.bar V5.4-15E, OpenVMS V7.3-2 Alpha ready at Wed, 20 May 2015 01:22:18 +0100 (BST)</example>
|
@@ -946,10 +949,10 @@
|
|
946
949
|
<param pos="0" name="os.cpe23" value="cpe:/o:hp:openvms:{os.version}"/>
|
947
950
|
</fingerprint>
|
948
951
|
|
949
|
-
<fingerprint pattern="^(
|
952
|
+
<fingerprint pattern="^([^ ]{1,512}) E?SMTP PMailServer(?: \[Free Edition\])? ([\d\.]+); (\w\w\w, +\d+ \w\w\w \d\d\d\d [\d:]+)$">
|
950
953
|
<description>A.K.I PMail</description>
|
951
|
-
<example host.name="foo.bar" service.version="1.91">foo.bar ESMTP PMailServer [Free Edition] 1.91; Fri, 22 May 2015 02:04:56</example>
|
952
|
-
<example host.name="foo.bar" service.version="1.78">foo.bar ESMTP PMailServer 1.78; Fri, 6 Apr 2018 04:34:11</example>
|
954
|
+
<example host.name="foo.bar" service.version="1.91" system.time="Fri, 22 May 2015 02:04:56">foo.bar ESMTP PMailServer [Free Edition] 1.91; Fri, 22 May 2015 02:04:56</example>
|
955
|
+
<example host.name="foo.bar" service.version="1.78" system.time="Fri, 6 Apr 2018 04:34:11">foo.bar ESMTP PMailServer 1.78; Fri, 6 Apr 2018 04:34:11</example>
|
953
956
|
<param pos="0" name="service.vendor" value="A.K.I Software"/>
|
954
957
|
<param pos="0" name="service.product" value="PMail Server"/>
|
955
958
|
<param pos="0" name="system.time.format" value="EEE, d MMM yyyy HH:mm:ss"/>
|
@@ -958,7 +961,7 @@
|
|
958
961
|
<param pos="3" name="system.time"/>
|
959
962
|
</fingerprint>
|
960
963
|
|
961
|
-
<fingerprint pattern="^([^ ]
|
964
|
+
<fingerprint pattern="^([^ ]{1,512}) Postfix \(Postfix-([^ ]+)-([^ ]+)\) \(([^ ]+)\) *$">
|
962
965
|
<description>Postfix - version + build, followed by os</description>
|
963
966
|
<param pos="0" name="service.vendor" value="Postfix"/>
|
964
967
|
<param pos="0" name="service.family" value="Postfix"/>
|
@@ -970,10 +973,10 @@
|
|
970
973
|
<param pos="4" name="postfix.os.info"/>
|
971
974
|
</fingerprint>
|
972
975
|
|
973
|
-
<fingerprint pattern="^([^ ]
|
976
|
+
<fingerprint pattern="^([^ ]{1,512}) ESMTP Postfix \(?([\d.]+)\)?$">
|
974
977
|
<description>Postfix - Std semantic versioning, w/ optional parens</description>
|
975
|
-
<example service.version="3.1.4">foo.bar ESMTP Postfix (3.1.4)</example>
|
976
|
-
<example service.version="2.7.1">foo.bar ESMTP Postfix 2.7.1</example>
|
978
|
+
<example service.version="3.1.4" host.name="foo.bar">foo.bar ESMTP Postfix (3.1.4)</example>
|
979
|
+
<example service.version="2.7.1" host.name="foo.bar">foo.bar ESMTP Postfix 2.7.1</example>
|
977
980
|
<param pos="0" name="service.vendor" value="Postfix"/>
|
978
981
|
<param pos="0" name="service.family" value="Postfix"/>
|
979
982
|
<param pos="0" name="service.product" value="Postfix"/>
|
@@ -982,9 +985,9 @@
|
|
982
985
|
<param pos="0" name="service.cpe23" value="cpe:/a:postfix:postfix:{service.version}"/>
|
983
986
|
</fingerprint>
|
984
987
|
|
985
|
-
<fingerprint pattern="^([^ ]
|
988
|
+
<fingerprint pattern="^([^ ]{1,512}) ESMTP Postfix \((?:Postfix-)?([\d.]+)-([^ ]+)\)$">
|
986
989
|
<description>Postfix - version + build</description>
|
987
|
-
<example service.version="2.8" service.version.version="20100306">foo.bar ESMTP Postfix (2.8-20100306)</example>
|
990
|
+
<example service.version="2.8" service.version.version="20100306" host.name="foo.bar">foo.bar ESMTP Postfix (2.8-20100306)</example>
|
988
991
|
<param pos="0" name="service.vendor" value="Postfix"/>
|
989
992
|
<param pos="0" name="service.family" value="Postfix"/>
|
990
993
|
<param pos="0" name="service.product" value="Postfix"/>
|
@@ -994,9 +997,9 @@
|
|
994
997
|
<param pos="0" name="service.cpe23" value="cpe:/a:postfix:postfix:{service.version}"/>
|
995
998
|
</fingerprint>
|
996
999
|
|
997
|
-
<fingerprint pattern="^([^ ]
|
1000
|
+
<fingerprint pattern="^([^ ]{1,512}) +E?SMTP Postfix \(Ubuntu\)$">
|
998
1001
|
<description>Postfix - Ubuntu</description>
|
999
|
-
<example>foo.bar ESMTP Postfix (Ubuntu)</example>
|
1002
|
+
<example host.name="foo.bar">foo.bar ESMTP Postfix (Ubuntu)</example>
|
1000
1003
|
<param pos="0" name="service.vendor" value="Postfix"/>
|
1001
1004
|
<param pos="0" name="service.family" value="Postfix"/>
|
1002
1005
|
<param pos="0" name="service.product" value="Postfix"/>
|
@@ -1008,10 +1011,10 @@
|
|
1008
1011
|
<param pos="0" name="os.cpe23" value="cpe:/o:canonical:ubuntu_linux:-"/>
|
1009
1012
|
</fingerprint>
|
1010
1013
|
|
1011
|
-
<fingerprint pattern="^([^ ]
|
1014
|
+
<fingerprint pattern="^([^ ]{1,512})(?: ESMTP)? Hi, I'm a Mail-in-a-Box \(Ubuntu/Postfix; see https://mailinabox.email/\)$">
|
1012
1015
|
<description>Postfix - Ubuntu, Mail-in-a-Box package</description>
|
1013
|
-
<example>foo.bar ESMTP Hi, I'm a Mail-in-a-Box (Ubuntu/Postfix; see https://mailinabox.email/)</example>
|
1014
|
-
<example>foo.bar Hi, I'm a Mail-in-a-Box (Ubuntu/Postfix; see https://mailinabox.email/)</example>
|
1016
|
+
<example host.name="foo.bar">foo.bar ESMTP Hi, I'm a Mail-in-a-Box (Ubuntu/Postfix; see https://mailinabox.email/)</example>
|
1017
|
+
<example host.name="foo.bar">foo.bar Hi, I'm a Mail-in-a-Box (Ubuntu/Postfix; see https://mailinabox.email/)</example>
|
1015
1018
|
<param pos="0" name="service.vendor" value="Postfix"/>
|
1016
1019
|
<param pos="0" name="service.family" value="Postfix"/>
|
1017
1020
|
<param pos="0" name="service.product" value="Postfix"/>
|
@@ -1023,9 +1026,9 @@
|
|
1023
1026
|
<param pos="0" name="os.cpe23" value="cpe:/o:canonical:ubuntu_linux:-"/>
|
1024
1027
|
</fingerprint>
|
1025
1028
|
|
1026
|
-
<fingerprint pattern="^([^ ]
|
1029
|
+
<fingerprint pattern="^([^ ]{1,512}) +E?SMTP Postfix \(Debian/GNU\)$">
|
1027
1030
|
<description>Postfix - Debian</description>
|
1028
|
-
<example>foo.bar ESMTP Postfix (Debian/GNU)</example>
|
1031
|
+
<example host.name="foo.bar">foo.bar ESMTP Postfix (Debian/GNU)</example>
|
1029
1032
|
<param pos="0" name="service.vendor" value="Postfix"/>
|
1030
1033
|
<param pos="0" name="service.family" value="Postfix"/>
|
1031
1034
|
<param pos="0" name="service.product" value="Postfix"/>
|
@@ -1037,9 +1040,9 @@
|
|
1037
1040
|
<param pos="0" name="os.cpe23" value="cpe:/o:debian:debian_linux:-"/>
|
1038
1041
|
</fingerprint>
|
1039
1042
|
|
1040
|
-
<fingerprint pattern="^([^ ]
|
1043
|
+
<fingerprint pattern="^([^ ]{1,512}) ESMTP.* Postfix *\(.+\) *$">
|
1041
1044
|
<description>Postfix - generic banner with amusing comments in parentheses</description>
|
1042
|
-
<example>foo.bar ESMTP Postfix (lol)</example>
|
1045
|
+
<example host.name="foo.bar">foo.bar ESMTP Postfix (lol)</example>
|
1043
1046
|
<param pos="0" name="service.vendor" value="Postfix"/>
|
1044
1047
|
<param pos="0" name="service.family" value="Postfix"/>
|
1045
1048
|
<param pos="0" name="service.product" value="Postfix"/>
|
@@ -1047,10 +1050,10 @@
|
|
1047
1050
|
<param pos="1" name="host.name"/>
|
1048
1051
|
</fingerprint>
|
1049
1052
|
|
1050
|
-
<fingerprint pattern="
|
1053
|
+
<fingerprint pattern="(?i)^([^ ]{1,512}) {1,8}E?SMTP.* Postfix *$">
|
1051
1054
|
<description>Postfix - generic banner</description>
|
1052
|
-
<example>foo.bar ESMTP Postfix</example>
|
1053
|
-
<example>foo.bar SMTP Postfix</example>
|
1055
|
+
<example host.name="foo.bar">foo.bar ESMTP Postfix</example>
|
1056
|
+
<example host.name="foo.bar">foo.bar SMTP Postfix</example>
|
1054
1057
|
<param pos="0" name="service.vendor" value="Postfix"/>
|
1055
1058
|
<param pos="0" name="service.family" value="Postfix"/>
|
1056
1059
|
<param pos="0" name="service.product" value="Postfix"/>
|
@@ -1058,7 +1061,7 @@
|
|
1058
1061
|
<param pos="1" name="host.name"/>
|
1059
1062
|
</fingerprint>
|
1060
1063
|
|
1061
|
-
<fingerprint pattern="^
|
1064
|
+
<fingerprint pattern="^ {0,512}ESMTP Postfix$">
|
1062
1065
|
<description>Postfix - banner without hostname or version</description>
|
1063
1066
|
<example>ESMTP Postfix</example>
|
1064
1067
|
<param pos="0" name="service.vendor" value="Postfix"/>
|
@@ -1067,7 +1070,7 @@
|
|
1067
1070
|
<param pos="0" name="service.cpe23" value="cpe:/a:postfix:postfix:-"/>
|
1068
1071
|
</fingerprint>
|
1069
1072
|
|
1070
|
-
<fingerprint pattern="
|
1073
|
+
<fingerprint pattern="(?i)^([^ ]{1,512}) POSTFIX$">
|
1071
1074
|
<description>Postfix - generic w/o ESMTP</description>
|
1072
1075
|
<example host.name="foo.bar">foo.bar Postfix</example>
|
1073
1076
|
<param pos="0" name="service.vendor" value="Postfix"/>
|
@@ -1077,7 +1080,7 @@
|
|
1077
1080
|
<param pos="1" name="host.name"/>
|
1078
1081
|
</fingerprint>
|
1079
1082
|
|
1080
|
-
<fingerprint pattern="^([^ ]
|
1083
|
+
<fingerprint pattern="^([^ ]{1,512}) ESMTP server \((?i:P)ost\.(?i:O)ffice v([^ ]+\.[^ ]+)(?: release)? (.+) ID# ([^ ]+)\) ready (.+) *$">
|
1081
1084
|
<description>Post.Office</description>
|
1082
1085
|
<example host.name="foo.bar" service.version="3.8.4" postoffice.build="116" postoffice.id="1001-65749U100L10S0V38" system.time="Thu, 30 Nov 2017 18:46:24 +0900">foo.bar ESMTP server (post.office v3.8.4 release 116 ID# 1001-65749U100L10S0V38) ready Thu, 30 Nov 2017 18:46:24 +0900</example>
|
1083
1086
|
<example host.name="foo.bar" service.version="3.1" postoffice.build="PO205e" postoffice.id="0-42000U100L2S100" system.time="Tue, 6 Feb 2001 19:38:32 +0100">foo.bar ESMTP server (Post.Office v3.1 release PO205e ID# 0-42000U100L2S100) ready Tue, 6 Feb 2001 19:38:32 +0100</example>
|
@@ -1091,14 +1094,14 @@
|
|
1091
1094
|
<param pos="5" name="system.time"/>
|
1092
1095
|
</fingerprint>
|
1093
1096
|
|
1094
|
-
<fingerprint pattern="^([^ ]
|
1097
|
+
<fingerprint pattern="^([^ ]{1,512}) Generic SMTP handler *$">
|
1095
1098
|
<description>Raptor Firewall (low confidence)</description>
|
1096
1099
|
<example host.name="foo.bar">foo.bar Generic SMTP handler</example>
|
1097
1100
|
<param pos="0" name="service.product" value="raptor"/>
|
1098
1101
|
<param pos="1" name="host.name"/>
|
1099
1102
|
</fingerprint>
|
1100
1103
|
|
1101
|
-
<fingerprint pattern="^(\S
|
1104
|
+
<fingerprint pattern="^(\S{1,512}) SAP (\S+) E?SMTP service ready$">
|
1102
1105
|
<description>SAP SMTP Server</description>
|
1103
1106
|
<example host.name="foo.bar" service.version="8.04(53)">foo.bar SAP 8.04(53) ESMTP service ready</example>
|
1104
1107
|
<param pos="0" name="service.vendor" value="SAP"/>
|
@@ -1116,9 +1119,9 @@
|
|
1116
1119
|
<param pos="0" name="service.cpe23" value="cpe:/a:sendmail:sendmail:-"/>
|
1117
1120
|
</fingerprint>
|
1118
1121
|
|
1119
|
-
<fingerprint pattern="^([^ ]
|
1122
|
+
<fingerprint pattern="^([^ ]{1,512}) +ESMTP +Sendmail +([^ ]+) \(PHNE_([^ ]+)\) */ *(.+); *(.+) \(.+\)$">
|
1120
1123
|
<description>Sendmail - HP-UX with a PHNE (HP Networking patch) installed</description>
|
1121
|
-
<example host.name="foo.bar" service.version="8.8.6" sendmail.config.version="8.7.1">foo.bar ESMTP Sendmail 8.8.6 (PHNE_14041)/8.7.1; Tue, 6 Feb 2001 10:04:32 -0300 (SAT)</example>
|
1124
|
+
<example host.name="foo.bar" service.version="8.8.6" sendmail.config.version="8.7.1" sendmail.hpux.phne.version="14041" system.time="Tue, 6 Feb 2001 10:04:32 -0300">foo.bar ESMTP Sendmail 8.8.6 (PHNE_14041)/8.7.1; Tue, 6 Feb 2001 10:04:32 -0300 (SAT)</example>
|
1122
1125
|
<param pos="0" name="service.vendor" value="Sendmail"/>
|
1123
1126
|
<param pos="0" name="service.family" value="Sendmail"/>
|
1124
1127
|
<param pos="0" name="service.product" value="Sendmail"/>
|
@@ -1135,9 +1138,9 @@
|
|
1135
1138
|
<param pos="5" name="system.time"/>
|
1136
1139
|
</fingerprint>
|
1137
1140
|
|
1138
|
-
<fingerprint pattern="^(\S
|
1141
|
+
<fingerprint pattern="^(\S{1,512}) ESMTP Sendmail \S+ version ([\d\.]+) - Revision \S+ HP-UX([\d\.]+).*(\w\w\w, \d+ \w\w\w \d\d\d\d [\d:]+ \w\w\w)$">
|
1139
1142
|
<description>Sendmail - HP-UX</description>
|
1140
|
-
<example host.name="foo.bar" os.version="11.31" service.version="8.13.3">foo.bar ESMTP Sendmail @(#)Sendmail version 8.13.3 - Revision 1.004:: HP-UX11.31 - 03rd February,2010/8.11.1; Wed, 20 May 2015 23:35:38 GMT</example>
|
1143
|
+
<example host.name="foo.bar" os.version="11.31" service.version="8.13.3" system.time="Wed, 20 May 2015 23:35:38 GMT">foo.bar ESMTP Sendmail @(#)Sendmail version 8.13.3 - Revision 1.004:: HP-UX11.31 - 03rd February,2010/8.11.1; Wed, 20 May 2015 23:35:38 GMT</example>
|
1141
1144
|
<param pos="0" name="service.vendor" value="Sendmail"/>
|
1142
1145
|
<param pos="0" name="service.family" value="Sendmail"/>
|
1143
1146
|
<param pos="0" name="service.product" value="Sendmail"/>
|
@@ -1153,9 +1156,9 @@
|
|
1153
1156
|
<param pos="4" name="system.time"/>
|
1154
1157
|
</fingerprint>
|
1155
1158
|
|
1156
|
-
<fingerprint pattern="^([^ ]
|
1159
|
+
<fingerprint pattern="^([^ ]{1,512}) {1,8}ESMTP +Sendmail +([^ ]+)/UW([^ ]+) ready at *(.+) \(.+\) *$">
|
1157
1160
|
<description>Sendmail - Unixware</description>
|
1158
|
-
<example service.version="8.8.7">foo.bar ESMTP Sendmail 8.8.7/UW7.1.0 ready at Tue, 6 Feb 2001 16:39:30 -0300 (GMT-0300)</example>
|
1161
|
+
<example service.version="8.8.7" host.name="foo.bar" os.version="7.1.0" system.time="Tue, 6 Feb 2001 16:39:30 -0300">foo.bar ESMTP Sendmail 8.8.7/UW7.1.0 ready at Tue, 6 Feb 2001 16:39:30 -0300 (GMT-0300)</example>
|
1159
1162
|
<param pos="0" name="service.vendor" value="Sendmail"/>
|
1160
1163
|
<param pos="0" name="service.family" value="Sendmail"/>
|
1161
1164
|
<param pos="0" name="service.product" value="Sendmail"/>
|
@@ -1170,9 +1173,9 @@
|
|
1170
1173
|
<param pos="4" name="system.time"/>
|
1171
1174
|
</fingerprint>
|
1172
1175
|
|
1173
|
-
<fingerprint pattern="^([^ ]
|
1176
|
+
<fingerprint pattern="^([^ ]{1,512}) ESMTP Sendmail AIX([^/]+)/UCB ([^;]+); (.+) \(.+\)$">
|
1174
1177
|
<description>Sendmail - AIX (UCB variant)</description>
|
1175
|
-
<example os.version="4.2" service.version="8.7">foo.bar ESMTP Sendmail AIX4.2/UCB 8.7; Sun, 29 Jul 2001 22:34:37 -0400 (EDT)</example>
|
1178
|
+
<example os.version="4.2" service.version="8.7" host.name="foo.bar" system.time="Sun, 29 Jul 2001 22:34:37 -0400">foo.bar ESMTP Sendmail AIX4.2/UCB 8.7; Sun, 29 Jul 2001 22:34:37 -0400 (EDT)</example>
|
1176
1179
|
<param pos="0" name="service.vendor" value="Sendmail"/>
|
1177
1180
|
<param pos="0" name="service.family" value="Sendmail"/>
|
1178
1181
|
<param pos="0" name="service.product" value="Sendmail"/>
|
@@ -1188,9 +1191,9 @@
|
|
1188
1191
|
<param pos="4" name="system.time"/>
|
1189
1192
|
</fingerprint>
|
1190
1193
|
|
1191
|
-
<fingerprint pattern="^([^ ]
|
1194
|
+
<fingerprint pattern="^([^ ]{1,512}) Sendmail AIX([^/]+)/UCB ([^/]+)/([^ ]+) ready at (.+)$">
|
1192
1195
|
<description>Sendmail - AIX (UCB/ready at variant)</description>
|
1193
|
-
<example>foo.bar Sendmail AIX 4.1/UCB 5.64/4.03 ready at Mon, 30 Jul 2001 00:42:21 -0500</example>
|
1196
|
+
<example host.name="foo.bar" os.version=" 4.1" service.version="5.64" sendmail.config.version="4.03" system.time="Mon, 30 Jul 2001 00:42:21 -0500">foo.bar Sendmail AIX 4.1/UCB 5.64/4.03 ready at Mon, 30 Jul 2001 00:42:21 -0500</example>
|
1194
1197
|
<param pos="0" name="service.vendor" value="Sendmail"/>
|
1195
1198
|
<param pos="0" name="service.family" value="Sendmail"/>
|
1196
1199
|
<param pos="0" name="service.product" value="Sendmail"/>
|
@@ -1207,10 +1210,10 @@
|
|
1207
1210
|
<param pos="5" name="system.time"/>
|
1208
1211
|
</fingerprint>
|
1209
1212
|
|
1210
|
-
<fingerprint pattern="^([^ ]
|
1213
|
+
<fingerprint pattern="^([^ ]{1,512}) ESMTP Sendmail AIX([^/]+)/([^/]+)/([^;]+); (.+)(?: \(.+\))?$">
|
1211
1214
|
<description>Sendmail - AIX</description>
|
1212
|
-
<example host.name="foo.bar" os.version="4.2" service.version="8.7" sendmail.config.version="8.8">foo.bar ESMTP Sendmail AIX4.2/8.7/8.8; Sun, 29 Jul 2001 22:34:37 -0400 (EDT)</example>
|
1213
|
-
<example host.name="foo.bar" os.version="5.1" service.version="8.11.6p2" sendmail.config.version="8.11.0">foo.bar ESMTP Sendmail AIX5.1/8.11.6p2/8.11.0; Fri, 28 Aug 1970 19:42:05 -0800</example>
|
1215
|
+
<example host.name="foo.bar" os.version="4.2" service.version="8.7" sendmail.config.version="8.8" system.time="Sun, 29 Jul 2001 22:34:37 -0400 (EDT)">foo.bar ESMTP Sendmail AIX4.2/8.7/8.8; Sun, 29 Jul 2001 22:34:37 -0400 (EDT)</example>
|
1216
|
+
<example host.name="foo.bar" os.version="5.1" service.version="8.11.6p2" sendmail.config.version="8.11.0" system.time="Fri, 28 Aug 1970 19:42:05 -0800">foo.bar ESMTP Sendmail AIX5.1/8.11.6p2/8.11.0; Fri, 28 Aug 1970 19:42:05 -0800</example>
|
1214
1217
|
<param pos="0" name="service.vendor" value="Sendmail"/>
|
1215
1218
|
<param pos="0" name="service.family" value="Sendmail"/>
|
1216
1219
|
<param pos="0" name="service.product" value="Sendmail"/>
|
@@ -1227,9 +1230,9 @@
|
|
1227
1230
|
<param pos="5" name="system.time"/>
|
1228
1231
|
</fingerprint>
|
1229
1232
|
|
1230
|
-
<fingerprint pattern="^([^ ]
|
1233
|
+
<fingerprint pattern="^([^ ]{1,512}) ESMTP Sendmail ([^/]+)/([^/]+)/SuSE Linux ([^;]+); (.+)$">
|
1231
1234
|
<description>Sendmail - SuSE Linux</description>
|
1232
|
-
<example>foo.bar ESMTP Sendmail 8.9.3/8.9.3/SuSE Linux 8.9.3-0.1; Mon, 30 Jul 2001 04:48:54 +0200</example>
|
1235
|
+
<example host.name="foo.bar" service.version="8.9.3" sendmail.config.version="8.9.3" sendmail.vendor.version="8.9.3-0.1" system.time="Mon, 30 Jul 2001 04:48:54 +0200">foo.bar ESMTP Sendmail 8.9.3/8.9.3/SuSE Linux 8.9.3-0.1; Mon, 30 Jul 2001 04:48:54 +0200</example>
|
1233
1236
|
<param pos="0" name="service.vendor" value="Sendmail"/>
|
1234
1237
|
<param pos="0" name="service.family" value="Sendmail"/>
|
1235
1238
|
<param pos="0" name="service.product" value="Sendmail"/>
|
@@ -1246,9 +1249,9 @@
|
|
1246
1249
|
<param pos="5" name="system.time"/>
|
1247
1250
|
</fingerprint>
|
1248
1251
|
|
1249
|
-
<fingerprint pattern="^([^ ]
|
1252
|
+
<fingerprint pattern="^([^ ]{1,512}) ESMTP Sendmail ([^ ]+)\+Sun/([^ ]+); (.+)$">
|
1250
1253
|
<description>Sendmail - Solaris with date (no time offeset variant)</description>
|
1251
|
-
<example>foo.bar ESMTP Sendmail 8.9.3+Sun/8.9.1; Mon, 30 Jul 2001 02:50:22 GMT</example>
|
1254
|
+
<example host.name="foo.bar" service.version="8.9.3" sendmail.config.version="8.9.1" system.time="Mon, 30 Jul 2001 02:50:22 GMT">foo.bar ESMTP Sendmail 8.9.3+Sun/8.9.1; Mon, 30 Jul 2001 02:50:22 GMT</example>
|
1252
1255
|
<param pos="0" name="service.vendor" value="Sendmail"/>
|
1253
1256
|
<param pos="0" name="service.family" value="Sendmail"/>
|
1254
1257
|
<param pos="0" name="service.product" value="Sendmail"/>
|
@@ -1264,9 +1267,9 @@
|
|
1264
1267
|
<param pos="4" name="system.time"/>
|
1265
1268
|
</fingerprint>
|
1266
1269
|
|
1267
|
-
<fingerprint pattern="^([^ ]
|
1270
|
+
<fingerprint pattern="^([^ ]{1,512}) ESMTP Sendmail ([^ ]+)\+Sun/([^ ]+) ready at (.+) \(.+\)$">
|
1268
1271
|
<description>Sendmail - Solaris with date (ready variant)</description>
|
1269
|
-
<example>foo.bar ESMTP Sendmail 8.8.8+Sun/8.6.4 ready at Thu, 15 Nov 2000 11:40:32 -0800 (PST)</example>
|
1272
|
+
<example host.name="foo.bar" service.version="8.8.8" sendmail.config.version="8.6.4" system.time="Thu, 15 Nov 2000 11:40:32 -0800">foo.bar ESMTP Sendmail 8.8.8+Sun/8.6.4 ready at Thu, 15 Nov 2000 11:40:32 -0800 (PST)</example>
|
1270
1273
|
<param pos="0" name="service.vendor" value="Sendmail"/>
|
1271
1274
|
<param pos="0" name="service.family" value="Sendmail"/>
|
1272
1275
|
<param pos="0" name="service.product" value="Sendmail"/>
|
@@ -1282,10 +1285,10 @@
|
|
1282
1285
|
<param pos="4" name="system.time"/>
|
1283
1286
|
</fingerprint>
|
1284
1287
|
|
1285
|
-
<fingerprint pattern="^([^ ]
|
1288
|
+
<fingerprint pattern="^([^ ]{1,512}) ESMTP (?:Debian )?Sendmail ([^/]+)/([^/]+)/Debian ([^/]+); (.+) *$">
|
1286
1289
|
<description>Sendmail - Debian</description>
|
1287
|
-
<example service.version="8.12.0.Beta7" sendmail.config.version="8.12.0.Beta7" sendmail.vendor.version="8.12.0.Beta7-1">foo.bar ESMTP Debian Sendmail 8.12.0.Beta7/8.12.0.Beta7/Debian 8.12.0.Beta7-1; Sun, 29 Jul 2001 18:52:20 -0800</example>
|
1288
|
-
<example service.version="8.11.0" sendmail.config.version="8.9.3" sendmail.vendor.version="8.9.3-21">foo.bar ESMTP Sendmail 8.11.0/8.9.3/Debian 8.9.3-21; Sun, 29 Jul 2001 19:51:00 -0700</example>
|
1290
|
+
<example service.version="8.12.0.Beta7" sendmail.config.version="8.12.0.Beta7" sendmail.vendor.version="8.12.0.Beta7-1" host.name="foo.bar" system.time="Sun, 29 Jul 2001 18:52:20 -0800">foo.bar ESMTP Debian Sendmail 8.12.0.Beta7/8.12.0.Beta7/Debian 8.12.0.Beta7-1; Sun, 29 Jul 2001 18:52:20 -0800</example>
|
1291
|
+
<example service.version="8.11.0" sendmail.config.version="8.9.3" sendmail.vendor.version="8.9.3-21" host.name="foo.bar" system.time="Sun, 29 Jul 2001 19:51:00 -0700">foo.bar ESMTP Sendmail 8.11.0/8.9.3/Debian 8.9.3-21; Sun, 29 Jul 2001 19:51:00 -0700</example>
|
1289
1292
|
<param pos="0" name="service.vendor" value="Sendmail"/>
|
1290
1293
|
<param pos="0" name="service.family" value="Sendmail"/>
|
1291
1294
|
<param pos="0" name="service.product" value="Sendmail"/>
|
@@ -1302,10 +1305,10 @@
|
|
1302
1305
|
<param pos="5" name="system.time"/>
|
1303
1306
|
</fingerprint>
|
1304
1307
|
|
1305
|
-
<fingerprint pattern="^([^ ]
|
1308
|
+
<fingerprint pattern="^([^ ]{1,512}) ESMTP Sendmail ([^/]+)/([^/]+)/Debian-\d\+(?:wheezy|deb7u)\d; (.+);">
|
1306
1309
|
<description>Sendmail - Debian 7.x (wheezy)</description>
|
1307
|
-
<example service.version="8.14.4">foo.bar ESMTP Sendmail 8.14.4/8.14.4/Debian-4+wheezy1; Thu, 30 Nov 2017 10:33:05 +0100; (No UCE/UBE) logging access from: xyz.foo.bar(OK)-xyz.foo.bar [10.0.0.1]</example>
|
1308
|
-
<example service.version="8.14.4">foo.bar ESMTP Sendmail 8.14.4/8.14.4/Debian-4+deb7u1; Thu, 30 Nov 2017 11:00:33 +0100; (No UCE/UBE) logging access from: xyz.foo.bar(OK)-xyz.foo.bar [10.0.0.1]</example>
|
1310
|
+
<example host.name="foo.bar" service.version="8.14.4" sendmail.config.version="8.14.4" system.time="Thu, 30 Nov 2017 10:33:05 +0100">foo.bar ESMTP Sendmail 8.14.4/8.14.4/Debian-4+wheezy1; Thu, 30 Nov 2017 10:33:05 +0100; (No UCE/UBE) logging access from: xyz.foo.bar(OK)-xyz.foo.bar [10.0.0.1]</example>
|
1311
|
+
<example service.version="8.14.4" host.name="foo.bar" sendmail.config.version="8.14.4" system.time="Thu, 30 Nov 2017 11:00:33 +0100">foo.bar ESMTP Sendmail 8.14.4/8.14.4/Debian-4+deb7u1; Thu, 30 Nov 2017 11:00:33 +0100; (No UCE/UBE) logging access from: xyz.foo.bar(OK)-xyz.foo.bar [10.0.0.1]</example>
|
1309
1312
|
<param pos="0" name="service.vendor" value="Sendmail"/>
|
1310
1313
|
<param pos="0" name="service.family" value="Sendmail"/>
|
1311
1314
|
<param pos="0" name="service.product" value="Sendmail"/>
|
@@ -1322,9 +1325,9 @@
|
|
1322
1325
|
<param pos="4" name="system.time"/>
|
1323
1326
|
</fingerprint>
|
1324
1327
|
|
1325
|
-
<fingerprint pattern="^([^ ]
|
1328
|
+
<fingerprint pattern="^([^ ]{1,512}) ESMTP Sendmail ([^/]+)/([^/]+)/Debian-\d\+deb8u\d; (.+);">
|
1326
1329
|
<description>Sendmail - Debian 8.x (jessie)</description>
|
1327
|
-
<example service.version="8.14.4">foo.bar ESMTP Sendmail 8.14.4/8.14.4/Debian-8+deb8u2; Thu, 30 Nov 2017 10:25:48 +0100; (No UCE/UBE) logging access from: xyz.foo.bar(OK)-xyz.foo.bar [10.0.0.1]</example>
|
1330
|
+
<example service.version="8.14.4" host.name="foo.bar" sendmail.config.version="8.14.4" system.time="Thu, 30 Nov 2017 10:25:48 +0100">foo.bar ESMTP Sendmail 8.14.4/8.14.4/Debian-8+deb8u2; Thu, 30 Nov 2017 10:25:48 +0100; (No UCE/UBE) logging access from: xyz.foo.bar(OK)-xyz.foo.bar [10.0.0.1]</example>
|
1328
1331
|
<param pos="0" name="service.vendor" value="Sendmail"/>
|
1329
1332
|
<param pos="0" name="service.family" value="Sendmail"/>
|
1330
1333
|
<param pos="0" name="service.product" value="Sendmail"/>
|
@@ -1341,9 +1344,9 @@
|
|
1341
1344
|
<param pos="4" name="system.time"/>
|
1342
1345
|
</fingerprint>
|
1343
1346
|
|
1344
|
-
<fingerprint pattern="^([^ ]
|
1347
|
+
<fingerprint pattern="^([^ ]{1,512}) ESMTP Sendmail ([^/]+)/([^/]+)/Debian-\d\+deb9u1; (.+);">
|
1345
1348
|
<description>Sendmail - Debian 9.1 (stretch)</description>
|
1346
|
-
<example service.version="8.15.2">foo.bar ESMTP Sendmail 8.15.2/8.15.2/Debian-8+deb9u1; Thu, 29 Apr 2021 06:45:02 +0200; (No UCE/UBE) logging access from: xyz.foo.bar(OK)-xyz.foo.bar [10.0.0.1]</example>
|
1349
|
+
<example host.name="foo.bar" service.version="8.15.2" sendmail.config.version="8.15.2" system.time="Thu, 29 Apr 2021 06:45:02 +0200">foo.bar ESMTP Sendmail 8.15.2/8.15.2/Debian-8+deb9u1; Thu, 29 Apr 2021 06:45:02 +0200; (No UCE/UBE) logging access from: xyz.foo.bar(OK)-xyz.foo.bar [10.0.0.1]</example>
|
1347
1350
|
<param pos="0" name="service.vendor" value="Sendmail"/>
|
1348
1351
|
<param pos="0" name="service.family" value="Sendmail"/>
|
1349
1352
|
<param pos="0" name="service.product" value="Sendmail"/>
|
@@ -1360,9 +1363,9 @@
|
|
1360
1363
|
<param pos="4" name="system.time"/>
|
1361
1364
|
</fingerprint>
|
1362
1365
|
|
1363
|
-
<fingerprint pattern="^([^ ]
|
1366
|
+
<fingerprint pattern="^([^ ]{1,512}) ESMTP Sendmail ([^/]+)/([^/]+)/Debian-\d\+lenny\d; (.+);">
|
1364
1367
|
<description>Sendmail - Debian 5.x (lenny)</description>
|
1365
|
-
<example service.version="8.14.3">foo.bar ESMTP Sendmail 8.14.3/8.14.3/Debian-5+lenny1; Thu, 30 Nov 2017 12:29:40 +0300; (No UCE/UBE) logging access from: xyz.foo.bar(OK)-xyz.foo.bar [10.0.0.1]</example>
|
1368
|
+
<example service.version="8.14.3" host.name="foo.bar" sendmail.config.version="8.14.3" system.time="Thu, 30 Nov 2017 12:29:40 +0300">foo.bar ESMTP Sendmail 8.14.3/8.14.3/Debian-5+lenny1; Thu, 30 Nov 2017 12:29:40 +0300; (No UCE/UBE) logging access from: xyz.foo.bar(OK)-xyz.foo.bar [10.0.0.1]</example>
|
1366
1369
|
<param pos="0" name="service.vendor" value="Sendmail"/>
|
1367
1370
|
<param pos="0" name="service.family" value="Sendmail"/>
|
1368
1371
|
<param pos="0" name="service.product" value="Sendmail"/>
|
@@ -1379,9 +1382,9 @@
|
|
1379
1382
|
<param pos="4" name="system.time"/>
|
1380
1383
|
</fingerprint>
|
1381
1384
|
|
1382
|
-
<fingerprint pattern="^([^ ]
|
1385
|
+
<fingerprint pattern="^([^ ]{1,512}) ESMTP Sendmail ([^/]+)/([^/]+)/Debian-\d\+etch\d; (.+);">
|
1383
1386
|
<description>Sendmail - Debian 4.x (etch)</description>
|
1384
|
-
<example service.version="8.13.8" sendmail.config.version="8.13.8">foo.bar ESMTP Sendmail 8.13.8/8.13.8/Debian-3+etch1; Thu, 30 Nov 2017 10:28:23 +0100; (No UCE/UBE) logging access from: xyz.foo.bar(OK)-xyz.foo.bar [10.0.0.1]</example>
|
1387
|
+
<example service.version="8.13.8" sendmail.config.version="8.13.8" host.name="foo.bar" system.time="Thu, 30 Nov 2017 10:28:23 +0100">foo.bar ESMTP Sendmail 8.13.8/8.13.8/Debian-3+etch1; Thu, 30 Nov 2017 10:28:23 +0100; (No UCE/UBE) logging access from: xyz.foo.bar(OK)-xyz.foo.bar [10.0.0.1]</example>
|
1385
1388
|
<param pos="0" name="service.vendor" value="Sendmail"/>
|
1386
1389
|
<param pos="0" name="service.family" value="Sendmail"/>
|
1387
1390
|
<param pos="0" name="service.product" value="Sendmail"/>
|
@@ -1398,9 +1401,9 @@
|
|
1398
1401
|
<param pos="4" name="system.time"/>
|
1399
1402
|
</fingerprint>
|
1400
1403
|
|
1401
|
-
<fingerprint pattern="^([^ ]
|
1404
|
+
<fingerprint pattern="^([^ ]{1,512}) ESMTP Sendmail ([^/]+)/([^/]+)/Debian-\dsarge\d; (.+);">
|
1402
1405
|
<description>Sendmail - Debian 3.1 (sarge)</description>
|
1403
|
-
<example service.version="8.13.4">foo.bar ESMTP Sendmail 8.13.4/8.13.4/Debian-3sarge1; Thu, 30 Nov 2017 10:55:47 +0100; (No UCE/UBE) logging access from: xyz.foo.bar(OK)-xyz.foo.bar [10.0.0.1]</example>
|
1406
|
+
<example service.version="8.13.4" host.name="foo.bar" sendmail.config.version="8.13.4" system.time="Thu, 30 Nov 2017 10:55:47 +0100">foo.bar ESMTP Sendmail 8.13.4/8.13.4/Debian-3sarge1; Thu, 30 Nov 2017 10:55:47 +0100; (No UCE/UBE) logging access from: xyz.foo.bar(OK)-xyz.foo.bar [10.0.0.1]</example>
|
1404
1407
|
<param pos="0" name="service.vendor" value="Sendmail"/>
|
1405
1408
|
<param pos="0" name="service.family" value="Sendmail"/>
|
1406
1409
|
<param pos="0" name="service.product" value="Sendmail"/>
|
@@ -1417,11 +1420,11 @@
|
|
1417
1420
|
<param pos="4" name="system.time"/>
|
1418
1421
|
</fingerprint>
|
1419
1422
|
|
1420
|
-
<fingerprint pattern="^([^ ]
|
1423
|
+
<fingerprint pattern="^([^ ]{1,512}) ESMTP Sendmail ([^/]+)/([^/]+)/Debian-\d(?:\.\d)?(?:build\d)?;+ (.+);">
|
1421
1424
|
<description>Sendmail - Debian patch only</description>
|
1422
|
-
<example service.version="8.15.2">foo.bar ESMTP Sendmail 8.15.2/8.15.2/Debian-3; Thu, 30 Nov 2017 10:55:50 +0200; (No UCE/UBE) logging access from: xyz.foo.bar(OK)-xyz.foo.bar [10.0.0.1]</example>
|
1423
|
-
<example service.version="8.14.3">foo.bar ESMTP Sendmail 8.14.3/8.14.3/Debian-9.4; Thu, 30 Nov 2017 10:11:54 +0100; (No UCE/UBE) logging access from: xyz.foo.bar(OK)-xyz.foo.bar [10.0.0.1]</example>
|
1424
|
-
<example service.version="8.14.2">foo.bar ESMTP Sendmail 8.14.2/8.14.2/Debian-2build1; Thu, 30 Nov 2017 04:09:50 -0600; (No UCE/UBE) logging access from: xyz.foo.bar(OK)-xyz.foo.bar [10.0.0.1]</example>
|
1425
|
+
<example service.version="8.15.2" host.name="foo.bar" sendmail.config.version="8.15.2" system.time="Thu, 30 Nov 2017 10:55:50 +0200">foo.bar ESMTP Sendmail 8.15.2/8.15.2/Debian-3; Thu, 30 Nov 2017 10:55:50 +0200; (No UCE/UBE) logging access from: xyz.foo.bar(OK)-xyz.foo.bar [10.0.0.1]</example>
|
1426
|
+
<example service.version="8.14.3" host.name="foo.bar" sendmail.config.version="8.14.3" system.time="Thu, 30 Nov 2017 10:11:54 +0100">foo.bar ESMTP Sendmail 8.14.3/8.14.3/Debian-9.4; Thu, 30 Nov 2017 10:11:54 +0100; (No UCE/UBE) logging access from: xyz.foo.bar(OK)-xyz.foo.bar [10.0.0.1]</example>
|
1427
|
+
<example service.version="8.14.2" host.name="foo.bar" sendmail.config.version="8.14.2" system.time="Thu, 30 Nov 2017 04:09:50 -0600">foo.bar ESMTP Sendmail 8.14.2/8.14.2/Debian-2build1; Thu, 30 Nov 2017 04:09:50 -0600; (No UCE/UBE) logging access from: xyz.foo.bar(OK)-xyz.foo.bar [10.0.0.1]</example>
|
1425
1428
|
<param pos="0" name="service.vendor" value="Sendmail"/>
|
1426
1429
|
<param pos="0" name="service.family" value="Sendmail"/>
|
1427
1430
|
<param pos="0" name="service.product" value="Sendmail"/>
|
@@ -1437,10 +1440,10 @@
|
|
1437
1440
|
<param pos="4" name="system.time"/>
|
1438
1441
|
</fingerprint>
|
1439
1442
|
|
1440
|
-
<fingerprint pattern="^([^ ]
|
1443
|
+
<fingerprint pattern="^([^ ]{1,512}) ESMTP Sendmail ([^/]+)/[^/]+/Debian-[\d.]+ubuntu[^ ]*; (.+);">
|
1441
1444
|
<description>Sendmail - Ubuntu</description>
|
1442
|
-
<example service.version="8.13.5.20060308">foo.bar ESMTP Sendmail 8.13.5.20060308/8.13.5/Debian-3ubuntu1.1; Fri, 24 Jul 2009 01:41:21 -0700; (No UCE/UBE) logging access from: xyz.foo.bar(OK)-xyz.foo.bar [10.0.0.1]</example>
|
1443
|
-
<example service.version="8.14.4">foo.bar ESMTP Sendmail 8.14.4/8.14.4/Debian-4.1ubuntu1; Thu, 30 Nov 2017 11:00:30 +0100; (No UCE/UBE) logging access from: xyz.foo.bar(OK)-xyz.foo.bar [10.0.0.1]</example>
|
1445
|
+
<example service.version="8.13.5.20060308" host.name="foo.bar" system.time="Fri, 24 Jul 2009 01:41:21 -0700">foo.bar ESMTP Sendmail 8.13.5.20060308/8.13.5/Debian-3ubuntu1.1; Fri, 24 Jul 2009 01:41:21 -0700; (No UCE/UBE) logging access from: xyz.foo.bar(OK)-xyz.foo.bar [10.0.0.1]</example>
|
1446
|
+
<example service.version="8.14.4" host.name="foo.bar" system.time="Thu, 30 Nov 2017 11:00:30 +0100">foo.bar ESMTP Sendmail 8.14.4/8.14.4/Debian-4.1ubuntu1; Thu, 30 Nov 2017 11:00:30 +0100; (No UCE/UBE) logging access from: xyz.foo.bar(OK)-xyz.foo.bar [10.0.0.1]</example>
|
1444
1447
|
<param pos="0" name="service.vendor" value="Sendmail"/>
|
1445
1448
|
<param pos="0" name="service.family" value="Sendmail"/>
|
1446
1449
|
<param pos="0" name="service.product" value="Sendmail"/>
|
@@ -1455,9 +1458,9 @@
|
|
1455
1458
|
<param pos="3" name="system.time"/>
|
1456
1459
|
</fingerprint>
|
1457
1460
|
|
1458
|
-
<fingerprint pattern="^([^ ]
|
1461
|
+
<fingerprint pattern="^([^ ]{1,512}) (?:E?SMTP )?Sendmail SMI-([^/]+)/(SMI-SVR4) ready at (.+)$">
|
1459
1462
|
<description>Sendmail - Solaris (SMI variant)</description>
|
1460
|
-
<example>foo.bar Sendmail SMI-8.6/SMI-SVR4 ready at Sun, 29 Jul 2001 22:58:46 -0400</example>
|
1463
|
+
<example host.name="foo.bar" service.version="8.6" sendmail.config.version="SMI-SVR4" system.time="Sun, 29 Jul 2001 22:58:46 -0400">foo.bar Sendmail SMI-8.6/SMI-SVR4 ready at Sun, 29 Jul 2001 22:58:46 -0400</example>
|
1461
1464
|
<param pos="0" name="service.vendor" value="Sendmail"/>
|
1462
1465
|
<param pos="0" name="service.family" value="Sendmail"/>
|
1463
1466
|
<param pos="0" name="service.product" value="Sendmail"/>
|
@@ -1473,9 +1476,9 @@
|
|
1473
1476
|
<param pos="4" name="system.time"/>
|
1474
1477
|
</fingerprint>
|
1475
1478
|
|
1476
|
-
<fingerprint pattern="^([^ ]
|
1479
|
+
<fingerprint pattern="^([^ ]{1,512}) ESMTP Sendmail ([^ ]+)/(linuxconf); (.+)$">
|
1477
1480
|
<description>Sendmail - unknown platform (linuxconf variant)</description>
|
1478
|
-
<example>foo.bar ESMTP Sendmail 8.9.3/linuxconf; Sun, 29 Jul 2001 22:48:28 -0400</example>
|
1481
|
+
<example host.name="foo.bar" service.version="8.9.3" sendmail.config.version="linuxconf" system.time="Sun, 29 Jul 2001 22:48:28 -0400">foo.bar ESMTP Sendmail 8.9.3/linuxconf; Sun, 29 Jul 2001 22:48:28 -0400</example>
|
1479
1482
|
<param pos="0" name="service.vendor" value="Sendmail"/>
|
1480
1483
|
<param pos="0" name="service.family" value="Sendmail"/>
|
1481
1484
|
<param pos="0" name="service.product" value="Sendmail"/>
|
@@ -1489,9 +1492,9 @@
|
|
1489
1492
|
<param pos="4" name="system.time"/>
|
1490
1493
|
</fingerprint>
|
1491
1494
|
|
1492
|
-
<fingerprint pattern="^([^ ]
|
1495
|
+
<fingerprint pattern="^([^ ]{1,512}) ESMTP MetaInfo Sendmail ([^ ]+) Build ([^ ]+) \(Berkeley ([^ ]+)\)/([^;]+); (.+)$">
|
1493
1496
|
<description>Sendmail - MetaInfo</description>
|
1494
|
-
<example host.name="foo.bar" service.version="8.8.6">foo.bar ESMTP MetaInfo Sendmail 2.5 Build 2630 (Berkeley 8.8.6)/8.8.4; Mon, 30 Jul</example>
|
1497
|
+
<example host.name="foo.bar" service.version="8.8.6" metainfo.version="2.5" metainfo.version.version="2630" sendmail.config.version="8.8.4" system.time="Mon, 30 Jul">foo.bar ESMTP MetaInfo Sendmail 2.5 Build 2630 (Berkeley 8.8.6)/8.8.4; Mon, 30 Jul</example>
|
1495
1498
|
<param pos="0" name="service.vendor" value="MetaInfo"/>
|
1496
1499
|
<param pos="0" name="service.family" value="Sendmail"/>
|
1497
1500
|
<param pos="0" name="service.product" value="Sendmail"/>
|
@@ -1508,14 +1511,14 @@
|
|
1508
1511
|
<param pos="6" name="system.time"/>
|
1509
1512
|
</fingerprint>
|
1510
1513
|
|
1511
|
-
<fingerprint pattern="^([^ ]
|
1514
|
+
<fingerprint pattern="^([^ ]{1,512}) +ESMTP .*Sendmail +([^/ ]+) */ *([^/ ]+); *((?:\w\w\w, \d+ \w\w\w \d\d\d\d [\d:]+ [-+]\d\d\d\d)?)(?: \(.+\))?$">
|
1512
1515
|
<description>Sendmail - optional timezone and timestamp, w/o OS</description>
|
1513
1516
|
<example host.name="foo.bar" service.version="8.9.3+3.4W" sendmail.config.version="8.9.3+3.4W" system.time="Tue, 30 Jan 2001 20:40:09 -0500">foo.bar ESMTP Sendmail 8.9.3+3.4W/8.9.3+3.4W; Tue, 30 Jan 2001 20:40:09 -0500 (EST)</example>
|
1514
1517
|
<example host.name="foo.bar" service.version="8.12.10" sendmail.config.version="8.12.10">foo.bar ESMTP Sendmail 8.12.10/8.12.10;</example>
|
1515
|
-
<example host.name="foo.bar" service.version="8.8.8" sendmail.config.version="8.8.9">foo.bar ESMTP Sendmail 8.8.8/8.8.9; Wed, 21 Nov 2001 23:39:07 +0100 (CET)</example>
|
1516
|
-
<example host.name="foo.bar" service.version="8.8.8" sendmail.config.version="8.8.9">foo.bar ESMTP blah Sendmail 8.8.8/8.8.9; Wed, 21 Nov 2001 23:39:07 +0100 (CET)</example>
|
1517
|
-
<example host.name="foo.bar" service.version="8.10.2" sendmail.config.version="8.10.3">foo.bar ESMTP Sendmail 8.10.2/8.10.3; Mon, 10 Sep 2001 08:37:14 -0400</example>
|
1518
|
-
<example host.name="foo.bar" service.version="8.13.8" sendmail.config.version="8.13.9">foo.bar ESMTP foo-MTA Sendmail 8.13.8/8.13.9; Mon, 18 Apr 2011 08:52:38 -0700</example>
|
1518
|
+
<example host.name="foo.bar" service.version="8.8.8" sendmail.config.version="8.8.9" system.time="Wed, 21 Nov 2001 23:39:07 +0100">foo.bar ESMTP Sendmail 8.8.8/8.8.9; Wed, 21 Nov 2001 23:39:07 +0100 (CET)</example>
|
1519
|
+
<example host.name="foo.bar" service.version="8.8.8" sendmail.config.version="8.8.9" system.time="Wed, 21 Nov 2001 23:39:07 +0100">foo.bar ESMTP blah Sendmail 8.8.8/8.8.9; Wed, 21 Nov 2001 23:39:07 +0100 (CET)</example>
|
1520
|
+
<example host.name="foo.bar" service.version="8.10.2" sendmail.config.version="8.10.3" system.time="Mon, 10 Sep 2001 08:37:14 -0400">foo.bar ESMTP Sendmail 8.10.2/8.10.3; Mon, 10 Sep 2001 08:37:14 -0400</example>
|
1521
|
+
<example host.name="foo.bar" service.version="8.13.8" sendmail.config.version="8.13.9" system.time="Mon, 18 Apr 2011 08:52:38 -0700">foo.bar ESMTP foo-MTA Sendmail 8.13.8/8.13.9; Mon, 18 Apr 2011 08:52:38 -0700</example>
|
1519
1522
|
<param pos="0" name="service.vendor" value="Sendmail"/>
|
1520
1523
|
<param pos="0" name="service.product" value="Sendmail"/>
|
1521
1524
|
<param pos="0" name="system.time.format" value="EEE, d MMM yyyy HH:mm:ss Z"/>
|
@@ -1526,7 +1529,7 @@
|
|
1526
1529
|
<param pos="4" name="system.time"/>
|
1527
1530
|
</fingerprint>
|
1528
1531
|
|
1529
|
-
<fingerprint pattern="^([^ ]
|
1532
|
+
<fingerprint pattern="^([^ ]{1,512}) +ESMTP .*Sendmail +([^/ ]+) */ *([^/ ]+); *(\w\w\w, \d+ \w\w\w \d\d\d\d [\d:]+ \w+)\.?$">
|
1530
1533
|
<description>Sendmail - with timezone and timestamp, w/o timezone offset or OS</description>
|
1531
1534
|
<example host.name="foo.bar" service.version="8.14.4" sendmail.config.version="8.14.4" system.time="Thu, 5 Apr 2018 19:30:58 GMT">foo.bar ESMTP Sendmail 8.14.4/8.14.4; Thu, 5 Apr 2018 19:30:58 GMT</example>
|
1532
1535
|
<param pos="0" name="service.vendor" value="Sendmail"/>
|
@@ -1539,7 +1542,7 @@
|
|
1539
1542
|
<param pos="4" name="system.time"/>
|
1540
1543
|
</fingerprint>
|
1541
1544
|
|
1542
|
-
<fingerprint pattern="^([^ ]
|
1545
|
+
<fingerprint pattern="^([^ ]{1,512}) +ESMTP +Sendmail ([^ ]+) ready at *(\w\w\w, \d+ \w\w\w \d\d\d\d [\d:]+ [-+]\d\d\d\d)(?: \(.+\))$">
|
1543
1546
|
<description>Sendmail - with version and date (optional timezone), w/o config version</description>
|
1544
1547
|
<example host.name="foo.bar" service.version="8.8.8" system.time="Tue, 6 Feb 2001 14:37:14 +0100">foo.bar ESMTP Sendmail 8.8.8 ready at Tue, 6 Feb 2001 14:37:14 +0100 (CET)</example>
|
1545
1548
|
<param pos="0" name="service.vendor" value="Sendmail"/>
|
@@ -1552,9 +1555,9 @@
|
|
1552
1555
|
<param pos="3" name="system.time"/>
|
1553
1556
|
</fingerprint>
|
1554
1557
|
|
1555
|
-
<fingerprint pattern="^([^ ]
|
1558
|
+
<fingerprint pattern="^([^ ]{1,512}) +ESMTP +Sendmail ([^ /]+) - \([^\)]+\)/[^ ]+;? *(\w\w\w, \d+ \w\w\w \d\d\d\d [\d:]+ [-+]\d\d\d\d)(?: \(.+\)) *$">
|
1556
1559
|
<description>Sendmail - revision variant 1</description>
|
1557
|
-
<example>foo.foo.bar ESMTP Sendmail 8.11.1 - (Revision 1.010)/8.9.3; Sat, 22 Jan 2011 10:08:35 -0500 (EST)</example>
|
1560
|
+
<example host.name="foo.foo.bar" service.version="8.11.1" system.time="Sat, 22 Jan 2011 10:08:35 -0500">foo.foo.bar ESMTP Sendmail 8.11.1 - (Revision 1.010)/8.9.3; Sat, 22 Jan 2011 10:08:35 -0500 (EST)</example>
|
1558
1561
|
<param pos="0" name="service.vendor" value="Sendmail"/>
|
1559
1562
|
<param pos="0" name="service.family" value="Sendmail"/>
|
1560
1563
|
<param pos="0" name="service.product" value="Sendmail"/>
|
@@ -1565,9 +1568,9 @@
|
|
1565
1568
|
<param pos="3" name="system.time"/>
|
1566
1569
|
</fingerprint>
|
1567
1570
|
|
1568
|
-
<fingerprint pattern="^([^ ]
|
1571
|
+
<fingerprint pattern="^([^ ]{1,512}) +ESMTP +Sendmail +(?:[^ ]+) +version +([^ ]+) +- +(?:[^;]+); *(\w\w\w, \d+ \w\w\w \d\d\d\d [\d:]+ [-+]\d\d\d\d)(?: \(.+\)) *$">
|
1569
1572
|
<description>Sendmail - revision variant 2</description>
|
1570
|
-
<example>foo.foo.bar ESMTP Sendmail @(#)Sendmail version 8.13.3 - Revision 2.007 - 8 December 2008/8.8.6; Wed, 21 Jul 2010 11:17:01 -0400 (EDT)</example>
|
1573
|
+
<example host.name="foo.foo.bar" service.version="8.13.3" system.time="Wed, 21 Jul 2010 11:17:01 -0400">foo.foo.bar ESMTP Sendmail @(#)Sendmail version 8.13.3 - Revision 2.007 - 8 December 2008/8.8.6; Wed, 21 Jul 2010 11:17:01 -0400 (EDT)</example>
|
1571
1574
|
<param pos="0" name="service.vendor" value="Sendmail"/>
|
1572
1575
|
<param pos="0" name="service.family" value="Sendmail"/>
|
1573
1576
|
<param pos="0" name="service.product" value="Sendmail"/>
|
@@ -1578,13 +1581,13 @@
|
|
1578
1581
|
<param pos="3" name="system.time"/>
|
1579
1582
|
</fingerprint>
|
1580
1583
|
|
1581
|
-
<fingerprint pattern="
|
1584
|
+
<fingerprint pattern="(?i)^([^ ]{1,512}) {1,8}(?:ESMTP +)?Sendmail *(?: Ready.? ?)?(?:;|at)? ?((?:\w\w\w, \d+ \w\w\w \d\d\d\d [\d:]+ [-+]\d\d\d\d)?)(?: \(.+\))?$">
|
1582
1585
|
<description>Sendmail - with date, w/o version or platform, optional status string.</description>
|
1583
|
-
<example host.name="foo.bar">foo.bar ESMTP Sendmail ; Thu, 30 Nov 2017 17:50:14 +0900</example>
|
1584
|
-
<example host.name="foo.bar">foo.bar ESMTP Sendmail; Thu, 30 Nov 2017 17:50:14 +0900</example>
|
1586
|
+
<example host.name="foo.bar" system.time="Thu, 30 Nov 2017 17:50:14 +0900">foo.bar ESMTP Sendmail ; Thu, 30 Nov 2017 17:50:14 +0900</example>
|
1587
|
+
<example host.name="foo.bar" system.time="Thu, 30 Nov 2017 17:50:14 +0900">foo.bar ESMTP Sendmail; Thu, 30 Nov 2017 17:50:14 +0900</example>
|
1585
1588
|
<example host.name="foo.bar" system.time="Wed, 20 May 2015 17:17:56 -0600">foo.bar ESMTP Sendmail Wed, 20 May 2015 17:17:56 -0600</example>
|
1586
1589
|
<example host.name="foo.bar" system.time="Thu, 30 Nov 2017 10:24:14 +0100">foo.bar ESMTP Sendmail Ready; Thu, 30 Nov 2017 10:24:14 +0100</example>
|
1587
|
-
<example host.name="foo.bar">foo.bar ESMTP Sendmail ready at Fri, 6 Apr 2018 04:57:01 +0900</example>
|
1590
|
+
<example host.name="foo.bar" system.time="Fri, 6 Apr 2018 04:57:01 +0900">foo.bar ESMTP Sendmail ready at Fri, 6 Apr 2018 04:57:01 +0900</example>
|
1588
1591
|
<example host.name="foo.bar">foo.bar ESMTP Sendmail ready</example>
|
1589
1592
|
<example host.name="foo.bar">foo.bar ESMTP Sendmail ready. </example>
|
1590
1593
|
<example host.name="foo.bar">foo.bar ESMTP Sendmail</example>
|
@@ -1612,9 +1615,9 @@
|
|
1612
1615
|
<param pos="3" name="system.time"/>
|
1613
1616
|
</fingerprint>
|
1614
1617
|
|
1615
|
-
<fingerprint pattern="^([^ ]
|
1618
|
+
<fingerprint pattern="^([^ ]{1,512}) +ESMTP +Sendmail ([^ /]+) \([^\)]+\) *(.+) \(.+\)$">
|
1616
1619
|
<description>Sendmail - unknown (date in version string variant)</description>
|
1617
|
-
<example>mail.foo.bar ESMTP Sendmail 8.11.1 (1.1.2.11/12Jul01-1016AM) Wed, 8 Jan 2003 11:21:22 +0100 (MET)</example>
|
1620
|
+
<example host.name="mail.foo.bar" service.version="8.11.1" system.time="Wed, 8 Jan 2003 11:21:22 +0100">mail.foo.bar ESMTP Sendmail 8.11.1 (1.1.2.11/12Jul01-1016AM) Wed, 8 Jan 2003 11:21:22 +0100 (MET)</example>
|
1618
1621
|
<param pos="0" name="service.vendor" value="Sendmail"/>
|
1619
1622
|
<param pos="0" name="service.family" value="Sendmail"/>
|
1620
1623
|
<param pos="0" name="service.product" value="Sendmail"/>
|
@@ -1627,7 +1630,7 @@
|
|
1627
1630
|
|
1628
1631
|
<!-- *Sendmail* fingerprints after this line had NO matches in 2017.11.30 Project Sonar data set-->
|
1629
1632
|
|
1630
|
-
<fingerprint pattern="^([^ ]
|
1633
|
+
<fingerprint pattern="^([^ ]{1,512}) Sendmail ([^;]+); ([^;\.]+)$">
|
1631
1634
|
<description>Sendmail - unknown platform, variant 1</description>
|
1632
1635
|
<param pos="0" name="service.vendor" value="Sendmail"/>
|
1633
1636
|
<param pos="0" name="service.family" value="Sendmail"/>
|
@@ -1650,7 +1653,7 @@
|
|
1650
1653
|
<param pos="3" name="host.name"/>
|
1651
1654
|
</fingerprint>
|
1652
1655
|
|
1653
|
-
<fingerprint pattern="^([^ ]
|
1656
|
+
<fingerprint pattern="^([^ ]{1,512}) -- Server ESMTP \(Sun Internet Mail Server sims\.(\d\.[\w.]+)\)$">
|
1654
1657
|
<description>Sun Internet Mail Server</description>
|
1655
1658
|
<example host.name="foo.bar" service.version="4.0.2000.10.12.16.25.p8">foo.bar -- Server ESMTP (Sun Internet Mail Server sims.4.0.2000.10.12.16.25.p8)</example>
|
1656
1659
|
<param pos="0" name="service.vendor" value="Sun"/>
|
@@ -1664,12 +1667,12 @@
|
|
1664
1667
|
<param pos="2" name="service.version"/>
|
1665
1668
|
</fingerprint>
|
1666
1669
|
|
1667
|
-
<fingerprint pattern="^(?:2.0.0 )?([^ ]
|
1670
|
+
<fingerprint pattern="^(?:2.0.0 )?([^ ]{1,512}) ESMTP ecelerity (\d\.[\d.]+) r\(([^)]+)\) (\w\w\w, \d+ \w\w\w \d\d\d\d [\d:]+ [-+]\d\d\d\d) *$">
|
1668
1671
|
<description>Ecelerity</description>
|
1669
|
-
<example host.name="foo.bar" system.time="Thu, 30 Nov 2017 05:11:00 -0500">2.0.0 foo.bar ESMTP ecelerity 4.0.0.43760 r(Platform:4.0.0.1) Thu, 30 Nov 2017 05:11:00 -0500</example>
|
1670
|
-
<example>foo.bar ESMTP ecelerity 3.3.1.44388 r(44388) Thu, 30 Nov 2017 03:10:11 -0700</example>
|
1671
|
-
<example>foo.bar ESMTP ecelerity 3.6.25.56547 r(Core:3.6.25.0) Thu, 30 Nov 2017 03:17:07 -0600</example>
|
1672
|
-
<example service.version="4.2.37.61980" service.component.version=":">foo.bar ESMTP ecelerity 4.2.37.61980 r(:) Thu, 30 Nov 2017 09:58:54 +0000</example>
|
1672
|
+
<example host.name="foo.bar" system.time="Thu, 30 Nov 2017 05:11:00 -0500" service.version="4.0.0.43760" service.component.version="Platform:4.0.0.1">2.0.0 foo.bar ESMTP ecelerity 4.0.0.43760 r(Platform:4.0.0.1) Thu, 30 Nov 2017 05:11:00 -0500</example>
|
1673
|
+
<example host.name="foo.bar" service.version="3.3.1.44388" service.component.version="44388" system.time="Thu, 30 Nov 2017 03:10:11 -0700">foo.bar ESMTP ecelerity 3.3.1.44388 r(44388) Thu, 30 Nov 2017 03:10:11 -0700</example>
|
1674
|
+
<example host.name="foo.bar" service.version="3.6.25.56547" service.component.version="Core:3.6.25.0" system.time="Thu, 30 Nov 2017 03:17:07 -0600">foo.bar ESMTP ecelerity 3.6.25.56547 r(Core:3.6.25.0) Thu, 30 Nov 2017 03:17:07 -0600</example>
|
1675
|
+
<example service.version="4.2.37.61980" service.component.version=":" host.name="foo.bar" system.time="Thu, 30 Nov 2017 09:58:54 +0000">foo.bar ESMTP ecelerity 4.2.37.61980 r(:) Thu, 30 Nov 2017 09:58:54 +0000</example>
|
1673
1676
|
<param pos="0" name="service.vendor" value="Ecelerity"/>
|
1674
1677
|
<param pos="0" name="service.family" value="Ecelerity Mail Server"/>
|
1675
1678
|
<param pos="0" name="service.product" value="Ecelerity Mail Server"/>
|
@@ -1680,11 +1683,11 @@
|
|
1680
1683
|
<param pos="4" name="system.time"/>
|
1681
1684
|
</fingerprint>
|
1682
1685
|
|
1683
|
-
<fingerprint pattern="
|
1686
|
+
<fingerprint pattern="(?i)^([^ ]{1,512}) SMTP Server SLMail v?(\d\.[\d.]+) Ready ESMTP spoken here *$">
|
1684
1687
|
<description>Seattle Labs SLMail server for Windows NT/2k (v2.7 runs on Win9x)</description>
|
1685
|
-
<example service.version="2.7">foo.bar Smtp Server SLMail v2.7 Ready ESMTP spoken here</example>
|
1686
|
-
<example service.version="3.2.3113">foo.bar SMTP Server SLmail 3.2.3113 Ready ESMTP spoken here</example>
|
1687
|
-
<example service.version="5.5.0.4433">foo.bar SMTP Server SLmail 5.5.0.4433 Ready ESMTP spoken here</example>
|
1688
|
+
<example service.version="2.7" host.name="foo.bar">foo.bar Smtp Server SLMail v2.7 Ready ESMTP spoken here</example>
|
1689
|
+
<example service.version="3.2.3113" host.name="foo.bar">foo.bar SMTP Server SLmail 3.2.3113 Ready ESMTP spoken here</example>
|
1690
|
+
<example service.version="5.5.0.4433" host.name="foo.bar">foo.bar SMTP Server SLmail 5.5.0.4433 Ready ESMTP spoken here</example>
|
1688
1691
|
<param pos="0" name="service.vendor" value="Seattle Labs"/>
|
1689
1692
|
<param pos="0" name="service.family" value="SLMail"/>
|
1690
1693
|
<param pos="0" name="service.product" value="SLMail"/>
|
@@ -1692,7 +1695,7 @@
|
|
1692
1695
|
<param pos="2" name="service.version"/>
|
1693
1696
|
</fingerprint>
|
1694
1697
|
|
1695
|
-
<fingerprint pattern="^([^ ]
|
1698
|
+
<fingerprint pattern="^([^ ]{1,512}) +ESMTP Symantec Mail Security$">
|
1696
1699
|
<description>Symantec Mail Security for SMTP</description>
|
1697
1700
|
<example host.name="foo.bar">foo.bar ESMTP Symantec Mail Security</example>
|
1698
1701
|
<param pos="0" name="service.vendor" value="Symantec"/>
|
@@ -1701,7 +1704,7 @@
|
|
1701
1704
|
<param pos="1" name="host.name"/>
|
1702
1705
|
</fingerprint>
|
1703
1706
|
|
1704
|
-
<fingerprint pattern="^([^ ]
|
1707
|
+
<fingerprint pattern="^([^ ]{1,512}) ESMTP Symantec Messaging Gateway$">
|
1705
1708
|
<description>Symantec Mail Gateway</description>
|
1706
1709
|
<example host.name="foo.bar">foo.bar ESMTP Symantec Messaging Gateway</example>
|
1707
1710
|
<param pos="0" name="service.vendor" value="Symantec"/>
|
@@ -1712,7 +1715,7 @@
|
|
1712
1715
|
|
1713
1716
|
<!-- SonicWall makes hardware, virtual appliances, and Windows software. The banner doesn't indicate which. -->
|
1714
1717
|
|
1715
|
-
<fingerprint pattern="
|
1718
|
+
<fingerprint pattern="(?i)^([^ ]{1,512}) ESMTP SonicWALL \(([\d.]+)\)$">
|
1716
1719
|
<description>SonicWall Email Security</description>
|
1717
1720
|
<example host.name="foo.bar" service.version="9.0.5.2077">foo.bar ESMTP SonicWALL (9.0.5.2077)</example>
|
1718
1721
|
<example host.name="foo.bar" service.version="9.1.1.3113">foo.bar ESMTP SonicWall (9.1.1.3113)</example>
|
@@ -1721,9 +1724,10 @@
|
|
1721
1724
|
<param pos="0" name="service.product" value="Email Security"/>
|
1722
1725
|
<param pos="1" name="host.name"/>
|
1723
1726
|
<param pos="2" name="service.version"/>
|
1727
|
+
<param pos="0" name="service.cpe23" value="cpe:/a:sonicwall:email_security:{service.version}"/>
|
1724
1728
|
</fingerprint>
|
1725
1729
|
|
1726
|
-
<fingerprint pattern="^([^ ]
|
1730
|
+
<fingerprint pattern="^([^ ]{1,512}) \(PowerMTA\(TM\) v([\d.r]+)\) ESMTP service ready$">
|
1727
1731
|
<description>PowerMTA</description>
|
1728
1732
|
<example host.name="foo.bar" service.version="3.2r24">foo.bar (PowerMTA(TM) v3.2r24) ESMTP service ready</example>
|
1729
1733
|
<param pos="0" name="service.vendor" value="port25"/>
|
@@ -1733,7 +1737,7 @@
|
|
1733
1737
|
<param pos="2" name="service.version"/>
|
1734
1738
|
</fingerprint>
|
1735
1739
|
|
1736
|
-
<fingerprint pattern="^([^ ]
|
1740
|
+
<fingerprint pattern="^([^ ]{1,512}) +VOPmail ESMTP Receiver Version (\d\.[\d.]+) Ready$">
|
1737
1741
|
<description>VOPMail http://www.vircom.com/en/products/vopmail/vopmail.shtml</description>
|
1738
1742
|
<example host.name="foo.bar" service.version="4.0.179.0">foo.bar VOPmail ESMTP Receiver Version 4.0.179.0 Ready</example>
|
1739
1743
|
<param pos="0" name="service.vendor" value="Vircom"/>
|
@@ -1743,20 +1747,20 @@
|
|
1743
1747
|
<param pos="2" name="service.version"/>
|
1744
1748
|
</fingerprint>
|
1745
1749
|
|
1746
|
-
<fingerprint pattern="^([^ ]
|
1750
|
+
<fingerprint pattern="^([^ ]{1,512}) VPOP3 E?SMTP Server (?:Ready|access not allowed!)$">
|
1747
1751
|
<description>VPOP3 Email server: http://www.pscs.co.uk/products/vpop3/index.html</description>
|
1748
|
-
<example>foo.bar VPOP3 ESMTP Server Ready</example>
|
1749
|
-
<example>foo.bar VPOP3 SMTP Server Ready</example>
|
1750
|
-
<example>foo.bar VPOP3 SMTP Server access not allowed!</example>
|
1752
|
+
<example host.name="foo.bar">foo.bar VPOP3 ESMTP Server Ready</example>
|
1753
|
+
<example host.name="foo.bar">foo.bar VPOP3 SMTP Server Ready</example>
|
1754
|
+
<example host.name="foo.bar">foo.bar VPOP3 SMTP Server access not allowed!</example>
|
1751
1755
|
<param pos="0" name="service.vendor" value="Paul Smith Computer Services"/>
|
1752
1756
|
<param pos="0" name="service.family" value="VPOP3"/>
|
1753
1757
|
<param pos="0" name="service.product" value="VPOP3"/>
|
1754
1758
|
<param pos="1" name="host.name"/>
|
1755
1759
|
</fingerprint>
|
1756
1760
|
|
1757
|
-
<fingerprint pattern="^([^ ]
|
1761
|
+
<fingerprint pattern="^([^ ]{1,512}) WebShield SMTP V([^ ]+\.[^ ]+) ([^ ]+)? ?Network Associates.*Ready at (.+) *$">
|
1758
1762
|
<description>McAfee WebShield</description>
|
1759
|
-
<example host.name="foo.bar" service.version="4.5" service.version.version="MR1a">foo.bar WebShield SMTP V4.5 MR1a Network Associates, Inc. Ready at Thu Nov 30 09:15:32 2017</example>
|
1763
|
+
<example host.name="foo.bar" service.version="4.5" service.version.version="MR1a" system.time="Thu Nov 30 09:15:32 2017">foo.bar WebShield SMTP V4.5 MR1a Network Associates, Inc. Ready at Thu Nov 30 09:15:32 2017</example>
|
1760
1764
|
<example host.name="foo.bar" service.version="4.5" system.time="Thu Nov 30 09:15:32 2017">foo.bar WebShield SMTP V4.5 Network Associates, Inc. Ready at Thu Nov 30 09:15:32 2017</example>
|
1761
1765
|
<param pos="0" name="service.vendor" value="McAfee"/>
|
1762
1766
|
<param pos="0" name="service.family" value="WebShield"/>
|
@@ -1769,7 +1773,7 @@
|
|
1769
1773
|
<param pos="4" name="system.time"/>
|
1770
1774
|
</fingerprint>
|
1771
1775
|
|
1772
|
-
<fingerprint pattern="^([^ ]
|
1776
|
+
<fingerprint pattern="^([^ ]{1,512}) McAfee WebShield ASaP v([^ ]+\.[^ ]+\.[^ ]+): (.+) *$">
|
1773
1777
|
<description>McAfee Webshield ASaP (bundled hardware / software)</description>
|
1774
1778
|
<example host.name="foo.bar" service.version="1.0.1" system.time="Sun, 29 Jul 2001 22:46:18 -0700">foo.bar McAfee WebShield ASaP v1.0.1: Sun, 29 Jul 2001 22:46:18 -0700</example>
|
1775
1779
|
<param pos="0" name="service.vendor" value="McAfee"/>
|
@@ -1785,7 +1789,7 @@
|
|
1785
1789
|
<param pos="3" name="system.time"/>
|
1786
1790
|
</fingerprint>
|
1787
1791
|
|
1788
|
-
<fingerprint pattern="^([^ ]
|
1792
|
+
<fingerprint pattern="^([^ ]{1,512}) McAfee VirusScreen ASaP v([^ ]+\.[^ ]+): (.+) *$">
|
1789
1793
|
<description>McAfee VirusScreen</description>
|
1790
1794
|
<example host.name="foo.bar" service.version="1.1" system.time="Sun, 20 Jul 2003 09:20:52 -0700">foo.bar McAfee VirusScreen ASaP v1.1: Sun, 20 Jul 2003 09:20:52 -0700</example>
|
1791
1795
|
<param pos="0" name="service.vendor" value="McAfee"/>
|
@@ -1801,7 +1805,7 @@
|
|
1801
1805
|
<param pos="3" name="system.time"/>
|
1802
1806
|
</fingerprint>
|
1803
1807
|
|
1804
|
-
<fingerprint pattern="^([^ ]
|
1808
|
+
<fingerprint pattern="^([^ ]{1,512}) ESMTP Lyris ListManager service ready$">
|
1805
1809
|
<description>Lyris ListManager</description>
|
1806
1810
|
<example host.name="foo.bar">foo.bar ESMTP Lyris ListManager service ready</example>
|
1807
1811
|
<param pos="0" name="service.vendor" value="Lyris"/>
|
@@ -1810,7 +1814,7 @@
|
|
1810
1814
|
<param pos="1" name="host.name"/>
|
1811
1815
|
</fingerprint>
|
1812
1816
|
|
1813
|
-
<fingerprint pattern="^([^ ]
|
1817
|
+
<fingerprint pattern="^([^ ]{1,512}) ESMTP - WinRoute Pro ([^ ]+\.[^ ]+)$">
|
1814
1818
|
<description>WinRoute Pro, runs on 9x/NT/2k http://www.tinysoftware.com/winpro.php</description>
|
1815
1819
|
<example host.name="foo.bar" service.version="4.2.4">foo.bar ESMTP - WinRoute Pro 4.2.4</example>
|
1816
1820
|
<param pos="0" name="service.family" value="WinRoute"/>
|
@@ -1821,7 +1825,7 @@
|
|
1821
1825
|
|
1822
1826
|
<fingerprint pattern="^ESMTP - WinRoute Pro ([^ ]+\.[^ ]+) *(?: #\d)? ?.?((?:\w\w\w, \d+ \w\w\w \d\d\d\d [\d:]+ [-+]\d\d\d\d)?)$">
|
1823
1827
|
<description>WinRoute Pro w/o hostname</description>
|
1824
|
-
<example service.version="4.2.1">ESMTP - WinRoute Pro 4.2.1 Thu, 16 Nov 2017 11:48:15 +0300</example>
|
1828
|
+
<example service.version="4.2.1" system.time="Thu, 16 Nov 2017 11:48:15 +0300">ESMTP - WinRoute Pro 4.2.1 Thu, 16 Nov 2017 11:48:15 +0300</example>
|
1825
1829
|
<param pos="0" name="service.family" value="WinRoute"/>
|
1826
1830
|
<param pos="0" name="service.product" value="WinRoute"/>
|
1827
1831
|
<param pos="0" name="system.time.format" value="EEE, dd MMM yyyy HH:mm:ss Z"/>
|
@@ -1829,9 +1833,9 @@
|
|
1829
1833
|
<param pos="2" name="system.time"/>
|
1830
1834
|
</fingerprint>
|
1831
1835
|
|
1832
|
-
<fingerprint pattern="^([^ ]
|
1836
|
+
<fingerprint pattern="^([^ ]{1,512}) ZMailer Server (\d\.[\d.]+) #([^ ]+) ESMTP ready at (.+) *$">
|
1833
1837
|
<description>ZMailer http://www.zmailer.org/technical.html</description>
|
1834
|
-
<example service.version="2.99.57" service.version.version="1">foo.bar ZMailer Server 2.99.57 #1 ESMTP ready at Thu, 16 Nov 2017 12:00:12 +0300</example>
|
1838
|
+
<example service.version="2.99.57" service.version.version="1" host.name="foo.bar" system.time="Thu, 16 Nov 2017 12:00:12 +0300">foo.bar ZMailer Server 2.99.57 #1 ESMTP ready at Thu, 16 Nov 2017 12:00:12 +0300</example>
|
1835
1839
|
<param pos="0" name="service.vendor" value="ZMailer"/>
|
1836
1840
|
<param pos="0" name="service.family" value="ZMailer"/>
|
1837
1841
|
<param pos="0" name="service.product" value="ZMailer"/>
|
@@ -1842,9 +1846,9 @@
|
|
1842
1846
|
<param pos="4" name="system.time"/>
|
1843
1847
|
</fingerprint>
|
1844
1848
|
|
1845
|
-
<fingerprint pattern="^([^ ]
|
1849
|
+
<fingerprint pattern="^([^ ]{1,512}) ZMailer Server (\d\.[\d.]+) #([^ ]+) ESMTP\+IDENT ready at (.+) *$">
|
1846
1850
|
<description>ZMailer server that supports IDENT</description>
|
1847
|
-
<example service.version="2.99.55" service.version.version="16">foo.bar ZMailer Server 2.99.55 #16 ESMTP+IDENT ready at Thu, 16 Nov 2017 06:51:42 -0300</example>
|
1851
|
+
<example service.version="2.99.55" service.version.version="16" host.name="foo.bar" system.time="Thu, 16 Nov 2017 06:51:42 -0300">foo.bar ZMailer Server 2.99.55 #16 ESMTP+IDENT ready at Thu, 16 Nov 2017 06:51:42 -0300</example>
|
1848
1852
|
<param pos="0" name="service.vendor" value="ZMailer"/>
|
1849
1853
|
<param pos="0" name="service.family" value="ZMailer"/>
|
1850
1854
|
<param pos="0" name="service.product" value="ZMailer"/>
|
@@ -1856,10 +1860,10 @@
|
|
1856
1860
|
<param pos="4" name="system.time"/>
|
1857
1861
|
</fingerprint>
|
1858
1862
|
|
1859
|
-
<fingerprint pattern="^([^ ]
|
1863
|
+
<fingerprint pattern="^([^ ]{1,512}) Kerio Connect (\d\.[\d.]+) (?:patch (\d) )?ESMTP ready$">
|
1860
1864
|
<description>Kerio Connect ESMTP</description>
|
1861
1865
|
<example host.name="foo.bar" service.version="8.0.2">foo.bar Kerio Connect 8.0.2 ESMTP ready</example>
|
1862
|
-
<example service.version="9.2.5" service.version.version="3">foo.bar Kerio Connect 9.2.5 patch 3 ESMTP ready</example>
|
1866
|
+
<example service.version="9.2.5" service.version.version="3" host.name="foo.bar">foo.bar Kerio Connect 9.2.5 patch 3 ESMTP ready</example>
|
1863
1867
|
<param pos="0" name="service.vendor" value="Kerio"/>
|
1864
1868
|
<param pos="0" name="service.family" value="Connect"/>
|
1865
1869
|
<param pos="0" name="service.product" value="ESMTP"/>
|
@@ -1868,7 +1872,7 @@
|
|
1868
1872
|
<param pos="3" name="service.version.version"/>
|
1869
1873
|
</fingerprint>
|
1870
1874
|
|
1871
|
-
<fingerprint pattern="^([^ ]
|
1875
|
+
<fingerprint pattern="^([^ ]{1,512}) ESMTP CommuniGate Pro (\d\.[\w.]+)(?:. It is you again :-\()?$">
|
1872
1876
|
<description>Communigate Pro</description>
|
1873
1877
|
<example host.name="foo.bar" service.version="5.3.1">foo.bar ESMTP CommuniGate Pro 5.3.1</example>
|
1874
1878
|
<example host.name="foo.bar" service.version="6.2c3">foo.bar ESMTP CommuniGate Pro 6.2c3</example>
|
@@ -1881,7 +1885,7 @@
|
|
1881
1885
|
<param pos="0" name="service.cpe23" value="cpe:/a:communigate:communigate_pro:{service.version}"/>
|
1882
1886
|
</fingerprint>
|
1883
1887
|
|
1884
|
-
<fingerprint pattern="^(\S
|
1888
|
+
<fingerprint pattern="^(\S{1,512}) NO UCE NO UBE NO RELAY PROBES ESMTP">
|
1885
1889
|
<description>Twisted SMTP server</description>
|
1886
1890
|
<example host.name="foo.bar">foo.bar NO UCE NO UBE NO RELAY PROBES ESMTP</example>
|
1887
1891
|
<param pos="0" name="service.vendor" value="Twisted Matrix Labs"/>
|
@@ -1909,9 +1913,9 @@
|
|
1909
1913
|
<param pos="1" name="service.version"/>
|
1910
1914
|
</fingerprint>
|
1911
1915
|
|
1912
|
-
<fingerprint pattern="^([^ ]
|
1916
|
+
<fingerprint pattern="^([^ ]{1,512}) Service ready by David.fx \((\d+)\) ESMTP Server \(Tobit.Software, Germany\)$">
|
1913
1917
|
<description>Tobit Software David</description>
|
1914
|
-
<example service.version="0486">foo.bar Service ready by David.fx (0486) ESMTP Server (Tobit.Software, Germany)</example>
|
1918
|
+
<example service.version="0486" host.name="foo.bar">foo.bar Service ready by David.fx (0486) ESMTP Server (Tobit.Software, Germany)</example>
|
1915
1919
|
<param pos="0" name="service.vendor" value="Tobit Software"/>
|
1916
1920
|
<param pos="0" name="service.family" value="David"/>
|
1917
1921
|
<param pos="0" name="service.product" value="ESMTP"/>
|
@@ -1919,14 +1923,14 @@
|
|
1919
1923
|
<param pos="2" name="service.version"/>
|
1920
1924
|
</fingerprint>
|
1921
1925
|
|
1922
|
-
<fingerprint pattern="
|
1926
|
+
<fingerprint pattern="(?i)^(\S{1,512}) E?SMTP Perl">
|
1923
1927
|
<description>Some simple PERL SMTP server</description>
|
1924
1928
|
<example host.name="foo.bar">foo.bar ESMTP Perl</example>
|
1925
1929
|
<param pos="0" name="service.product" value="Perl"/>
|
1926
1930
|
<param pos="1" name="host.name"/>
|
1927
1931
|
</fingerprint>
|
1928
1932
|
|
1929
|
-
<fingerprint pattern="
|
1933
|
+
<fingerprint pattern="(?i)^(?:([^ ]{1,512}) )?E?SMTP(?: (?:Service )?Ready\.?)?$">
|
1930
1934
|
<description>Non-specific banner with optional hostname</description>
|
1931
1935
|
<example host.name="foo.bar">foo.bar ESMTP</example>
|
1932
1936
|
<example host.name="foo.bar">foo.bar ESMTP Ready</example>
|
@@ -1938,7 +1942,7 @@
|
|
1938
1942
|
<param pos="1" name="host.name"/>
|
1939
1943
|
</fingerprint>
|
1940
1944
|
|
1941
|
-
<fingerprint pattern="^([^ ]
|
1945
|
+
<fingerprint pattern="^([^ ]{1,512}) ESMTP OpenSMTPD$">
|
1942
1946
|
<description>OpenSMPTD</description>
|
1943
1947
|
<example host.name="foo.bar">foo.bar ESMTP OpenSMTPD</example>
|
1944
1948
|
<param pos="0" name="service.vendor" value="OpenBSD"/>
|