recog 2.3.20 → 2.3.23
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/.github/dependabot.yml +8 -0
- data/.github/workflows/ci.yml +1 -1
- data/.github/workflows/verify.yml +89 -0
- data/.vscode/bin/monitor-recog-fingerprints.sh +54 -0
- data/.vscode/extensions.json +5 -0
- data/.vscode/settings.json +8 -0
- data/.vscode/tasks.json +77 -0
- data/CONTRIBUTING.md +8 -0
- data/README.md +17 -0
- data/bin/recog_standardize +28 -13
- data/bin/recog_verify +42 -8
- data/cpe-remap.yaml +62 -3
- data/features/data/schema_failure.xml +4 -0
- data/features/data/tests_with_failures.xml +6 -0
- data/features/support/hooks.rb +9 -0
- data/features/verify.feature +85 -21
- data/identifiers/fields.txt +6 -5
- data/identifiers/hw_device.txt +8 -0
- data/identifiers/hw_family.txt +8 -0
- data/identifiers/hw_product.txt +54 -0
- data/identifiers/os_device.txt +2 -0
- data/identifiers/os_family.txt +2 -0
- data/identifiers/os_product.txt +18 -2
- data/identifiers/service_product.txt +26 -0
- data/identifiers/vendor.txt +62 -1
- data/lib/recog/db.rb +2 -1
- data/lib/recog/fingerprint.rb +33 -6
- data/lib/recog/fingerprint_parse_error.rb +10 -0
- data/lib/recog/nizer.rb +1 -82
- data/lib/recog/verifier.rb +9 -9
- data/lib/recog/verify_reporter.rb +17 -6
- data/lib/recog/version.rb +1 -1
- data/requirements.txt +1 -1
- data/spec/data/external_example_fingerprint/hp_printer_ex_01.txt +1 -0
- data/spec/data/external_example_fingerprint/hp_printer_ex_02.txt +1 -0
- data/spec/data/external_example_fingerprint.xml +8 -0
- data/spec/data/external_example_illegal_path_fingerprint.xml +7 -0
- data/spec/lib/fingerprint_self_test_spec.rb +1 -0
- data/spec/lib/recog/db_spec.rb +84 -61
- data/spec/lib/recog/fingerprint_spec.rb +4 -4
- data/spec/lib/recog/verify_reporter_spec.rb +73 -4
- data/tools/dev/hooks/pre-commit +21 -0
- data/update_cpes.py +130 -37
- data/xml/apache_os.xml +98 -56
- data/xml/architecture.xml +15 -1
- data/xml/dhcp_vendor_class.xml +206 -0
- data/xml/dns_versionbind.xml +26 -13
- data/xml/favicons.xml +236 -47
- data/xml/fingerprints.xsd +9 -1
- data/xml/ftp_banners.xml +213 -197
- data/xml/h323_callresp.xml +101 -101
- data/xml/hp_pjl_id.xml +84 -84
- data/xml/html_title.xml +715 -45
- data/xml/http_cookies.xml +143 -80
- data/xml/http_servers.xml +510 -310
- data/xml/http_wwwauth.xml +177 -75
- data/xml/imap_banners.xml +10 -10
- data/xml/mdns_device-info_txt.xml +421 -26
- data/xml/mysql_banners.xml +3 -2
- data/xml/nntp_banners.xml +12 -9
- data/xml/ntp_banners.xml +97 -97
- data/xml/operating_system.xml +98 -83
- data/xml/pop_banners.xml +27 -27
- data/xml/rsh_resp.xml +3 -3
- data/xml/sip_banners.xml +46 -8
- data/xml/sip_user_agents.xml +180 -27
- data/xml/smb_native_lm.xml +5 -5
- data/xml/smb_native_os.xml +28 -25
- data/xml/smtp_banners.xml +258 -254
- data/xml/smtp_ehlo.xml +1 -1
- data/xml/smtp_help.xml +11 -11
- data/xml/smtp_noop.xml +2 -2
- data/xml/snmp_sysdescr.xml +1554 -1429
- data/xml/snmp_sysobjid.xml +27 -27
- data/xml/ssh_banners.xml +27 -20
- data/xml/telnet_banners.xml +256 -57
- data/xml/tls_jarm.xml +48 -6
- data/xml/x11_banners.xml +3 -3
- data/xml/x509_issuers.xml +69 -2
- data/xml/x509_subjects.xml +144 -33
- metadata +24 -4
- data/lib/recog/verifier_factory.rb +0 -13
data/xml/smtp_banners.xml
CHANGED
@@ -23,7 +23,7 @@
|
|
23
23
|
|
24
24
|
<fingerprint pattern="^X1 NT-ESMTP Server ([^ ]+) \(IMail (\d+\.[^ ]+) EVAL \d+-\d+\)$">
|
25
25
|
<description>IMail - EVAL version</description>
|
26
|
-
<example service.version="6.06">X1 NT-ESMTP Server foo.bar (IMail 6.06 EVAL 11347-1)</example>
|
26
|
+
<example service.version="6.06" host.name="foo.bar">X1 NT-ESMTP Server foo.bar (IMail 6.06 EVAL 11347-1)</example>
|
27
27
|
<param pos="0" name="service.vendor" value="Ipswitch"/>
|
28
28
|
<param pos="0" name="service.family" value="IMail Server"/>
|
29
29
|
<param pos="0" name="service.product" value="IMail Server"/>
|
@@ -35,7 +35,7 @@
|
|
35
35
|
|
36
36
|
<fingerprint pattern="^X1 NT-ESMTP Server ([^ ]+) \(IMail (\d+\.[^ ]+) \d+-\d+\)$">
|
37
37
|
<description>IMail - non-EVAL version</description>
|
38
|
-
<example service.version="6.06">X1 NT-ESMTP Server foo.bar (IMail 6.06 899085-1)</example>
|
38
|
+
<example service.version="6.06" host.name="foo.bar">X1 NT-ESMTP Server foo.bar (IMail 6.06 899085-1)</example>
|
39
39
|
<param pos="0" name="service.vendor" value="Ipswitch"/>
|
40
40
|
<param pos="0" name="service.family" value="IMail Server"/>
|
41
41
|
<param pos="0" name="service.product" value="IMail Server"/>
|
@@ -44,9 +44,9 @@
|
|
44
44
|
<param pos="1" name="host.name"/>
|
45
45
|
</fingerprint>
|
46
46
|
|
47
|
-
<fingerprint pattern="^([^ ]
|
47
|
+
<fingerprint pattern="^([^ ]{1,512}) \(IMail (\d+\.[^ ]+) \d+-\d+\) NT-ESMTP Server X1$">
|
48
48
|
<description>IMail - non-EVAL version, NT-ESMTP at end</description>
|
49
|
-
<example service.version="12.4.2.27">foo.bar (IMail 12.4.2.27 21349-1) NT-ESMTP Server X1</example>
|
49
|
+
<example host.name="foo.bar" service.version="12.4.2.27">foo.bar (IMail 12.4.2.27 21349-1) NT-ESMTP Server X1</example>
|
50
50
|
<param pos="0" name="service.vendor" value="Ipswitch"/>
|
51
51
|
<param pos="0" name="service.family" value="IMail Server"/>
|
52
52
|
<param pos="0" name="service.product" value="IMail Server"/>
|
@@ -55,7 +55,7 @@
|
|
55
55
|
<param pos="1" name="host.name"/>
|
56
56
|
</fingerprint>
|
57
57
|
|
58
|
-
<fingerprint pattern="^([^ ]
|
58
|
+
<fingerprint pattern="^([^ ]{1,512}) SMTP AnalogX Proxy ([^ ]+\.[^ ]+) \(Release\) ready *$">
|
59
59
|
<description>AnalogX proxy (http://www.analogx.com/contents/download/network/proxy.htm)</description>
|
60
60
|
<example host.name="192.168.1.1" service.version="4.15">192.168.1.1 SMTP AnalogX Proxy 4.15 (Release) ready</example>
|
61
61
|
<param pos="0" name="service.vendor" value="AnalogX"/>
|
@@ -80,7 +80,7 @@
|
|
80
80
|
<param pos="0" name="service.cpe23" value="cpe:/a:argosoft:mail_server:{service.version}"/>
|
81
81
|
</fingerprint>
|
82
82
|
|
83
|
-
<fingerprint pattern="
|
83
|
+
<fingerprint pattern="^(?:(\S{1,512}) {1,8})?ArGoSoft Mail Server Freeware, Version [^ ]+ \(([^ ]+\.[^ ]+\.[^ ]+\.[^ ]+)\) *$">
|
84
84
|
<description>ArGoSoft Mail Server - freeware version</description>
|
85
85
|
<example host.name="foo.bar" service.version="1.8.8.8">foo.bar ArGoSoft Mail Server Freeware, Version 1.8 (1.8.8.8)</example>
|
86
86
|
<example service.version="1.8.8.8">ArGoSoft Mail Server Freeware, Version 1.8 (1.8.8.8)</example>
|
@@ -96,7 +96,7 @@
|
|
96
96
|
<param pos="1" name="host.name"/>
|
97
97
|
</fingerprint>
|
98
98
|
|
99
|
-
<fingerprint pattern="^(?:(\S
|
99
|
+
<fingerprint pattern="^(?:(\S{1,512}) {1,8})?ArGoSoft Mail Server Pro for WinNT\/2000(?:\/XP)?, Version [^ ]+ \(([^ ]+\.[^ ]+\.[^ ]+\.[^ ]+)\) *$">
|
100
100
|
<description>ArGoSoft Mail Server - Pro version</description>
|
101
101
|
<example service.version="1.6.1.8">ArGoSoft Mail Server Pro for WinNT/2000, Version 1.61 (1.6.1.8)</example>
|
102
102
|
<example service.version="1.8.9.5">ArGoSoft Mail Server Pro for WinNT/2000/XP, Version 1.8 (1.8.9.5)</example>
|
@@ -113,10 +113,10 @@
|
|
113
113
|
<param pos="0" name="service.cpe23" value="cpe:/a:argosoft:mail_server:{service.version}"/>
|
114
114
|
</fingerprint>
|
115
115
|
|
116
|
-
<fingerprint pattern="^([^ ]
|
116
|
+
<fingerprint pattern="^([^ ]{1,512}) +AppleShare IP Mail Server ([^ ]+\.[\d.]+) SMTP Server Ready *$">
|
117
117
|
<description>AppleShare IP Mail Server</description>
|
118
|
-
<example service.version="6.2.1">foo.bar AppleShare IP Mail Server 6.2.1 SMTP Server Ready</example>
|
119
|
-
<example service.version="6.2">foo.bar AppleShare IP Mail Server 6.2 SMTP Server Ready</example>
|
118
|
+
<example service.version="6.2.1" host.name="foo.bar">foo.bar AppleShare IP Mail Server 6.2.1 SMTP Server Ready</example>
|
119
|
+
<example service.version="6.2" host.name="foo.bar">foo.bar AppleShare IP Mail Server 6.2 SMTP Server Ready</example>
|
120
120
|
<param pos="0" name="service.vendor" value="Apple"/>
|
121
121
|
<param pos="0" name="service.family" value="AppleShare IP Mail Server"/>
|
122
122
|
<param pos="0" name="service.product" value="AppleShare IP Mail Server"/>
|
@@ -162,7 +162,7 @@
|
|
162
162
|
Search Cisco's documentation for "fixup protocol SMTP" for more information.
|
163
163
|
-->
|
164
164
|
|
165
|
-
<fingerprint pattern="^[\*20 ]
|
165
|
+
<fingerprint pattern="^[\*20 ]{1,1000}$">
|
166
166
|
<description>Cisco PIX firewall MailGuard banner stripping</description>
|
167
167
|
<example os.product="PIX">***************************</example>
|
168
168
|
<param pos="0" name="os.vendor" value="Cisco"/>
|
@@ -171,7 +171,7 @@
|
|
171
171
|
<param pos="0" name="os.cpe23" value="cpe:/o:cisco:pix_firewall_software:-"/>
|
172
172
|
</fingerprint>
|
173
173
|
|
174
|
-
<fingerprint pattern="^([^ ]
|
174
|
+
<fingerprint pattern="^([^ ]{1,512}) +ESMTP CPMTA-([^ ]+)_([^ ]+)_([^ ]+)_([^ ]+) - NO UCE *$">
|
175
175
|
<description>Critical Path (aka InScribe) Messaging Server on Windows NT4/2k, Solaris 2.6/2.7/2.8 Sparc/Intel, SGI IRIX 6.5.3 or later, or AIX </description>
|
176
176
|
<param pos="0" name="service.vendor" value="Critical Path"/>
|
177
177
|
<param pos="0" name="service.family" value="Messaging Server"/>
|
@@ -192,7 +192,7 @@
|
|
192
192
|
<param pos="0" name="service.product" value="Internet Mail Scanner"/>
|
193
193
|
</fingerprint>
|
194
194
|
|
195
|
-
<fingerprint pattern="^([^ ]
|
195
|
+
<fingerprint pattern="^([^ ]{1,512}) +IMS SMTP Receiver Version ([^ ]+\.[^ ]+) Ready *$">
|
196
196
|
<description>EMWAC Internet Mail Services (http://emwac.ed.ac.uk/html/internet_toolchest/ims/ims.htm)</description>
|
197
197
|
<example service.version="0.83" host.name="foo.bar">foo.bar IMS SMTP Receiver Version 0.83 Ready</example>
|
198
198
|
<param pos="0" name="service.vendor" value="EMWAC"/>
|
@@ -202,7 +202,7 @@
|
|
202
202
|
<param pos="2" name="service.version"/>
|
203
203
|
</fingerprint>
|
204
204
|
|
205
|
-
<fingerprint pattern="^([^ ]
|
205
|
+
<fingerprint pattern="^([^ ]{1,512}) running Eudora Internet Mail Server (\d\.[\d.]+) *$">
|
206
206
|
<description>Eudora Internet Mail Server</description>
|
207
207
|
<example service.version="3.0.2" host.name="foo.bar">foo.bar running Eudora Internet Mail Server 3.0.2</example>
|
208
208
|
<example service.version="2.2" host.name="foo.bar">foo.bar running Eudora Internet Mail Server 2.2</example>
|
@@ -212,12 +212,12 @@
|
|
212
212
|
<param pos="0" name="os.vendor" value="Apple"/>
|
213
213
|
<param pos="0" name="os.family" value="Mac OS"/>
|
214
214
|
<param pos="0" name="os.product" value="Mac OS"/>
|
215
|
-
<param pos="0" name="os.cpe23" value="cpe:/o:apple:
|
215
|
+
<param pos="0" name="os.cpe23" value="cpe:/o:apple:macos:-"/>
|
216
216
|
<param pos="1" name="host.name"/>
|
217
217
|
<param pos="2" name="service.version"/>
|
218
218
|
</fingerprint>
|
219
219
|
|
220
|
-
<fingerprint pattern="^([^ ]
|
220
|
+
<fingerprint pattern="^([^ ]{1,512}) +ESMTP Server \(Microsoft Exchange Internet Mail Service (\d+\.\d+\.\d+\.\d+)\) ready *$">
|
221
221
|
<description>Microsoft Exchange Server 5.5 and above (for sure, can't be confused with the IIS builtin SMTP service)</description>
|
222
222
|
<example host.name="foo.bar" service.version="5.5.2653.13">foo.bar ESMTP Server (Microsoft Exchange Internet Mail Service 5.5.2653.13) ready</example>
|
223
223
|
<param pos="0" name="service.vendor" value="Microsoft"/>
|
@@ -232,7 +232,7 @@
|
|
232
232
|
<param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows:-"/>
|
233
233
|
</fingerprint>
|
234
234
|
|
235
|
-
<fingerprint pattern="^([^ ]
|
235
|
+
<fingerprint pattern="^([^ ]{1,512}) Microsoft Exchange Internet Mail Service (\d+\.\d+\.\d+\.\d+) ready *$">
|
236
236
|
<description>Microsoft Exchange Server 5.0 (for sure, can't be confused with the IIS builtin SMTP service)</description>
|
237
237
|
<example host.name="foo.bar" service.version="5.0.1460.8">foo.bar Microsoft Exchange Internet Mail Service 5.0.1460.8 ready</example>
|
238
238
|
<param pos="0" name="service.vendor" value="Microsoft"/>
|
@@ -247,9 +247,9 @@
|
|
247
247
|
<param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows:-"/>
|
248
248
|
</fingerprint>
|
249
249
|
|
250
|
-
<fingerprint pattern="^([^ ]
|
250
|
+
<fingerprint pattern="^([^ ]{1,512}) Microsoft ESMTP MAIL Service ready at">
|
251
251
|
<description>Microsoft Exchange 2007/2010 (for sure, can't be confused with the IIS builtin SMTP service)</description>
|
252
|
-
<example>foo.bar Microsoft ESMTP MAIL Service ready at Wed, 21 Jul 2010 19:04:24 -0700</example>
|
252
|
+
<example host.name="foo.bar">foo.bar Microsoft ESMTP MAIL Service ready at Wed, 21 Jul 2010 19:04:24 -0700</example>
|
253
253
|
<param pos="0" name="service.vendor" value="Microsoft"/>
|
254
254
|
<param pos="0" name="service.family" value="Exchange Server"/>
|
255
255
|
<param pos="0" name="service.product" value="Exchange Server"/>
|
@@ -261,9 +261,10 @@
|
|
261
261
|
<param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows:-"/>
|
262
262
|
</fingerprint>
|
263
263
|
|
264
|
-
<fingerprint pattern="^(
|
264
|
+
<fingerprint pattern="^([^ ]{1,512})? ?Microsoft ESMTP MAIL Service, Version: +(10\.0\.14393\.[\d.]+) +ready +(?:at +)?(.+)$">
|
265
265
|
<description>Microsoft IIS builtin SMTP service - Windows Server 2016</description>
|
266
|
-
<example host.name="foo.bar" service.version="10.0.14393.2608">foo.bar Microsoft ESMTP MAIL Service, Version: 10.0.14393.2608 ready at Sun, 19 May 2019 09:04:29 -0500</example>
|
266
|
+
<example host.name="foo.bar" service.version="10.0.14393.2608" system.time="Sun, 19 May 2019 09:04:29 -0500">foo.bar Microsoft ESMTP MAIL Service, Version: 10.0.14393.2608 ready at Sun, 19 May 2019 09:04:29 -0500</example>
|
267
|
+
<example service.version="10.0.14393.2608" system.time="Sun, 19 May 2019 09:04:29 -0500"> Microsoft ESMTP MAIL Service, Version: 10.0.14393.2608 ready at Sun, 19 May 2019 09:04:29 -0500</example>
|
267
268
|
<param pos="0" name="service.vendor" value="Microsoft"/>
|
268
269
|
<param pos="0" name="service.family" value="IIS"/>
|
269
270
|
<param pos="0" name="service.product" value="IIS"/>
|
@@ -278,9 +279,9 @@
|
|
278
279
|
<param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows_server_2016:-"/>
|
279
280
|
</fingerprint>
|
280
281
|
|
281
|
-
<fingerprint pattern="^(
|
282
|
+
<fingerprint pattern="^([^ ]{1,512})? ?Microsoft ESMTP MAIL Service, Version: +(10\.0\.17763\.[\d.]+) +ready +(?:at +)?(.+)$">
|
282
283
|
<description>Microsoft IIS builtin SMTP service - Windows Server 2019</description>
|
283
|
-
<example host.name="foo.bar" service.version="10.0.17763.1">foo.bar Microsoft ESMTP MAIL Service, Version: 10.0.17763.1 ready at Sun, 19 May 2019 09:04:29 -0500</example>
|
284
|
+
<example host.name="foo.bar" service.version="10.0.17763.1" system.time="Sun, 19 May 2019 09:04:29 -0500">foo.bar Microsoft ESMTP MAIL Service, Version: 10.0.17763.1 ready at Sun, 19 May 2019 09:04:29 -0500</example>
|
284
285
|
<param pos="0" name="service.vendor" value="Microsoft"/>
|
285
286
|
<param pos="0" name="service.family" value="IIS"/>
|
286
287
|
<param pos="0" name="service.product" value="IIS"/>
|
@@ -295,9 +296,9 @@
|
|
295
296
|
<param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows_server_2019:-"/>
|
296
297
|
</fingerprint>
|
297
298
|
|
298
|
-
<fingerprint pattern="^([^ ]
|
299
|
+
<fingerprint pattern="^([^ ]{1,512}) Microsoft SMTP MAIL ready at (.+) Version: +(\d+\.\d+\.\d+\.\d+\.\d+) *$">
|
299
300
|
<description>Microsoft IIS builtin SMTP service, or Microsoft Exchange Server (they are differentiated from each other in smtp-iis.clp) - variant 1</description>
|
300
|
-
<example host.name="foo.bar" service.version="5.5.1877.197.19">foo.bar Microsoft SMTP MAIL ready at Wed, 29 Nov 2017 23:48:59 +0000 Version: 5.5.1877.197.19</example>
|
301
|
+
<example host.name="foo.bar" service.version="5.5.1877.197.19" system.time="Wed, 29 Nov 2017 23:48:59 +0000">foo.bar Microsoft SMTP MAIL ready at Wed, 29 Nov 2017 23:48:59 +0000 Version: 5.5.1877.197.19</example>
|
301
302
|
<param pos="0" name="service.vendor" value="Microsoft"/>
|
302
303
|
<param pos="0" name="service.family" value="IIS"/>
|
303
304
|
<param pos="0" name="service.product" value="IIS"/>
|
@@ -312,10 +313,10 @@
|
|
312
313
|
<param pos="0" name="os.cpe23" value="cpe:/o:microsoft:windows:-"/>
|
313
314
|
</fingerprint>
|
314
315
|
|
315
|
-
<fingerprint pattern="^(
|
316
|
+
<fingerprint pattern="^([^ ]{1,512})? ?Microsoft ESMTP MAIL Service, Version: +(\d+\.\d+\.\d+\.\d+)(?: +ready)?(?: +(?:at +)?(\w\w\w, \d.+))?$">
|
316
317
|
<description>Microsoft IIS builtin SMTP service, or Microsoft Exchange Server (they are differentiated from each other in smtp-iis.clp) - variant 2 </description>
|
317
|
-
<example service.version="5.0.2195.5329"> Microsoft ESMTP MAIL Service, Version: 5.0.2195.5329 ready Thu, 30 Nov 2017 11:40:25 +0200</example>
|
318
|
-
<example service.version="6.0.3790.4675" host.name="foo.bar">foo.bar Microsoft ESMTP MAIL Service, Version: 6.0.3790.4675 ready at Wed, 21 Jul 2010 19:04:24 -0700</example>
|
318
|
+
<example service.version="5.0.2195.5329" system.time="Thu, 30 Nov 2017 11:40:25 +0200"> Microsoft ESMTP MAIL Service, Version: 5.0.2195.5329 ready Thu, 30 Nov 2017 11:40:25 +0200</example>
|
319
|
+
<example service.version="6.0.3790.4675" host.name="foo.bar" system.time="Wed, 21 Jul 2010 19:04:24 -0700">foo.bar Microsoft ESMTP MAIL Service, Version: 6.0.3790.4675 ready at Wed, 21 Jul 2010 19:04:24 -0700</example>
|
319
320
|
<example service.version="6.0.2600.5512" system.time="Thu, 30 Nov 2017 18:22:40 +0900">Microsoft ESMTP MAIL Service, Version: 6.0.2600.5512 ready at Thu, 30 Nov 2017 18:22:40 +0900</example>
|
320
321
|
<example service.version="6.0.3790.3959" host.name="foo.bar">foo.bar Microsoft ESMTP MAIL Service, Version: 6.0.3790.3959 ready</example>
|
321
322
|
<example service.version="6.0.3790.1830" host.name="foo.bar">foo.bar Microsoft ESMTP MAIL Service, Version: 6.0.3790.1830</example>
|
@@ -344,19 +345,19 @@
|
|
344
345
|
<param pos="1" name="system.time"/>
|
345
346
|
</fingerprint>
|
346
347
|
|
347
|
-
<fingerprint pattern="^ ?([^, ]
|
348
|
+
<fingerprint pattern="^ ?([^, ]{1,512}),? +ESMTP \(?(?i:Exim) +(\d+\.[\d_.bdRC-]+)\)?(?: +#\d+)? ?.?((?:\w\w\w, \d+ \w\w\w \d\d\d\d [\d:]+ [-+]\d{3,4})?) *(?:We do not authorize the use of this system to transport unsolicited, and\/or bulk e-mail.)?$">
|
348
349
|
<description>Exim - with version string and optional timestamp</description>
|
349
|
-
<example service.version="4.91" host.name="foo.bar">foo.bar ESMTP Exim 4.91 Thu, 29 Apr 2021 05:41:36 +400</example>
|
350
|
+
<example service.version="4.91" host.name="foo.bar" system.time="Thu, 29 Apr 2021 05:41:36 +400">foo.bar ESMTP Exim 4.91 Thu, 29 Apr 2021 05:41:36 +400</example>
|
350
351
|
<example service.version="4.89" host.name="foo.bar">foo.bar ESMTP Exim 4.89 "</example>
|
351
352
|
<example service.version="4.83" host.name="foo.bar">foo.bar, ESMTP EXIM 4.83</example>
|
352
353
|
<example service.version="4.84_2" host.name="foo.bar">foo.bar ESMTP Exim 4.84_2 </example>
|
353
|
-
<example service.version="4.90_RC3" host.name="foo.bar">foo.bar ESMTP Exim 4.90_RC3 Thu, 30 Nov 2017 03:52:16 -0700 </example>
|
354
|
-
<example service.version="4.89_1b" host.name="foo.bar">foo.bar ESMTP Exim 4.89_1b Thu, 05 Apr 2018 21:30:37 +0200</example>
|
355
|
-
<example service.version="4.89-122312">foo.bar ESMTP Exim 4.89-122312 Thu, 16 Nov 2017 10:33:38 +0200 </example>
|
356
|
-
<example service.version="4.87">foo.bar ESMTP (Exim 4.87) Thu, 30 Nov 2017 03:25:58 -0800 </example>
|
357
|
-
<example service.version="4.80" system.time="Thu, 16 Nov 2017 01:04:30 -0800">foo.bar ESMTP Exim 4.80 Thu, 16 Nov 2017 01:04:30 -0800 </example>
|
358
|
-
<example service.version="4.92.2" system.time="Thu, 29 Apr 2021 07:43:39 +0200">foo.bar ESMTP Exim 4.92.2 #89 Thu, 29 Apr 2021 07:43:39 +0200 </example>
|
359
|
-
<example service.version="4.89" host.name="foo.bar"> foo.bar ESMTP Exim 4.89 #1 Thu, 16 Nov 2017 04:55:31 -0500 We do not authorize the use of this system to transport unsolicited, and/or bulk e-mail.</example>
|
354
|
+
<example service.version="4.90_RC3" host.name="foo.bar" system.time="Thu, 30 Nov 2017 03:52:16 -0700">foo.bar ESMTP Exim 4.90_RC3 Thu, 30 Nov 2017 03:52:16 -0700 </example>
|
355
|
+
<example service.version="4.89_1b" host.name="foo.bar" system.time="Thu, 05 Apr 2018 21:30:37 +0200">foo.bar ESMTP Exim 4.89_1b Thu, 05 Apr 2018 21:30:37 +0200</example>
|
356
|
+
<example service.version="4.89-122312" host.name="foo.bar" system.time="Thu, 16 Nov 2017 10:33:38 +0200">foo.bar ESMTP Exim 4.89-122312 Thu, 16 Nov 2017 10:33:38 +0200 </example>
|
357
|
+
<example service.version="4.87" host.name="foo.bar" system.time="Thu, 30 Nov 2017 03:25:58 -0800">foo.bar ESMTP (Exim 4.87) Thu, 30 Nov 2017 03:25:58 -0800 </example>
|
358
|
+
<example service.version="4.80" system.time="Thu, 16 Nov 2017 01:04:30 -0800" host.name="foo.bar">foo.bar ESMTP Exim 4.80 Thu, 16 Nov 2017 01:04:30 -0800 </example>
|
359
|
+
<example service.version="4.92.2" system.time="Thu, 29 Apr 2021 07:43:39 +0200" host.name="foo.bar">foo.bar ESMTP Exim 4.92.2 #89 Thu, 29 Apr 2021 07:43:39 +0200 </example>
|
360
|
+
<example service.version="4.89" host.name="foo.bar" system.time="Thu, 16 Nov 2017 04:55:31 -0500"> foo.bar ESMTP Exim 4.89 #1 Thu, 16 Nov 2017 04:55:31 -0500 We do not authorize the use of this system to transport unsolicited, and/or bulk e-mail.</example>
|
360
361
|
<param pos="0" name="service.vendor" value="exim"/>
|
361
362
|
<param pos="0" name="service.family" value="exim"/>
|
362
363
|
<param pos="0" name="service.product" value="exim"/>
|
@@ -367,9 +368,9 @@
|
|
367
368
|
<param pos="3" name="system.time"/>
|
368
369
|
</fingerprint>
|
369
370
|
|
370
|
-
<fingerprint pattern="^([^, ]
|
371
|
+
<fingerprint pattern="^([^, ]{1,512}),? ESMTP (?i:Exim) +(\d+) ((?:\w\w\w, \d+ \w\w\w \d\d\d\d [\d:]+ [-+]\d\d\d\d)?) *$">
|
371
372
|
<description>Exim - with digit only version string and optional timestamp</description>
|
372
|
-
<example service.version="125302" host.name="foo.bar">foo.bar ESMTP Exim 125302 Thu, 16 Nov 2017 04:55:11 -0500 </example>
|
373
|
+
<example service.version="125302" host.name="foo.bar" system.time="Thu, 16 Nov 2017 04:55:11 -0500">foo.bar ESMTP Exim 125302 Thu, 16 Nov 2017 04:55:11 -0500 </example>
|
373
374
|
<param pos="0" name="service.vendor" value="exim"/>
|
374
375
|
<param pos="0" name="service.family" value="exim"/>
|
375
376
|
<param pos="0" name="service.product" value="exim"/>
|
@@ -380,9 +381,9 @@
|
|
380
381
|
<param pos="3" name="system.time"/>
|
381
382
|
</fingerprint>
|
382
383
|
|
383
|
-
<fingerprint pattern="^([^, ]
|
384
|
+
<fingerprint pattern="^([^, ]{1,512}),? ESMTP (?i:Exim) +(\d+\.[\d_.]+)(?: +#\d)? Ubuntu ((?:\w\w\w, \d+ \w\w\w \d\d\d\d [\d:]+ [-+]\d\d\d\d)?) *$">
|
384
385
|
<description>Exim - with version string and optional timestamp (Ubuntu)</description>
|
385
|
-
<example service.version="4.82" system.time="Thu, 16 Nov 2017 11:30:44 +0300">foo.bar ESMTP Exim 4.82 Ubuntu Thu, 16 Nov 2017 11:30:44 +0300 </example>
|
386
|
+
<example service.version="4.82" system.time="Thu, 16 Nov 2017 11:30:44 +0300" host.name="foo.bar">foo.bar ESMTP Exim 4.82 Ubuntu Thu, 16 Nov 2017 11:30:44 +0300 </example>
|
386
387
|
<param pos="0" name="os.vendor" value="Ubuntu"/>
|
387
388
|
<param pos="0" name="os.family" value="Linux"/>
|
388
389
|
<param pos="0" name="os.product" value="Linux"/>
|
@@ -397,7 +398,7 @@
|
|
397
398
|
<param pos="3" name="system.time"/>
|
398
399
|
</fingerprint>
|
399
400
|
|
400
|
-
<fingerprint pattern="^([^, ]
|
401
|
+
<fingerprint pattern="^([^, ]{1,512}),? ESMTP (?i:Exim)(?: +#\d)? *((?:\w\w\w, \d+ \w\w\w \d\d\d\d [\d:]+ [-+]\d\d\d\d)?) *$">
|
401
402
|
<description>Exim - without version string and with optional timestamp</description>
|
402
403
|
<example host.name="foo.bar">foo.bar ESMTP Exim</example>
|
403
404
|
<example host.name="foo.bar" system.time="Thu, 16 Nov 2017 01:11:30 -0800">foo.bar ESMTP Exim Thu, 16 Nov 2017 01:11:30 -0800 </example>
|
@@ -414,8 +415,8 @@
|
|
414
415
|
<fingerprint pattern="^ ?ESMTP (?i:Exim) (\d+\.[\d_.]+)(?: +#\d)? ?.?((?:\w\w\w, \d+ \w\w\w \d\d\d\d [\d:]+ [-+]\d\d\d\d)?) *$">
|
415
416
|
<description>Exim - without hostname</description>
|
416
417
|
<example service.version="4.82" system.time="Thu, 16 Nov 2017 12:19:22 +0300">ESMTP Exim 4.82 Thu, 16 Nov 2017 12:19:22 +0300 </example>
|
417
|
-
<example service.version="4.82"> ESMTP Exim 4.82 Thu, 16 Nov 2017 11:41:41 +0300 </example>
|
418
|
-
<example service.version="4.89"> ESMTP Exim 4.89 #1 Thu, 16 Nov 2017 07:32:28 -0200 </example>
|
418
|
+
<example service.version="4.82" system.time="Thu, 16 Nov 2017 11:41:41 +0300"> ESMTP Exim 4.82 Thu, 16 Nov 2017 11:41:41 +0300 </example>
|
419
|
+
<example service.version="4.89" system.time="Thu, 16 Nov 2017 07:32:28 -0200"> ESMTP Exim 4.89 #1 Thu, 16 Nov 2017 07:32:28 -0200 </example>
|
419
420
|
<param pos="0" name="service.vendor" value="exim"/>
|
420
421
|
<param pos="0" name="service.family" value="exim"/>
|
421
422
|
<param pos="0" name="service.product" value="exim"/>
|
@@ -425,7 +426,7 @@
|
|
425
426
|
<param pos="2" name="system.time"/>
|
426
427
|
</fingerprint>
|
427
428
|
|
428
|
-
<fingerprint pattern="^ ?([^, ]
|
429
|
+
<fingerprint pattern="^ ?([^, ]{1,512}) Exim ESMTP Service ready$">
|
429
430
|
<description>Exim - with hostname </description>
|
430
431
|
<example host.name="foo.bar">foo.bar Exim ESMTP Service ready</example>
|
431
432
|
<param pos="0" name="service.vendor" value="exim"/>
|
@@ -435,7 +436,7 @@
|
|
435
436
|
<param pos="1" name="host.name"/>
|
436
437
|
</fingerprint>
|
437
438
|
|
438
|
-
<fingerprint pattern="^([\w.-]
|
439
|
+
<fingerprint pattern="^([\w.-]{1,512}) ESMTP \([a-z0-9]{32}\)$">
|
439
440
|
<description>Barracuda Email Security Gateway - physical or virtual appliance</description>
|
440
441
|
<example host.name="barracuda.foo.bar">barracuda.foo.bar ESMTP (0a8d40ef45300cc1bd0f16ced5c9e6f1)</example>
|
441
442
|
<param pos="0" name="service.vendor" value="Barracuda"/>
|
@@ -445,7 +446,7 @@
|
|
445
446
|
<param pos="1" name="host.name"/>
|
446
447
|
</fingerprint>
|
447
448
|
|
448
|
-
<fingerprint pattern="^([^ ]
|
449
|
+
<fingerprint pattern="^([^ ]{1,512}) FTGate server ready">
|
449
450
|
<description>FTGate mail server, runs on Windows 9x/NT/2k (http://www.ftgate.com)</description>
|
450
451
|
<example host.name="foo.bar">foo.bar FTGate server ready -attitude [C.o.r.E]</example>
|
451
452
|
<param pos="0" name="service.vendor" value="Floosietek"/>
|
@@ -454,7 +455,7 @@
|
|
454
455
|
<param pos="1" name="host.name"/>
|
455
456
|
</fingerprint>
|
456
457
|
|
457
|
-
<fingerprint pattern="^([^ ]
|
458
|
+
<fingerprint pattern="^([^ ]{1,512}) +SMTP/smap Ready\.$">
|
458
459
|
<description>TIS FWTK and derivatives (other firewalls, like Gauntlet, are derived from TIS)</description>
|
459
460
|
<example host.name="foo.bar">foo.bar SMTP/smap Ready.</example>
|
460
461
|
<param pos="0" name="service.vendor" value="TIS"/>
|
@@ -463,9 +464,9 @@
|
|
463
464
|
<param pos="1" name="host.name"/>
|
464
465
|
</fingerprint>
|
465
466
|
|
466
|
-
<fingerprint pattern="^([^ ]
|
467
|
+
<fingerprint pattern="^([^ ]{1,512}) GroupWise Internet Agent ([^ ]+\.[^ ]+\.[^ ]+) Ready \(C\).* Novell, Inc\. *$">
|
467
468
|
<description>Novell GroupWise Internet Agent - versions 5 and higher</description>
|
468
|
-
<example service.version="5.5.1">foo.bar GroupWise Internet Agent 5.5.1 Ready (C)1993, 1998 Novell, Inc.</example>
|
469
|
+
<example service.version="5.5.1" host.name="foo.bar">foo.bar GroupWise Internet Agent 5.5.1 Ready (C)1993, 1998 Novell, Inc.</example>
|
469
470
|
<param pos="0" name="service.vendor" value="Novell"/>
|
470
471
|
<param pos="0" name="service.family" value="GroupWise"/>
|
471
472
|
<param pos="0" name="service.product" value="GroupWise"/>
|
@@ -474,10 +475,10 @@
|
|
474
475
|
<param pos="0" name="service.cpe23" value="cpe:/a:novell:groupwise:{service.version}"/>
|
475
476
|
</fingerprint>
|
476
477
|
|
477
|
-
<fingerprint pattern="^([^ ]
|
478
|
+
<fingerprint pattern="^([^ ]{1,512}) GroupWise Internet Agent (\d+\.[\d.]+) Copyright .*\d{4}-\d{4} Novell, Inc..* All rights reserved. Ready *$">
|
478
479
|
<description>Novell GroupWise Internet Agent - versions 5 and higher, second variant</description>
|
479
|
-
<example service.version="8.0.3">foo.bar GroupWise Internet Agent 8.0.3 Copyright (c) 1993-2012 Novell, Inc. All rights reserved. Ready</example>
|
480
|
-
<example service.version="14.2.1">foo.bar GroupWise Internet Agent 14.2.1 Copyright 1993-2016 Novell, Inc., a Micro Focus Company. All rights reserved. Ready</example>
|
480
|
+
<example service.version="8.0.3" host.name="foo.bar">foo.bar GroupWise Internet Agent 8.0.3 Copyright (c) 1993-2012 Novell, Inc. All rights reserved. Ready</example>
|
481
|
+
<example service.version="14.2.1" host.name="foo.bar">foo.bar GroupWise Internet Agent 14.2.1 Copyright 1993-2016 Novell, Inc., a Micro Focus Company. All rights reserved. Ready</example>
|
481
482
|
<param pos="0" name="service.vendor" value="Novell"/>
|
482
483
|
<param pos="0" name="service.family" value="GroupWise"/>
|
483
484
|
<param pos="0" name="service.product" value="GroupWise"/>
|
@@ -486,7 +487,7 @@
|
|
486
487
|
<param pos="0" name="service.cpe23" value="cpe:/a:novell:groupwise:{service.version}"/>
|
487
488
|
</fingerprint>
|
488
489
|
|
489
|
-
<fingerprint pattern="^([^ ]
|
490
|
+
<fingerprint pattern="^([^ ]{1,512}) GroupWise SMTP/MIME Daemon ([^ ]+\.[^ ]+) v([^ ]+) Ready \(C\).* Novell, Inc\. *$">
|
490
491
|
<description>Novell GroupWise - versions below 5</description>
|
491
492
|
<example host.name="foo.bar" service.version="4.1" service.version.version="3">foo.bar GroupWise SMTP/MIME Daemon 4.1 v3 Ready (C)1993, 1996 Novell, Inc.</example>
|
492
493
|
<param pos="0" name="service.vendor" value="Novell"/>
|
@@ -498,11 +499,11 @@
|
|
498
499
|
<param pos="0" name="service.cpe23" value="cpe:/a:novell:groupwise:{service.version}"/>
|
499
500
|
</fingerprint>
|
500
501
|
|
501
|
-
<fingerprint pattern="^([^ ]
|
502
|
+
<fingerprint pattern="^([^ ]{1,512}) (?:ESMTP )?running IBM VM SMTP (.+)(?:; | on )(.+) *$">
|
502
503
|
<description>IBM SMTP server for VM/ESA on IBM S/390 and IBM eserver z/Series 900.</description>
|
503
|
-
<example service.version="Level 640" system.time="Thu, 30 Nov 2017 01:08:59 PDT">foo.bar running IBM VM SMTP Level 640 on Thu, 30 Nov 2017 01:08:59 PDT</example>
|
504
|
-
<example service.version="Level 3A0">foo.bar running IBM VM SMTP Level 3A0 on Mon, 10 Sep 2001 07:21:54 EDT</example>
|
505
|
-
<example service.version="V2R4" system.time="Mon, 10 Sep 2001 07:24:35 -0400 (EDT)">foo.bar ESMTP running IBM VM SMTP V2R4; Mon, 10 Sep 2001 07:24:35 -0400 (EDT)</example>
|
504
|
+
<example service.version="Level 640" system.time="Thu, 30 Nov 2017 01:08:59 PDT" host.name="foo.bar">foo.bar running IBM VM SMTP Level 640 on Thu, 30 Nov 2017 01:08:59 PDT</example>
|
505
|
+
<example service.version="Level 3A0" host.name="foo.bar" system.time="Mon, 10 Sep 2001 07:21:54 EDT">foo.bar running IBM VM SMTP Level 3A0 on Mon, 10 Sep 2001 07:21:54 EDT</example>
|
506
|
+
<example service.version="V2R4" system.time="Mon, 10 Sep 2001 07:24:35 -0400 (EDT)" host.name="foo.bar">foo.bar ESMTP running IBM VM SMTP V2R4; Mon, 10 Sep 2001 07:24:35 -0400 (EDT)</example>
|
506
507
|
<param pos="0" name="service.vendor" value="IBM"/>
|
507
508
|
<param pos="0" name="service.family" value="VM"/>
|
508
509
|
<param pos="0" name="service.product" value="VM"/>
|
@@ -512,7 +513,7 @@
|
|
512
513
|
<param pos="3" name="system.time"/>
|
513
514
|
</fingerprint>
|
514
515
|
|
515
|
-
<fingerprint pattern="^([^ ]
|
516
|
+
<fingerprint pattern="^([^ ]{1,512}) \(IntraStore TurboSendmail\) ESMTP Service ready *$">
|
516
517
|
<description>
|
517
518
|
Syntegra/CDC IntraStore TurboSendmail, part of the IntraStore server which runs on
|
518
519
|
the following platforms ONLY: Linux, HP-UX, Solaris, AIX, and Windows NT/2000
|
@@ -525,9 +526,9 @@
|
|
525
526
|
<param pos="1" name="host.name"/>
|
526
527
|
</fingerprint>
|
527
528
|
|
528
|
-
<fingerprint pattern="^(\S
|
529
|
+
<fingerprint pattern="^(\S{1,512}) E?SMTP Server \(JAMES E?SMTP Server ([\d\.]+)\) ready (\w\w\w, \d+ \w\w\w \d\d\d\d [\d:]+ [-+]\d\d\d\d) \(.+\)$">
|
529
530
|
<description>JAMES SMTP Server</description>
|
530
|
-
<example host.name="foo.bar" service.version="2.3.2">foo.bar SMTP Server (JAMES SMTP Server 2.3.2) ready Tue, 19 May 2015 00:36:13 +0200 (CEST)</example>
|
531
|
+
<example host.name="foo.bar" service.version="2.3.2" system.time="Tue, 19 May 2015 00:36:13 +0200">foo.bar SMTP Server (JAMES SMTP Server 2.3.2) ready Tue, 19 May 2015 00:36:13 +0200 (CEST)</example>
|
531
532
|
<param pos="0" name="service.vendor" value="Apache"/>
|
532
533
|
<param pos="0" name="service.product" value="James"/>
|
533
534
|
<param pos="2" name="service.version"/>
|
@@ -537,9 +538,10 @@
|
|
537
538
|
<param pos="0" name="system.time.format" value="EEE, d MMM yyyy HH:mm:ss Z"/>
|
538
539
|
</fingerprint>
|
539
540
|
|
540
|
-
<fingerprint pattern="^(?:(\S
|
541
|
+
<fingerprint pattern="^(?:(\S{1,512}) {1,8})?ESMTP MailEnable Service, Version: ([\d.]+)$">
|
541
542
|
<description>MailEnable - Simple</description>
|
542
543
|
<example service.version="9.53">ESMTP MailEnable Service, Version: 9.53</example>
|
544
|
+
<example host.name="foo.home" service.version="10.34">foo.home ESMTP MailEnable Service, Version: 10.34</example>
|
543
545
|
<param pos="0" name="os.vendor" value="Microsoft"/>
|
544
546
|
<param pos="0" name="os.family" value="Windows"/>
|
545
547
|
<param pos="0" name="os.product" value="Windows"/>
|
@@ -554,10 +556,11 @@
|
|
554
556
|
|
555
557
|
<!-- MailEnable has an odd, three version string. Not sure about the meaning the second and third version #s. -->
|
556
558
|
|
557
|
-
<fingerprint pattern="^(?:(\S
|
559
|
+
<fingerprint pattern="^(?:(\S{1,512}) {1,8})?ESMTP MailEnable Service, Version: (?:([\d.]+))?-[\d.]*-[\d.]* (?:ready|denied access) at (\d{2}/\d{2}/\d{2} \d{2}:\d{2}:\d{2})$">
|
558
560
|
<description>MailEnable - Complex</description>
|
559
|
-
<example host.name="foo.bar" service.version="1.8">foo.bar ESMTP MailEnable Service, Version: 1.8-- ready at 05/20/15 08:50:22</example>
|
560
|
-
<example host.name="foo.bar" service.version="9.53"
|
561
|
+
<example host.name="foo.bar" service.version="1.8" system.time="05/20/15 08:50:22">foo.bar ESMTP MailEnable Service, Version: 1.8-- ready at 05/20/15 08:50:22</example>
|
562
|
+
<example host.name="*.foo.bar" service.version="9.53" system.time="11/30/17 00:57:37">*.foo.bar ESMTP MailEnable Service, Version: 9.53-9.53- ready at 11/30/17 00:57:37</example>
|
563
|
+
<example host.name="%WPI_HOSTNAME%" service.version="10.27" system.time="07/07/21 18:24:47">%WPI_HOSTNAME% ESMTP MailEnable Service, Version: 10.27-- ready at 07/07/21 18:24:47</example>
|
561
564
|
<example host.name="foo.bar" service.version="9.00" system.time="11/30/17 09:30:34">foo.bar ESMTP MailEnable Service, Version: 9.00--9.00 ready at 11/30/17 09:30:34</example>
|
562
565
|
<example host.name="foo.bar" service.version="1.986" system.time="04/05/18 16:15:25">foo.bar ESMTP MailEnable Service, Version: 1.986-- denied access at 04/05/18 16:15:25</example>
|
563
566
|
<param pos="0" name="os.vendor" value="Microsoft"/>
|
@@ -574,10 +577,10 @@
|
|
574
577
|
<param pos="3" name="system.time"/>
|
575
578
|
</fingerprint>
|
576
579
|
|
577
|
-
<fingerprint pattern="^([^ ]
|
580
|
+
<fingerprint pattern="^([^ ]{1,512}) \(Mail-Max Version (\d+\.[\d\.]+), (.+, .+)\) ESMTP Mail Server Ready. *$">
|
578
581
|
<description>Mail Max</description>
|
579
|
-
<example host.name="foo.bar" service.version="4.2.4.7">foo.bar (Mail-Max Version 4.2.4.7, Wed, 31 Jan 2001 03:44:35 +0100 WST) ESMTP Mail Server Ready.</example>
|
580
|
-
<example host.name="foo.bar" service.version="3.073">foo.bar (Mail-Max Version 3.073, Thu, 30 Nov 2017 17:24:59 +0800 ) ESMTP Mail Server Ready.</example>
|
582
|
+
<example host.name="foo.bar" service.version="4.2.4.7" system.time="Wed, 31 Jan 2001 03:44:35 +0100 WST">foo.bar (Mail-Max Version 4.2.4.7, Wed, 31 Jan 2001 03:44:35 +0100 WST) ESMTP Mail Server Ready.</example>
|
583
|
+
<example host.name="foo.bar" service.version="3.073" system.time="Thu, 30 Nov 2017 17:24:59 +0800 ">foo.bar (Mail-Max Version 3.073, Thu, 30 Nov 2017 17:24:59 +0800 ) ESMTP Mail Server Ready.</example>
|
581
584
|
<param pos="0" name="service.vendor" value="Mail-Max"/>
|
582
585
|
<param pos="0" name="service.family" value="Mail-Max"/>
|
583
586
|
<param pos="0" name="service.product" value="Mail-Max"/>
|
@@ -587,7 +590,7 @@
|
|
587
590
|
<param pos="3" name="system.time"/>
|
588
591
|
</fingerprint>
|
589
592
|
|
590
|
-
<fingerprint pattern="^([^ ]
|
593
|
+
<fingerprint pattern="^([^ ]{1,512}) {1,8}MailSite E?SMTP Receiver Version (\d+\.[\d.]+) Ready *$">
|
591
594
|
<description>Rockliffe MailSite - with version (http://www.rockliffe.com)</description>
|
592
595
|
<example host.name="foo.bar" service.version="3.4.6.0">foo.bar MailSite ESMTP Receiver Version 3.4.6.0 Ready</example>
|
593
596
|
<example host.name="foo.bar" service.version="2.1.7">foo.bar MailSite SMTP Receiver Version 2.1.7 Ready</example>
|
@@ -598,7 +601,7 @@
|
|
598
601
|
<param pos="2" name="service.version"/>
|
599
602
|
</fingerprint>
|
600
603
|
|
601
|
-
<fingerprint pattern="^([^ ]
|
604
|
+
<fingerprint pattern="^([^ ]{1,512}) {1,8}MailSite E?SMTP Receiver Ready *$">
|
602
605
|
<description>Rockliffe MailSite - without version (http://www.rockliffe.com)</description>
|
603
606
|
<example host.name="foo.bar">foo.bar MailSite SMTP Receiver Ready</example>
|
604
607
|
<param pos="0" name="service.vendor" value="Rockliffe"/>
|
@@ -616,9 +619,9 @@
|
|
616
619
|
<param pos="1" name="service.version"/>
|
617
620
|
</fingerprint>
|
618
621
|
|
619
|
-
<fingerprint pattern="^([^ ]
|
622
|
+
<fingerprint pattern="^([^ ]{1,512}) {1,8}MAILsweeper ESMTP Receiver Version (\d\.[\d.]+) Ready *$">
|
620
623
|
<description>Content Security MAILsweeper for SMTP (http://www.contenttechnologies.com/products/msw4smtp/default.asp)</description>
|
621
|
-
<example service.version="4.2.1.0">foo.bar MAILsweeper ESMTP Receiver Version 4.2.1.0 Ready</example>
|
624
|
+
<example service.version="4.2.1.0" host.name="foo.bar">foo.bar MAILsweeper ESMTP Receiver Version 4.2.1.0 Ready</example>
|
622
625
|
<param pos="0" name="service.vendor" value="Clearswift"/>
|
623
626
|
<param pos="0" name="service.family" value="MAILsweeper"/>
|
624
627
|
<param pos="0" name="service.product" value="MAILsweeper"/>
|
@@ -626,9 +629,9 @@
|
|
626
629
|
<param pos="2" name="service.version"/>
|
627
630
|
</fingerprint>
|
628
631
|
|
629
|
-
<fingerprint pattern="^([^ ]
|
632
|
+
<fingerprint pattern="^([^ ]{1,512}) {1,8}ESMTP MDaemon ([^ ]+\.[^ ]+\.[^ ]+) UNREGISTERED; *(.+) *$">
|
630
633
|
<description>MDaemon mail server - with timestamp, unregistered</description>
|
631
|
-
<example service.version="4.0.5">foo.bar ESMTP MDaemon 4.0.5 UNREGISTERED; Sat, 06 Oct 2001 09:10:56 +0400</example>
|
634
|
+
<example service.version="4.0.5" host.name="foo.bar" system.time="Sat, 06 Oct 2001 09:10:56 +0400">foo.bar ESMTP MDaemon 4.0.5 UNREGISTERED; Sat, 06 Oct 2001 09:10:56 +0400</example>
|
632
635
|
<param pos="0" name="service.vendor" value="Alt-N"/>
|
633
636
|
<param pos="0" name="service.family" value="MDaemon"/>
|
634
637
|
<param pos="0" name="service.product" value="MDaemon"/>
|
@@ -645,9 +648,9 @@
|
|
645
648
|
<param pos="3" name="system.time"/>
|
646
649
|
</fingerprint>
|
647
650
|
|
648
|
-
<fingerprint pattern="^([^ ]
|
651
|
+
<fingerprint pattern="^([^ ]{1,512}) {1,8}ESMTP MDaemon ([^ ]+\.[^ ]+\.[^ ]+); *(.+) *$">
|
649
652
|
<description>MDaemon mail server - with timestamp</description>
|
650
|
-
<example service.version="4.0.2">foo.bar ESMTP MDaemon 4.0.2; Sat, 06 Oct 2001 01:46:44 -0500</example>
|
653
|
+
<example service.version="4.0.2" host.name="foo.bar" system.time="Sat, 06 Oct 2001 01:46:44 -0500">foo.bar ESMTP MDaemon 4.0.2; Sat, 06 Oct 2001 01:46:44 -0500</example>
|
651
654
|
<param pos="0" name="service.vendor" value="Alt-N"/>
|
652
655
|
<param pos="0" name="service.family" value="MDaemon"/>
|
653
656
|
<param pos="0" name="service.product" value="MDaemon"/>
|
@@ -663,9 +666,9 @@
|
|
663
666
|
<param pos="3" name="system.time"/>
|
664
667
|
</fingerprint>
|
665
668
|
|
666
|
-
<fingerprint pattern="^([^ ]
|
669
|
+
<fingerprint pattern="^([^ ]{1,512}) {1,8}ESMTP MDaemon ([^ ]+\.[^ ]+\.[^ ]+) ready *$">
|
667
670
|
<description>MDaemon mail server - without timestamp</description>
|
668
|
-
<example service.version="3.5.7">foo.bar ESMTP MDaemon 3.5.7 ready</example>
|
671
|
+
<example service.version="3.5.7" host.name="foo.bar">foo.bar ESMTP MDaemon 3.5.7 ready</example>
|
669
672
|
<param pos="0" name="service.vendor" value="Alt-N"/>
|
670
673
|
<param pos="0" name="service.family" value="MDaemon"/>
|
671
674
|
<param pos="0" name="service.product" value="MDaemon"/>
|
@@ -679,11 +682,11 @@
|
|
679
682
|
<param pos="0" name="service.cpe23" value="cpe:/a:altn:mdaemon:{service.version}"/>
|
680
683
|
</fingerprint>
|
681
684
|
|
682
|
-
<fingerprint pattern="^([^ ]
|
685
|
+
<fingerprint pattern="^([^ ]{1,512}) {1,8}ESMTP service ready \[[0-9]+\] (?:using )?MDaemon v(\d+\.[\d.]+) ([^ ]+) *$">
|
683
686
|
<description>MDaemon mail server - with version revision</description>
|
684
|
-
<example service.version="2.84" service.version.version="R">foo.bar ESMTP service ready [1] MDaemon v2.84 R</example>
|
685
|
-
<example service.version="3.0.3" service.version.version="R">foo.bar ESMTP service ready [1] using MDaemon v3.0.3 R</example>
|
686
|
-
<example service.version="2.8.7.0" service.version.version="R">foo.bar ESMTP service ready [1] MDaemon v2.8.7.0 R</example>
|
687
|
+
<example service.version="2.84" service.version.version="R" host.name="foo.bar">foo.bar ESMTP service ready [1] MDaemon v2.84 R</example>
|
688
|
+
<example service.version="3.0.3" service.version.version="R" host.name="foo.bar">foo.bar ESMTP service ready [1] using MDaemon v3.0.3 R</example>
|
689
|
+
<example service.version="2.8.7.0" service.version.version="R" host.name="foo.bar">foo.bar ESMTP service ready [1] MDaemon v2.8.7.0 R</example>
|
687
690
|
<param pos="0" name="service.vendor" value="Alt-N"/>
|
688
691
|
<param pos="0" name="service.family" value="MDaemon"/>
|
689
692
|
<param pos="0" name="service.product" value="MDaemon"/>
|
@@ -698,10 +701,10 @@
|
|
698
701
|
<param pos="0" name="service.cpe23" value="cpe:/a:altn:mdaemon:{service.version}"/>
|
699
702
|
</fingerprint>
|
700
703
|
|
701
|
-
<fingerprint pattern="^([^ ]
|
704
|
+
<fingerprint pattern="^([^ ]{1,512}) {1,8}ESMTP service ready \[[0-9]+\] (?:\()?MDaemon v([\d.]+) ([^ ]+) ([^ )]+)(?:\))? *$">
|
702
705
|
<description>MDaemon mail server - with service pack</description>
|
703
|
-
<example service.version="2.7" service.version.version="SP5" service.version.version.version="R">foo.bar ESMTP service ready [1] MDaemon v2.7 SP5 R</example>
|
704
|
-
<example service.version="2.7" service.version.version="SP4" service.version.version.version="R">foo.bar ESMTP service ready [1] (MDaemon v2.7 SP4 R)</example>
|
706
|
+
<example service.version="2.7" service.version.version="SP5" service.version.version.version="R" host.name="foo.bar">foo.bar ESMTP service ready [1] MDaemon v2.7 SP5 R</example>
|
707
|
+
<example service.version="2.7" service.version.version="SP4" service.version.version.version="R" host.name="foo.bar">foo.bar ESMTP service ready [1] (MDaemon v2.7 SP4 R)</example>
|
705
708
|
<param pos="0" name="service.vendor" value="Alt-N"/>
|
706
709
|
<param pos="0" name="service.family" value="MDaemon"/>
|
707
710
|
<param pos="0" name="service.product" value="MDaemon"/>
|
@@ -717,9 +720,9 @@
|
|
717
720
|
<param pos="0" name="service.cpe23" value="cpe:/a:altn:mdaemon:{service.version}"/>
|
718
721
|
</fingerprint>
|
719
722
|
|
720
|
-
<fingerprint pattern="^([^ ]
|
723
|
+
<fingerprint pattern="^([^ ]{1,512}) {1,8}ESMTP service ready \[[0-9]+\] \(MDaemon v([^ ]+\.[^ ]+) ([^ ]+) ([^ ]+) ([^ ]+)\) *$">
|
721
724
|
<description>MDaemon mail server</description>
|
722
|
-
<example service.version="2.5" service.version.version.version="b1">foo.bar ESMTP service ready [1] (MDaemon v2.5 rB b1 32-T)</example>
|
725
|
+
<example service.version="2.5" service.version.version.version="b1" host.name="foo.bar" service.version.version="rB" service.version.version.version.version="32-T">foo.bar ESMTP service ready [1] (MDaemon v2.5 rB b1 32-T)</example>
|
723
726
|
<param pos="0" name="service.vendor" value="Alt-N"/>
|
724
727
|
<param pos="0" name="service.family" value="MDaemon"/>
|
725
728
|
<param pos="0" name="service.product" value="MDaemon"/>
|
@@ -738,11 +741,11 @@
|
|
738
741
|
|
739
742
|
<!-- example: 220 mail.db-list.com ESMTP MERAK 3.00.140; Tue, 24 Jul 2001 21:30:47 -0700 -->
|
740
743
|
|
741
|
-
<fingerprint pattern="^([^ ]
|
744
|
+
<fingerprint pattern="^([^ ]{1,512}) +E?SMTP (?i:MERAK) ([^ ]+\.[^ ]+\.[^ ]+); *(.+) *$">
|
742
745
|
<description>Merak mail server - http://www.icewarp.com/merakmail/ (runs on 2000/NT/9x)</description>
|
743
|
-
<example host.name="foo.bar" service.version="8.0.3">foo.bar SMTP Merak 8.0.3; Thu, 30 Nov 2017 20:01:41 +1000</example>
|
744
|
-
<example host.name="foo.bar" service.version="8.0.3">foo.bar ESMTP Merak 8.0.3; Thu, 30 Nov 2017 12:08:09 +0200</example>
|
745
|
-
<example host.name="foo.bar" service.version="2.10.284">foo.bar ESMTP MERAK 2.10.284; Thu, 30 Nov 2017 17:55:10 +0800</example>
|
746
|
+
<example host.name="foo.bar" service.version="8.0.3" system.time="Thu, 30 Nov 2017 20:01:41 +1000">foo.bar SMTP Merak 8.0.3; Thu, 30 Nov 2017 20:01:41 +1000</example>
|
747
|
+
<example host.name="foo.bar" service.version="8.0.3" system.time="Thu, 30 Nov 2017 12:08:09 +0200">foo.bar ESMTP Merak 8.0.3; Thu, 30 Nov 2017 12:08:09 +0200</example>
|
748
|
+
<example host.name="foo.bar" service.version="2.10.284" system.time="Thu, 30 Nov 2017 17:55:10 +0800">foo.bar ESMTP MERAK 2.10.284; Thu, 30 Nov 2017 17:55:10 +0800</example>
|
746
749
|
<param pos="0" name="service.vendor" value="Merak"/>
|
747
750
|
<param pos="0" name="service.family" value="Mail Server"/>
|
748
751
|
<param pos="0" name="service.product" value="Mail Server"/>
|
@@ -754,7 +757,7 @@
|
|
754
757
|
|
755
758
|
<fingerprint pattern="^MERCUR SMTP-Server \(v([^ ]+\.[^ ])0\.([^ ]+) ([^ ]+)\) for (.+) ready at (.+) *$">
|
756
759
|
<description>Atrium's MERCUR SMTP server (http://www.atrium-software.com/pub/support_e.cfm)</description>
|
757
|
-
<example service.version="3.3" service.version.version="09" service.version.version.version="SA-0000005" mercur.os.info="Windows NT">MERCUR SMTP-Server (v3.30.09 SA-0000005) for Windows NT ready at Thu, 30 Nov 2017 10:01:06 +0100</example>
|
760
|
+
<example service.version="3.3" service.version.version="09" service.version.version.version="SA-0000005" mercur.os.info="Windows NT" system.time="Thu, 30 Nov 2017 10:01:06 +0100">MERCUR SMTP-Server (v3.30.09 SA-0000005) for Windows NT ready at Thu, 30 Nov 2017 10:01:06 +0100</example>
|
758
761
|
<param pos="0" name="service.vendor" value="Atrium Software"/>
|
759
762
|
<param pos="0" name="service.family" value="MERCUR"/>
|
760
763
|
<param pos="0" name="service.product" value="MERCUR"/>
|
@@ -766,9 +769,9 @@
|
|
766
769
|
<param pos="5" name="system.time"/>
|
767
770
|
</fingerprint>
|
768
771
|
|
769
|
-
<fingerprint pattern="^([^ ]
|
772
|
+
<fingerprint pattern="^([^ ]{1,512}) Mercury ([^ ]+\.[^ ]+) ESMTP server ready.$">
|
770
773
|
<description>Mercury NLM for Netware ( http://www.pmail.com/index.cfm )</description>
|
771
|
-
<example service.version="1.43">foo.bar Mercury 1.43 ESMTP server ready.</example>
|
774
|
+
<example host.name="foo.bar" service.version="1.43">foo.bar Mercury 1.43 ESMTP server ready.</example>
|
772
775
|
<param pos="0" name="service.family" value="Mercury Mail Transport System"/>
|
773
776
|
<param pos="0" name="service.product" value="Mercury Mail Transport System"/>
|
774
777
|
<param pos="0" name="os.vendor" value="Novell"/>
|
@@ -779,10 +782,10 @@
|
|
779
782
|
<param pos="2" name="service.version"/>
|
780
783
|
</fingerprint>
|
781
784
|
|
782
|
-
<fingerprint pattern="^^([^ ]
|
785
|
+
<fingerprint pattern="^^([^ ]{1,512}) Mercury\/32 v([^ ]+\.[^ ]+) (?:SMTP\/)?ESMTP server ready.?$">
|
783
786
|
<description>Mercury/32 for Win9x/NT/2000 ( http://www.pmail.com/index.cfm )</description>
|
784
|
-
<example service.version="3.01a">foo.bar Mercury/32 v3.01a SMTP/ESMTP server ready.</example>
|
785
|
-
<example service.version="3.30">foo.bar Mercury/32 v3.30 ESMTP server ready.</example>
|
787
|
+
<example service.version="3.01a" host.name="foo.bar">foo.bar Mercury/32 v3.01a SMTP/ESMTP server ready.</example>
|
788
|
+
<example service.version="3.30" host.name="foo.bar">foo.bar Mercury/32 v3.30 ESMTP server ready.</example>
|
786
789
|
<param pos="0" name="service.family" value="Mercury Mail Transport System"/>
|
787
790
|
<param pos="0" name="service.product" value="Mercury Mail Transport System"/>
|
788
791
|
<param pos="0" name="os.vendor" value="Microsoft"/>
|
@@ -793,9 +796,9 @@
|
|
793
796
|
<param pos="2" name="service.version"/>
|
794
797
|
</fingerprint>
|
795
798
|
|
796
|
-
<fingerprint pattern="^([^ ]
|
799
|
+
<fingerprint pattern="^([^ ]{1,512}) SMTP NAVIEG ([^ ]+\.[^ ]+\.[^ ]+); (.+)* http">
|
797
800
|
<description>Norton Antivirus for Internet Email Gateways (becomes NAVGW in 2.1)</description>
|
798
|
-
<example host.name="foo.bar" service.version="2.0.1">foo.bar SMTP NAVIEG 2.0.1; Sun, 29 Jul 2001 22:02:16 -0500 http://www.symantec.com</example>
|
801
|
+
<example host.name="foo.bar" service.version="2.0.1" system.time="Sun, 29 Jul 2001 22:02:16 -0500">foo.bar SMTP NAVIEG 2.0.1; Sun, 29 Jul 2001 22:02:16 -0500 http://www.symantec.com</example>
|
799
802
|
<param pos="0" name="service.vendor" value="Norton"/>
|
800
803
|
<param pos="0" name="service.family" value="Antivirus for Gateways"/>
|
801
804
|
<param pos="0" name="service.product" value="Antivirus for Gateways"/>
|
@@ -805,7 +808,7 @@
|
|
805
808
|
<param pos="3" name="system.time"/>
|
806
809
|
</fingerprint>
|
807
810
|
|
808
|
-
<fingerprint pattern="^([^ ]
|
811
|
+
<fingerprint pattern="^([^ ]{1,512}) ESMTP service \(Netscape Messaging Server ([^ ]+\.[^ ]+) Patch ([^ ]+)">
|
809
812
|
<description>Netscape Messaging Server - with patch number</description>
|
810
813
|
<example host.name="foo.bar" service.version="4.15" service.version.version="7">foo.bar ESMTP service (Netscape Messaging Server 4.15 Patch 7 (built Sep 12 2001))</example>
|
811
814
|
<param pos="0" name="service.vendor" value="Netscape"/>
|
@@ -817,7 +820,7 @@
|
|
817
820
|
<param pos="0" name="service.cpe23" value="cpe:/a:netscape:messaging_server:{service.version}"/>
|
818
821
|
</fingerprint>
|
819
822
|
|
820
|
-
<fingerprint pattern="^([^ ]
|
823
|
+
<fingerprint pattern="^([^ ]{1,512}) ESMTP server \(Netscape Messaging Server - Version ([\d.]+)\) ready (\w\w\w, \d+ \w\w\w \d\d\d\d [\d:]+ [-+]\d\d\d\d) *$">
|
821
824
|
<description>Netscape Messaging Server - w/o patch number</description>
|
822
825
|
<example host.name="foo.bar" service.version="3.6" system.time="Thu, 30 Nov 2017 04:19:10 -0500">foo.bar ESMTP server (Netscape Messaging Server - Version 3.6) ready Thu, 30 Nov 2017 04:19:10 -0500</example>
|
823
826
|
<param pos="0" name="service.vendor" value="Netscape"/>
|
@@ -830,7 +833,7 @@
|
|
830
833
|
<param pos="3" name="system.time"/>
|
831
834
|
</fingerprint>
|
832
835
|
|
833
|
-
<fingerprint pattern="^([^ ]
|
836
|
+
<fingerprint pattern="^([^ ]{1,512}) Lotus SMTP MTA Service Ready *$">
|
834
837
|
<description>Lotus Notes 4 SMTP MTA</description>
|
835
838
|
<example host.name="foo.bar">foo.bar Lotus SMTP MTA Service Ready</example>
|
836
839
|
<param pos="0" name="service.vendor" value="Lotus"/>
|
@@ -846,17 +849,17 @@
|
|
846
849
|
called IBM Domino as of v9.0 on product and in banners.
|
847
850
|
-->
|
848
851
|
|
849
|
-
<fingerprint pattern="
|
852
|
+
<fingerprint pattern=" ?(?:([^ ]{1,512}))? {0,8}ESMTP Service \(Lotus Domino Release (\d+\.[\w.]+(?: FP\d+)?(?: HF\d+)?)(?: \(Intl\))?\) ready at (.+) *$">
|
850
853
|
<description>Lotus Domino SMTP MTA</description>
|
851
|
-
<example service.version="8.5">foo.bar ESMTP Service (Lotus Domino Release 8.5) ready at Thu, 30 Nov 2017 17:01:45 +0800</example>
|
852
|
-
<example service.version="8.5.3FP6 HF1944">foo.bar ESMTP Service (Lotus Domino Release 8.5.3FP6 HF1944) ready at Thu, 30 Nov 2017 17:17:43 +0800</example>
|
853
|
-
<example service.version="8.0.2 FP1 HF82">foo.bar ESMTP Service (Lotus Domino Release 8.0.2 FP1 HF82) ready at Thu, 5 Apr 2018 22:03:28 +0200</example>
|
854
|
-
<example service.version="5.0.13a"> foo.bar ESMTP Service (Lotus Domino Release 5.0.13a) ready at Thu, 16 Nov 2017 17:47:42 +0800</example>
|
855
|
-
<example service.version="7.0.4">foo.bar ESMTP Service (Lotus Domino Release 7.0.4) ready at Thu, 16 Nov 2017 18:28:36 +0900</example>
|
856
|
-
<example service.version="8.0.2FP2">foo.bar ESMTP Service (Lotus Domino Release 8.0.2FP2) ready at Thu, 16 Nov 2017 02:17:33 -0700</example>
|
857
|
-
<example service.version="8.5.3">foo.bar ESMTP Service (Lotus Domino Release 8.5.3) ready at Thu, 16 Nov 2017 17:52:21 +0800</example>
|
858
|
-
<example service.version="7.0"> ESMTP Service (Lotus Domino Release 7.0) ready at Thu, 30 Nov 2017 17:00:41 +0800</example>
|
859
|
-
<example host.name="foo.bar" service.version="5.0.1">foo.bar ESMTP Service (Lotus Domino Release 5.0.1 (Intl)) ready at Thu, 30 Nov 2017 12:38:43 +0300</example>
|
854
|
+
<example service.version="8.5" host.name="foo.bar" system.time="Thu, 30 Nov 2017 17:01:45 +0800">foo.bar ESMTP Service (Lotus Domino Release 8.5) ready at Thu, 30 Nov 2017 17:01:45 +0800</example>
|
855
|
+
<example service.version="8.5.3FP6 HF1944" host.name="foo.bar" system.time="Thu, 30 Nov 2017 17:17:43 +0800">foo.bar ESMTP Service (Lotus Domino Release 8.5.3FP6 HF1944) ready at Thu, 30 Nov 2017 17:17:43 +0800</example>
|
856
|
+
<example service.version="8.0.2 FP1 HF82" host.name="foo.bar" system.time="Thu, 5 Apr 2018 22:03:28 +0200">foo.bar ESMTP Service (Lotus Domino Release 8.0.2 FP1 HF82) ready at Thu, 5 Apr 2018 22:03:28 +0200</example>
|
857
|
+
<example service.version="5.0.13a" host.name="foo.bar" system.time="Thu, 16 Nov 2017 17:47:42 +0800"> foo.bar ESMTP Service (Lotus Domino Release 5.0.13a) ready at Thu, 16 Nov 2017 17:47:42 +0800</example>
|
858
|
+
<example service.version="7.0.4" host.name="foo.bar" system.time="Thu, 16 Nov 2017 18:28:36 +0900">foo.bar ESMTP Service (Lotus Domino Release 7.0.4) ready at Thu, 16 Nov 2017 18:28:36 +0900</example>
|
859
|
+
<example service.version="8.0.2FP2" host.name="foo.bar" system.time="Thu, 16 Nov 2017 02:17:33 -0700">foo.bar ESMTP Service (Lotus Domino Release 8.0.2FP2) ready at Thu, 16 Nov 2017 02:17:33 -0700</example>
|
860
|
+
<example service.version="8.5.3" host.name="foo.bar" system.time="Thu, 16 Nov 2017 17:52:21 +0800">foo.bar ESMTP Service (Lotus Domino Release 8.5.3) ready at Thu, 16 Nov 2017 17:52:21 +0800</example>
|
861
|
+
<example service.version="7.0" system.time="Thu, 30 Nov 2017 17:00:41 +0800"> ESMTP Service (Lotus Domino Release 7.0) ready at Thu, 30 Nov 2017 17:00:41 +0800</example>
|
862
|
+
<example host.name="foo.bar" service.version="5.0.1" system.time="Thu, 30 Nov 2017 12:38:43 +0300">foo.bar ESMTP Service (Lotus Domino Release 5.0.1 (Intl)) ready at Thu, 30 Nov 2017 12:38:43 +0300</example>
|
860
863
|
<param pos="0" name="service.vendor" value="IBM"/>
|
861
864
|
<param pos="0" name="service.family" value="Lotus Domino"/>
|
862
865
|
<param pos="0" name="service.product" value="Lotus Domino"/>
|
@@ -867,11 +870,11 @@
|
|
867
870
|
<param pos="3" name="system.time"/>
|
868
871
|
</fingerprint>
|
869
872
|
|
870
|
-
<fingerprint pattern="^ ?(?:([^ ]
|
873
|
+
<fingerprint pattern="^ ?(?:([^ ]{1,512}))? {0,8}ESMTP Service \(IBM Domino Release (\d+\.[\w.]+(?: HF\d+)?)\) ready at (.+) *$">
|
871
874
|
<description>IBM Domino SMTP MTA</description>
|
872
|
-
<example host.name="foo.bar" service.version="9.0.1FP8 HF475">foo.bar ESMTP Service (IBM Domino Release 9.0.1FP8 HF475) ready at Thu, 30 Nov 2017 17:55:48 +0900</example>
|
873
|
-
<example host.name="foo.bar" service.version="9.0.1"> foo.bar ESMTP Service (IBM Domino Release 9.0.1) ready at Thu, 30 Nov 2017 10:12:26 +0100</example>
|
874
|
-
<example service.version="9.0.1FP8"> ESMTP Service (IBM Domino Release 9.0.1FP8) ready at Thu, 30 Nov 2017 13:51:59 -0800</example>
|
875
|
+
<example host.name="foo.bar" service.version="9.0.1FP8 HF475" system.time="Thu, 30 Nov 2017 17:55:48 +0900">foo.bar ESMTP Service (IBM Domino Release 9.0.1FP8 HF475) ready at Thu, 30 Nov 2017 17:55:48 +0900</example>
|
876
|
+
<example host.name="foo.bar" service.version="9.0.1" system.time="Thu, 30 Nov 2017 10:12:26 +0100"> foo.bar ESMTP Service (IBM Domino Release 9.0.1) ready at Thu, 30 Nov 2017 10:12:26 +0100</example>
|
877
|
+
<example service.version="9.0.1FP8" system.time="Thu, 30 Nov 2017 13:51:59 -0800"> ESMTP Service (IBM Domino Release 9.0.1FP8) ready at Thu, 30 Nov 2017 13:51:59 -0800</example>
|
875
878
|
<param pos="0" name="service.vendor" value="IBM"/>
|
876
879
|
<param pos="0" name="service.family" value="IBM Domino"/>
|
877
880
|
<param pos="0" name="service.product" value="IBM Domino"/>
|
@@ -882,10 +885,10 @@
|
|
882
885
|
<param pos="3" name="system.time"/>
|
883
886
|
</fingerprint>
|
884
887
|
|
885
|
-
<fingerprint pattern="^([^ ]
|
888
|
+
<fingerprint pattern="^([^ ]{1,512}) ESMTP Service \(Lotus Domino Build (V?[\w.]+)\) ready at (.+) *$">
|
886
889
|
<description>Lotus Domino (some early build)</description>
|
887
|
-
<example notes.build.version="166.1">foo.bar ESMTP Service (Lotus Domino Build 166.1) ready at Thu, 16 Nov 2017 10:39:22 +0200</example>
|
888
|
-
<example notes.build.version="V85_M2_08202008">foo.bar ESMTP Service (Lotus Domino Build V85_M2_08202008) ready at Thu, 16 Nov 2017 03:57:40 -0500</example>
|
890
|
+
<example notes.build.version="166.1" host.name="foo.bar" system.time="Thu, 16 Nov 2017 10:39:22 +0200">foo.bar ESMTP Service (Lotus Domino Build 166.1) ready at Thu, 16 Nov 2017 10:39:22 +0200</example>
|
891
|
+
<example notes.build.version="V85_M2_08202008" host.name="foo.bar" system.time="Thu, 16 Nov 2017 03:57:40 -0500">foo.bar ESMTP Service (Lotus Domino Build V85_M2_08202008) ready at Thu, 16 Nov 2017 03:57:40 -0500</example>
|
889
892
|
<param pos="0" name="service.vendor" value="Lotus"/>
|
890
893
|
<param pos="0" name="service.family" value="Lotus Domino"/>
|
891
894
|
<param pos="0" name="service.product" value="Lotus Domino"/>
|
@@ -907,7 +910,7 @@
|
|
907
910
|
<param pos="2" name="system.time"/>
|
908
911
|
</fingerprint>
|
909
912
|
|
910
|
-
<fingerprint pattern="^([^ ]
|
913
|
+
<fingerprint pattern="^([^ ]{1,512}) NTMail \(v(\d+\.\d+\.\d+)/([^ ]+)\) ready for ESMTP transfer *$">
|
911
914
|
<description>NTMail (http://www.gordano.com)</description>
|
912
915
|
<example host.name="foo.bar" service.version="7.02.3037" ntmail.id="NU1319.01.5b000000">foo.bar NTMail (v7.02.3037/NU1319.01.5b000000) ready for ESMTP transfer </example>
|
913
916
|
<param pos="0" name="service.vendor" value="Gordano"/>
|
@@ -918,9 +921,9 @@
|
|
918
921
|
<param pos="3" name="ntmail.id"/>
|
919
922
|
</fingerprint>
|
920
923
|
|
921
|
-
<fingerprint pattern="^([^ ]
|
924
|
+
<fingerprint pattern="^([^ ]{1,512}) WindowsNT SMTP Server v([^ ]+\.[^ ]+\.[^ ]+)/([^ ]+)/SP ESMTP ready at (.+) *$">
|
922
925
|
<description>NTMail - versions 3.x and earlier (it was called Internet Shopper's something or other)</description>
|
923
|
-
<example host.name="foo.bar" service.version="3.03.0018" ntmail.id="7.aavn">foo.bar WindowsNT SMTP Server v3.03.0018/7.aavn/SP ESMTP ready at Thu, 30 Nov 2017 10:15:31 +0100</example>
|
926
|
+
<example host.name="foo.bar" service.version="3.03.0018" ntmail.id="7.aavn" system.time="Thu, 30 Nov 2017 10:15:31 +0100">foo.bar WindowsNT SMTP Server v3.03.0018/7.aavn/SP ESMTP ready at Thu, 30 Nov 2017 10:15:31 +0100</example>
|
924
927
|
<param pos="0" name="service.vendor" value="Gordano"/>
|
925
928
|
<param pos="0" name="service.family" value="NTMail"/>
|
926
929
|
<param pos="0" name="service.product" value="NTMail"/>
|
@@ -931,7 +934,7 @@
|
|
931
934
|
<param pos="4" name="system.time"/>
|
932
935
|
</fingerprint>
|
933
936
|
|
934
|
-
<fingerprint pattern="^(
|
937
|
+
<fingerprint pattern="^([^ ]{1,512})(?: UCX)? V\S+, OpenVMS V(\S+) (\S+) ready at">
|
935
938
|
<description>Some unknown mail server on OpenVMS</description>
|
936
939
|
<example host.name="foo.bar" os.arch="IA64" os.version="8.4">foo.bar V5.7-ECO4, OpenVMS V8.4 IA64 ready at Wed, 20 May 2015 01:22:32 +0100 (BST)</example>
|
937
940
|
<example host.name="foo.bar" os.arch="Alpha" os.version="7.3-2">foo.bar V5.4-15E, OpenVMS V7.3-2 Alpha ready at Wed, 20 May 2015 01:22:18 +0100 (BST)</example>
|
@@ -946,10 +949,10 @@
|
|
946
949
|
<param pos="0" name="os.cpe23" value="cpe:/o:hp:openvms:{os.version}"/>
|
947
950
|
</fingerprint>
|
948
951
|
|
949
|
-
<fingerprint pattern="^(
|
952
|
+
<fingerprint pattern="^([^ ]{1,512}) E?SMTP PMailServer(?: \[Free Edition\])? ([\d\.]+); (\w\w\w, +\d+ \w\w\w \d\d\d\d [\d:]+)$">
|
950
953
|
<description>A.K.I PMail</description>
|
951
|
-
<example host.name="foo.bar" service.version="1.91">foo.bar ESMTP PMailServer [Free Edition] 1.91; Fri, 22 May 2015 02:04:56</example>
|
952
|
-
<example host.name="foo.bar" service.version="1.78">foo.bar ESMTP PMailServer 1.78; Fri, 6 Apr 2018 04:34:11</example>
|
954
|
+
<example host.name="foo.bar" service.version="1.91" system.time="Fri, 22 May 2015 02:04:56">foo.bar ESMTP PMailServer [Free Edition] 1.91; Fri, 22 May 2015 02:04:56</example>
|
955
|
+
<example host.name="foo.bar" service.version="1.78" system.time="Fri, 6 Apr 2018 04:34:11">foo.bar ESMTP PMailServer 1.78; Fri, 6 Apr 2018 04:34:11</example>
|
953
956
|
<param pos="0" name="service.vendor" value="A.K.I Software"/>
|
954
957
|
<param pos="0" name="service.product" value="PMail Server"/>
|
955
958
|
<param pos="0" name="system.time.format" value="EEE, d MMM yyyy HH:mm:ss"/>
|
@@ -958,7 +961,7 @@
|
|
958
961
|
<param pos="3" name="system.time"/>
|
959
962
|
</fingerprint>
|
960
963
|
|
961
|
-
<fingerprint pattern="^([^ ]
|
964
|
+
<fingerprint pattern="^([^ ]{1,512}) Postfix \(Postfix-([^ ]+)-([^ ]+)\) \(([^ ]+)\) *$">
|
962
965
|
<description>Postfix - version + build, followed by os</description>
|
963
966
|
<param pos="0" name="service.vendor" value="Postfix"/>
|
964
967
|
<param pos="0" name="service.family" value="Postfix"/>
|
@@ -970,10 +973,10 @@
|
|
970
973
|
<param pos="4" name="postfix.os.info"/>
|
971
974
|
</fingerprint>
|
972
975
|
|
973
|
-
<fingerprint pattern="^([^ ]
|
976
|
+
<fingerprint pattern="^([^ ]{1,512}) ESMTP Postfix \(?([\d.]+)\)?$">
|
974
977
|
<description>Postfix - Std semantic versioning, w/ optional parens</description>
|
975
|
-
<example service.version="3.1.4">foo.bar ESMTP Postfix (3.1.4)</example>
|
976
|
-
<example service.version="2.7.1">foo.bar ESMTP Postfix 2.7.1</example>
|
978
|
+
<example service.version="3.1.4" host.name="foo.bar">foo.bar ESMTP Postfix (3.1.4)</example>
|
979
|
+
<example service.version="2.7.1" host.name="foo.bar">foo.bar ESMTP Postfix 2.7.1</example>
|
977
980
|
<param pos="0" name="service.vendor" value="Postfix"/>
|
978
981
|
<param pos="0" name="service.family" value="Postfix"/>
|
979
982
|
<param pos="0" name="service.product" value="Postfix"/>
|
@@ -982,9 +985,9 @@
|
|
982
985
|
<param pos="0" name="service.cpe23" value="cpe:/a:postfix:postfix:{service.version}"/>
|
983
986
|
</fingerprint>
|
984
987
|
|
985
|
-
<fingerprint pattern="^([^ ]
|
988
|
+
<fingerprint pattern="^([^ ]{1,512}) ESMTP Postfix \((?:Postfix-)?([\d.]+)-([^ ]+)\)$">
|
986
989
|
<description>Postfix - version + build</description>
|
987
|
-
<example service.version="2.8" service.version.version="20100306">foo.bar ESMTP Postfix (2.8-20100306)</example>
|
990
|
+
<example service.version="2.8" service.version.version="20100306" host.name="foo.bar">foo.bar ESMTP Postfix (2.8-20100306)</example>
|
988
991
|
<param pos="0" name="service.vendor" value="Postfix"/>
|
989
992
|
<param pos="0" name="service.family" value="Postfix"/>
|
990
993
|
<param pos="0" name="service.product" value="Postfix"/>
|
@@ -994,9 +997,9 @@
|
|
994
997
|
<param pos="0" name="service.cpe23" value="cpe:/a:postfix:postfix:{service.version}"/>
|
995
998
|
</fingerprint>
|
996
999
|
|
997
|
-
<fingerprint pattern="^([^ ]
|
1000
|
+
<fingerprint pattern="^([^ ]{1,512}) +E?SMTP Postfix \(Ubuntu\)$">
|
998
1001
|
<description>Postfix - Ubuntu</description>
|
999
|
-
<example>foo.bar ESMTP Postfix (Ubuntu)</example>
|
1002
|
+
<example host.name="foo.bar">foo.bar ESMTP Postfix (Ubuntu)</example>
|
1000
1003
|
<param pos="0" name="service.vendor" value="Postfix"/>
|
1001
1004
|
<param pos="0" name="service.family" value="Postfix"/>
|
1002
1005
|
<param pos="0" name="service.product" value="Postfix"/>
|
@@ -1008,10 +1011,10 @@
|
|
1008
1011
|
<param pos="0" name="os.cpe23" value="cpe:/o:canonical:ubuntu_linux:-"/>
|
1009
1012
|
</fingerprint>
|
1010
1013
|
|
1011
|
-
<fingerprint pattern="^([^ ]
|
1014
|
+
<fingerprint pattern="^([^ ]{1,512})(?: ESMTP)? Hi, I'm a Mail-in-a-Box \(Ubuntu/Postfix; see https://mailinabox.email/\)$">
|
1012
1015
|
<description>Postfix - Ubuntu, Mail-in-a-Box package</description>
|
1013
|
-
<example>foo.bar ESMTP Hi, I'm a Mail-in-a-Box (Ubuntu/Postfix; see https://mailinabox.email/)</example>
|
1014
|
-
<example>foo.bar Hi, I'm a Mail-in-a-Box (Ubuntu/Postfix; see https://mailinabox.email/)</example>
|
1016
|
+
<example host.name="foo.bar">foo.bar ESMTP Hi, I'm a Mail-in-a-Box (Ubuntu/Postfix; see https://mailinabox.email/)</example>
|
1017
|
+
<example host.name="foo.bar">foo.bar Hi, I'm a Mail-in-a-Box (Ubuntu/Postfix; see https://mailinabox.email/)</example>
|
1015
1018
|
<param pos="0" name="service.vendor" value="Postfix"/>
|
1016
1019
|
<param pos="0" name="service.family" value="Postfix"/>
|
1017
1020
|
<param pos="0" name="service.product" value="Postfix"/>
|
@@ -1023,9 +1026,9 @@
|
|
1023
1026
|
<param pos="0" name="os.cpe23" value="cpe:/o:canonical:ubuntu_linux:-"/>
|
1024
1027
|
</fingerprint>
|
1025
1028
|
|
1026
|
-
<fingerprint pattern="^([^ ]
|
1029
|
+
<fingerprint pattern="^([^ ]{1,512}) +E?SMTP Postfix \(Debian/GNU\)$">
|
1027
1030
|
<description>Postfix - Debian</description>
|
1028
|
-
<example>foo.bar ESMTP Postfix (Debian/GNU)</example>
|
1031
|
+
<example host.name="foo.bar">foo.bar ESMTP Postfix (Debian/GNU)</example>
|
1029
1032
|
<param pos="0" name="service.vendor" value="Postfix"/>
|
1030
1033
|
<param pos="0" name="service.family" value="Postfix"/>
|
1031
1034
|
<param pos="0" name="service.product" value="Postfix"/>
|
@@ -1037,9 +1040,9 @@
|
|
1037
1040
|
<param pos="0" name="os.cpe23" value="cpe:/o:debian:debian_linux:-"/>
|
1038
1041
|
</fingerprint>
|
1039
1042
|
|
1040
|
-
<fingerprint pattern="^([^ ]
|
1043
|
+
<fingerprint pattern="^([^ ]{1,512}) ESMTP.* Postfix *\(.+\) *$">
|
1041
1044
|
<description>Postfix - generic banner with amusing comments in parentheses</description>
|
1042
|
-
<example>foo.bar ESMTP Postfix (lol)</example>
|
1045
|
+
<example host.name="foo.bar">foo.bar ESMTP Postfix (lol)</example>
|
1043
1046
|
<param pos="0" name="service.vendor" value="Postfix"/>
|
1044
1047
|
<param pos="0" name="service.family" value="Postfix"/>
|
1045
1048
|
<param pos="0" name="service.product" value="Postfix"/>
|
@@ -1047,10 +1050,10 @@
|
|
1047
1050
|
<param pos="1" name="host.name"/>
|
1048
1051
|
</fingerprint>
|
1049
1052
|
|
1050
|
-
<fingerprint pattern="
|
1053
|
+
<fingerprint pattern="(?i)^([^ ]{1,512}) {1,8}E?SMTP.* Postfix *$">
|
1051
1054
|
<description>Postfix - generic banner</description>
|
1052
|
-
<example>foo.bar ESMTP Postfix</example>
|
1053
|
-
<example>foo.bar SMTP Postfix</example>
|
1055
|
+
<example host.name="foo.bar">foo.bar ESMTP Postfix</example>
|
1056
|
+
<example host.name="foo.bar">foo.bar SMTP Postfix</example>
|
1054
1057
|
<param pos="0" name="service.vendor" value="Postfix"/>
|
1055
1058
|
<param pos="0" name="service.family" value="Postfix"/>
|
1056
1059
|
<param pos="0" name="service.product" value="Postfix"/>
|
@@ -1058,7 +1061,7 @@
|
|
1058
1061
|
<param pos="1" name="host.name"/>
|
1059
1062
|
</fingerprint>
|
1060
1063
|
|
1061
|
-
<fingerprint pattern="^
|
1064
|
+
<fingerprint pattern="^ {0,512}ESMTP Postfix$">
|
1062
1065
|
<description>Postfix - banner without hostname or version</description>
|
1063
1066
|
<example>ESMTP Postfix</example>
|
1064
1067
|
<param pos="0" name="service.vendor" value="Postfix"/>
|
@@ -1067,7 +1070,7 @@
|
|
1067
1070
|
<param pos="0" name="service.cpe23" value="cpe:/a:postfix:postfix:-"/>
|
1068
1071
|
</fingerprint>
|
1069
1072
|
|
1070
|
-
<fingerprint pattern="
|
1073
|
+
<fingerprint pattern="(?i)^([^ ]{1,512}) POSTFIX$">
|
1071
1074
|
<description>Postfix - generic w/o ESMTP</description>
|
1072
1075
|
<example host.name="foo.bar">foo.bar Postfix</example>
|
1073
1076
|
<param pos="0" name="service.vendor" value="Postfix"/>
|
@@ -1077,7 +1080,7 @@
|
|
1077
1080
|
<param pos="1" name="host.name"/>
|
1078
1081
|
</fingerprint>
|
1079
1082
|
|
1080
|
-
<fingerprint pattern="^([^ ]
|
1083
|
+
<fingerprint pattern="^([^ ]{1,512}) ESMTP server \((?i:P)ost\.(?i:O)ffice v([^ ]+\.[^ ]+)(?: release)? (.+) ID# ([^ ]+)\) ready (.+) *$">
|
1081
1084
|
<description>Post.Office</description>
|
1082
1085
|
<example host.name="foo.bar" service.version="3.8.4" postoffice.build="116" postoffice.id="1001-65749U100L10S0V38" system.time="Thu, 30 Nov 2017 18:46:24 +0900">foo.bar ESMTP server (post.office v3.8.4 release 116 ID# 1001-65749U100L10S0V38) ready Thu, 30 Nov 2017 18:46:24 +0900</example>
|
1083
1086
|
<example host.name="foo.bar" service.version="3.1" postoffice.build="PO205e" postoffice.id="0-42000U100L2S100" system.time="Tue, 6 Feb 2001 19:38:32 +0100">foo.bar ESMTP server (Post.Office v3.1 release PO205e ID# 0-42000U100L2S100) ready Tue, 6 Feb 2001 19:38:32 +0100</example>
|
@@ -1091,14 +1094,14 @@
|
|
1091
1094
|
<param pos="5" name="system.time"/>
|
1092
1095
|
</fingerprint>
|
1093
1096
|
|
1094
|
-
<fingerprint pattern="^([^ ]
|
1097
|
+
<fingerprint pattern="^([^ ]{1,512}) Generic SMTP handler *$">
|
1095
1098
|
<description>Raptor Firewall (low confidence)</description>
|
1096
1099
|
<example host.name="foo.bar">foo.bar Generic SMTP handler</example>
|
1097
1100
|
<param pos="0" name="service.product" value="raptor"/>
|
1098
1101
|
<param pos="1" name="host.name"/>
|
1099
1102
|
</fingerprint>
|
1100
1103
|
|
1101
|
-
<fingerprint pattern="^(\S
|
1104
|
+
<fingerprint pattern="^(\S{1,512}) SAP (\S+) E?SMTP service ready$">
|
1102
1105
|
<description>SAP SMTP Server</description>
|
1103
1106
|
<example host.name="foo.bar" service.version="8.04(53)">foo.bar SAP 8.04(53) ESMTP service ready</example>
|
1104
1107
|
<param pos="0" name="service.vendor" value="SAP"/>
|
@@ -1116,9 +1119,9 @@
|
|
1116
1119
|
<param pos="0" name="service.cpe23" value="cpe:/a:sendmail:sendmail:-"/>
|
1117
1120
|
</fingerprint>
|
1118
1121
|
|
1119
|
-
<fingerprint pattern="^([^ ]
|
1122
|
+
<fingerprint pattern="^([^ ]{1,512}) +ESMTP +Sendmail +([^ ]+) \(PHNE_([^ ]+)\) */ *(.+); *(.+) \(.+\)$">
|
1120
1123
|
<description>Sendmail - HP-UX with a PHNE (HP Networking patch) installed</description>
|
1121
|
-
<example host.name="foo.bar" service.version="8.8.6" sendmail.config.version="8.7.1">foo.bar ESMTP Sendmail 8.8.6 (PHNE_14041)/8.7.1; Tue, 6 Feb 2001 10:04:32 -0300 (SAT)</example>
|
1124
|
+
<example host.name="foo.bar" service.version="8.8.6" sendmail.config.version="8.7.1" sendmail.hpux.phne.version="14041" system.time="Tue, 6 Feb 2001 10:04:32 -0300">foo.bar ESMTP Sendmail 8.8.6 (PHNE_14041)/8.7.1; Tue, 6 Feb 2001 10:04:32 -0300 (SAT)</example>
|
1122
1125
|
<param pos="0" name="service.vendor" value="Sendmail"/>
|
1123
1126
|
<param pos="0" name="service.family" value="Sendmail"/>
|
1124
1127
|
<param pos="0" name="service.product" value="Sendmail"/>
|
@@ -1135,9 +1138,9 @@
|
|
1135
1138
|
<param pos="5" name="system.time"/>
|
1136
1139
|
</fingerprint>
|
1137
1140
|
|
1138
|
-
<fingerprint pattern="^(\S
|
1141
|
+
<fingerprint pattern="^(\S{1,512}) ESMTP Sendmail \S+ version ([\d\.]+) - Revision \S+ HP-UX([\d\.]+).*(\w\w\w, \d+ \w\w\w \d\d\d\d [\d:]+ \w\w\w)$">
|
1139
1142
|
<description>Sendmail - HP-UX</description>
|
1140
|
-
<example host.name="foo.bar" os.version="11.31" service.version="8.13.3">foo.bar ESMTP Sendmail @(#)Sendmail version 8.13.3 - Revision 1.004:: HP-UX11.31 - 03rd February,2010/8.11.1; Wed, 20 May 2015 23:35:38 GMT</example>
|
1143
|
+
<example host.name="foo.bar" os.version="11.31" service.version="8.13.3" system.time="Wed, 20 May 2015 23:35:38 GMT">foo.bar ESMTP Sendmail @(#)Sendmail version 8.13.3 - Revision 1.004:: HP-UX11.31 - 03rd February,2010/8.11.1; Wed, 20 May 2015 23:35:38 GMT</example>
|
1141
1144
|
<param pos="0" name="service.vendor" value="Sendmail"/>
|
1142
1145
|
<param pos="0" name="service.family" value="Sendmail"/>
|
1143
1146
|
<param pos="0" name="service.product" value="Sendmail"/>
|
@@ -1153,9 +1156,9 @@
|
|
1153
1156
|
<param pos="4" name="system.time"/>
|
1154
1157
|
</fingerprint>
|
1155
1158
|
|
1156
|
-
<fingerprint pattern="^([^ ]
|
1159
|
+
<fingerprint pattern="^([^ ]{1,512}) {1,8}ESMTP +Sendmail +([^ ]+)/UW([^ ]+) ready at *(.+) \(.+\) *$">
|
1157
1160
|
<description>Sendmail - Unixware</description>
|
1158
|
-
<example service.version="8.8.7">foo.bar ESMTP Sendmail 8.8.7/UW7.1.0 ready at Tue, 6 Feb 2001 16:39:30 -0300 (GMT-0300)</example>
|
1161
|
+
<example service.version="8.8.7" host.name="foo.bar" os.version="7.1.0" system.time="Tue, 6 Feb 2001 16:39:30 -0300">foo.bar ESMTP Sendmail 8.8.7/UW7.1.0 ready at Tue, 6 Feb 2001 16:39:30 -0300 (GMT-0300)</example>
|
1159
1162
|
<param pos="0" name="service.vendor" value="Sendmail"/>
|
1160
1163
|
<param pos="0" name="service.family" value="Sendmail"/>
|
1161
1164
|
<param pos="0" name="service.product" value="Sendmail"/>
|
@@ -1170,9 +1173,9 @@
|
|
1170
1173
|
<param pos="4" name="system.time"/>
|
1171
1174
|
</fingerprint>
|
1172
1175
|
|
1173
|
-
<fingerprint pattern="^([^ ]
|
1176
|
+
<fingerprint pattern="^([^ ]{1,512}) ESMTP Sendmail AIX([^/]+)/UCB ([^;]+); (.+) \(.+\)$">
|
1174
1177
|
<description>Sendmail - AIX (UCB variant)</description>
|
1175
|
-
<example os.version="4.2" service.version="8.7">foo.bar ESMTP Sendmail AIX4.2/UCB 8.7; Sun, 29 Jul 2001 22:34:37 -0400 (EDT)</example>
|
1178
|
+
<example os.version="4.2" service.version="8.7" host.name="foo.bar" system.time="Sun, 29 Jul 2001 22:34:37 -0400">foo.bar ESMTP Sendmail AIX4.2/UCB 8.7; Sun, 29 Jul 2001 22:34:37 -0400 (EDT)</example>
|
1176
1179
|
<param pos="0" name="service.vendor" value="Sendmail"/>
|
1177
1180
|
<param pos="0" name="service.family" value="Sendmail"/>
|
1178
1181
|
<param pos="0" name="service.product" value="Sendmail"/>
|
@@ -1188,9 +1191,9 @@
|
|
1188
1191
|
<param pos="4" name="system.time"/>
|
1189
1192
|
</fingerprint>
|
1190
1193
|
|
1191
|
-
<fingerprint pattern="^([^ ]
|
1194
|
+
<fingerprint pattern="^([^ ]{1,512}) Sendmail AIX([^/]+)/UCB ([^/]+)/([^ ]+) ready at (.+)$">
|
1192
1195
|
<description>Sendmail - AIX (UCB/ready at variant)</description>
|
1193
|
-
<example>foo.bar Sendmail AIX 4.1/UCB 5.64/4.03 ready at Mon, 30 Jul 2001 00:42:21 -0500</example>
|
1196
|
+
<example host.name="foo.bar" os.version=" 4.1" service.version="5.64" sendmail.config.version="4.03" system.time="Mon, 30 Jul 2001 00:42:21 -0500">foo.bar Sendmail AIX 4.1/UCB 5.64/4.03 ready at Mon, 30 Jul 2001 00:42:21 -0500</example>
|
1194
1197
|
<param pos="0" name="service.vendor" value="Sendmail"/>
|
1195
1198
|
<param pos="0" name="service.family" value="Sendmail"/>
|
1196
1199
|
<param pos="0" name="service.product" value="Sendmail"/>
|
@@ -1207,10 +1210,10 @@
|
|
1207
1210
|
<param pos="5" name="system.time"/>
|
1208
1211
|
</fingerprint>
|
1209
1212
|
|
1210
|
-
<fingerprint pattern="^([^ ]
|
1213
|
+
<fingerprint pattern="^([^ ]{1,512}) ESMTP Sendmail AIX([^/]+)/([^/]+)/([^;]+); (.+)(?: \(.+\))?$">
|
1211
1214
|
<description>Sendmail - AIX</description>
|
1212
|
-
<example host.name="foo.bar" os.version="4.2" service.version="8.7" sendmail.config.version="8.8">foo.bar ESMTP Sendmail AIX4.2/8.7/8.8; Sun, 29 Jul 2001 22:34:37 -0400 (EDT)</example>
|
1213
|
-
<example host.name="foo.bar" os.version="5.1" service.version="8.11.6p2" sendmail.config.version="8.11.0">foo.bar ESMTP Sendmail AIX5.1/8.11.6p2/8.11.0; Fri, 28 Aug 1970 19:42:05 -0800</example>
|
1215
|
+
<example host.name="foo.bar" os.version="4.2" service.version="8.7" sendmail.config.version="8.8" system.time="Sun, 29 Jul 2001 22:34:37 -0400 (EDT)">foo.bar ESMTP Sendmail AIX4.2/8.7/8.8; Sun, 29 Jul 2001 22:34:37 -0400 (EDT)</example>
|
1216
|
+
<example host.name="foo.bar" os.version="5.1" service.version="8.11.6p2" sendmail.config.version="8.11.0" system.time="Fri, 28 Aug 1970 19:42:05 -0800">foo.bar ESMTP Sendmail AIX5.1/8.11.6p2/8.11.0; Fri, 28 Aug 1970 19:42:05 -0800</example>
|
1214
1217
|
<param pos="0" name="service.vendor" value="Sendmail"/>
|
1215
1218
|
<param pos="0" name="service.family" value="Sendmail"/>
|
1216
1219
|
<param pos="0" name="service.product" value="Sendmail"/>
|
@@ -1227,9 +1230,9 @@
|
|
1227
1230
|
<param pos="5" name="system.time"/>
|
1228
1231
|
</fingerprint>
|
1229
1232
|
|
1230
|
-
<fingerprint pattern="^([^ ]
|
1233
|
+
<fingerprint pattern="^([^ ]{1,512}) ESMTP Sendmail ([^/]+)/([^/]+)/SuSE Linux ([^;]+); (.+)$">
|
1231
1234
|
<description>Sendmail - SuSE Linux</description>
|
1232
|
-
<example>foo.bar ESMTP Sendmail 8.9.3/8.9.3/SuSE Linux 8.9.3-0.1; Mon, 30 Jul 2001 04:48:54 +0200</example>
|
1235
|
+
<example host.name="foo.bar" service.version="8.9.3" sendmail.config.version="8.9.3" sendmail.vendor.version="8.9.3-0.1" system.time="Mon, 30 Jul 2001 04:48:54 +0200">foo.bar ESMTP Sendmail 8.9.3/8.9.3/SuSE Linux 8.9.3-0.1; Mon, 30 Jul 2001 04:48:54 +0200</example>
|
1233
1236
|
<param pos="0" name="service.vendor" value="Sendmail"/>
|
1234
1237
|
<param pos="0" name="service.family" value="Sendmail"/>
|
1235
1238
|
<param pos="0" name="service.product" value="Sendmail"/>
|
@@ -1246,9 +1249,9 @@
|
|
1246
1249
|
<param pos="5" name="system.time"/>
|
1247
1250
|
</fingerprint>
|
1248
1251
|
|
1249
|
-
<fingerprint pattern="^([^ ]
|
1252
|
+
<fingerprint pattern="^([^ ]{1,512}) ESMTP Sendmail ([^ ]+)\+Sun/([^ ]+); (.+)$">
|
1250
1253
|
<description>Sendmail - Solaris with date (no time offeset variant)</description>
|
1251
|
-
<example>foo.bar ESMTP Sendmail 8.9.3+Sun/8.9.1; Mon, 30 Jul 2001 02:50:22 GMT</example>
|
1254
|
+
<example host.name="foo.bar" service.version="8.9.3" sendmail.config.version="8.9.1" system.time="Mon, 30 Jul 2001 02:50:22 GMT">foo.bar ESMTP Sendmail 8.9.3+Sun/8.9.1; Mon, 30 Jul 2001 02:50:22 GMT</example>
|
1252
1255
|
<param pos="0" name="service.vendor" value="Sendmail"/>
|
1253
1256
|
<param pos="0" name="service.family" value="Sendmail"/>
|
1254
1257
|
<param pos="0" name="service.product" value="Sendmail"/>
|
@@ -1264,9 +1267,9 @@
|
|
1264
1267
|
<param pos="4" name="system.time"/>
|
1265
1268
|
</fingerprint>
|
1266
1269
|
|
1267
|
-
<fingerprint pattern="^([^ ]
|
1270
|
+
<fingerprint pattern="^([^ ]{1,512}) ESMTP Sendmail ([^ ]+)\+Sun/([^ ]+) ready at (.+) \(.+\)$">
|
1268
1271
|
<description>Sendmail - Solaris with date (ready variant)</description>
|
1269
|
-
<example>foo.bar ESMTP Sendmail 8.8.8+Sun/8.6.4 ready at Thu, 15 Nov 2000 11:40:32 -0800 (PST)</example>
|
1272
|
+
<example host.name="foo.bar" service.version="8.8.8" sendmail.config.version="8.6.4" system.time="Thu, 15 Nov 2000 11:40:32 -0800">foo.bar ESMTP Sendmail 8.8.8+Sun/8.6.4 ready at Thu, 15 Nov 2000 11:40:32 -0800 (PST)</example>
|
1270
1273
|
<param pos="0" name="service.vendor" value="Sendmail"/>
|
1271
1274
|
<param pos="0" name="service.family" value="Sendmail"/>
|
1272
1275
|
<param pos="0" name="service.product" value="Sendmail"/>
|
@@ -1282,10 +1285,10 @@
|
|
1282
1285
|
<param pos="4" name="system.time"/>
|
1283
1286
|
</fingerprint>
|
1284
1287
|
|
1285
|
-
<fingerprint pattern="^([^ ]
|
1288
|
+
<fingerprint pattern="^([^ ]{1,512}) ESMTP (?:Debian )?Sendmail ([^/]+)/([^/]+)/Debian ([^/]+); (.+) *$">
|
1286
1289
|
<description>Sendmail - Debian</description>
|
1287
|
-
<example service.version="8.12.0.Beta7" sendmail.config.version="8.12.0.Beta7" sendmail.vendor.version="8.12.0.Beta7-1">foo.bar ESMTP Debian Sendmail 8.12.0.Beta7/8.12.0.Beta7/Debian 8.12.0.Beta7-1; Sun, 29 Jul 2001 18:52:20 -0800</example>
|
1288
|
-
<example service.version="8.11.0" sendmail.config.version="8.9.3" sendmail.vendor.version="8.9.3-21">foo.bar ESMTP Sendmail 8.11.0/8.9.3/Debian 8.9.3-21; Sun, 29 Jul 2001 19:51:00 -0700</example>
|
1290
|
+
<example service.version="8.12.0.Beta7" sendmail.config.version="8.12.0.Beta7" sendmail.vendor.version="8.12.0.Beta7-1" host.name="foo.bar" system.time="Sun, 29 Jul 2001 18:52:20 -0800">foo.bar ESMTP Debian Sendmail 8.12.0.Beta7/8.12.0.Beta7/Debian 8.12.0.Beta7-1; Sun, 29 Jul 2001 18:52:20 -0800</example>
|
1291
|
+
<example service.version="8.11.0" sendmail.config.version="8.9.3" sendmail.vendor.version="8.9.3-21" host.name="foo.bar" system.time="Sun, 29 Jul 2001 19:51:00 -0700">foo.bar ESMTP Sendmail 8.11.0/8.9.3/Debian 8.9.3-21; Sun, 29 Jul 2001 19:51:00 -0700</example>
|
1289
1292
|
<param pos="0" name="service.vendor" value="Sendmail"/>
|
1290
1293
|
<param pos="0" name="service.family" value="Sendmail"/>
|
1291
1294
|
<param pos="0" name="service.product" value="Sendmail"/>
|
@@ -1302,10 +1305,10 @@
|
|
1302
1305
|
<param pos="5" name="system.time"/>
|
1303
1306
|
</fingerprint>
|
1304
1307
|
|
1305
|
-
<fingerprint pattern="^([^ ]
|
1308
|
+
<fingerprint pattern="^([^ ]{1,512}) ESMTP Sendmail ([^/]+)/([^/]+)/Debian-\d\+(?:wheezy|deb7u)\d; (.+);">
|
1306
1309
|
<description>Sendmail - Debian 7.x (wheezy)</description>
|
1307
|
-
<example service.version="8.14.4">foo.bar ESMTP Sendmail 8.14.4/8.14.4/Debian-4+wheezy1; Thu, 30 Nov 2017 10:33:05 +0100; (No UCE/UBE) logging access from: xyz.foo.bar(OK)-xyz.foo.bar [10.0.0.1]</example>
|
1308
|
-
<example service.version="8.14.4">foo.bar ESMTP Sendmail 8.14.4/8.14.4/Debian-4+deb7u1; Thu, 30 Nov 2017 11:00:33 +0100; (No UCE/UBE) logging access from: xyz.foo.bar(OK)-xyz.foo.bar [10.0.0.1]</example>
|
1310
|
+
<example host.name="foo.bar" service.version="8.14.4" sendmail.config.version="8.14.4" system.time="Thu, 30 Nov 2017 10:33:05 +0100">foo.bar ESMTP Sendmail 8.14.4/8.14.4/Debian-4+wheezy1; Thu, 30 Nov 2017 10:33:05 +0100; (No UCE/UBE) logging access from: xyz.foo.bar(OK)-xyz.foo.bar [10.0.0.1]</example>
|
1311
|
+
<example service.version="8.14.4" host.name="foo.bar" sendmail.config.version="8.14.4" system.time="Thu, 30 Nov 2017 11:00:33 +0100">foo.bar ESMTP Sendmail 8.14.4/8.14.4/Debian-4+deb7u1; Thu, 30 Nov 2017 11:00:33 +0100; (No UCE/UBE) logging access from: xyz.foo.bar(OK)-xyz.foo.bar [10.0.0.1]</example>
|
1309
1312
|
<param pos="0" name="service.vendor" value="Sendmail"/>
|
1310
1313
|
<param pos="0" name="service.family" value="Sendmail"/>
|
1311
1314
|
<param pos="0" name="service.product" value="Sendmail"/>
|
@@ -1322,9 +1325,9 @@
|
|
1322
1325
|
<param pos="4" name="system.time"/>
|
1323
1326
|
</fingerprint>
|
1324
1327
|
|
1325
|
-
<fingerprint pattern="^([^ ]
|
1328
|
+
<fingerprint pattern="^([^ ]{1,512}) ESMTP Sendmail ([^/]+)/([^/]+)/Debian-\d\+deb8u\d; (.+);">
|
1326
1329
|
<description>Sendmail - Debian 8.x (jessie)</description>
|
1327
|
-
<example service.version="8.14.4">foo.bar ESMTP Sendmail 8.14.4/8.14.4/Debian-8+deb8u2; Thu, 30 Nov 2017 10:25:48 +0100; (No UCE/UBE) logging access from: xyz.foo.bar(OK)-xyz.foo.bar [10.0.0.1]</example>
|
1330
|
+
<example service.version="8.14.4" host.name="foo.bar" sendmail.config.version="8.14.4" system.time="Thu, 30 Nov 2017 10:25:48 +0100">foo.bar ESMTP Sendmail 8.14.4/8.14.4/Debian-8+deb8u2; Thu, 30 Nov 2017 10:25:48 +0100; (No UCE/UBE) logging access from: xyz.foo.bar(OK)-xyz.foo.bar [10.0.0.1]</example>
|
1328
1331
|
<param pos="0" name="service.vendor" value="Sendmail"/>
|
1329
1332
|
<param pos="0" name="service.family" value="Sendmail"/>
|
1330
1333
|
<param pos="0" name="service.product" value="Sendmail"/>
|
@@ -1341,9 +1344,9 @@
|
|
1341
1344
|
<param pos="4" name="system.time"/>
|
1342
1345
|
</fingerprint>
|
1343
1346
|
|
1344
|
-
<fingerprint pattern="^([^ ]
|
1347
|
+
<fingerprint pattern="^([^ ]{1,512}) ESMTP Sendmail ([^/]+)/([^/]+)/Debian-\d\+deb9u1; (.+);">
|
1345
1348
|
<description>Sendmail - Debian 9.1 (stretch)</description>
|
1346
|
-
<example service.version="8.15.2">foo.bar ESMTP Sendmail 8.15.2/8.15.2/Debian-8+deb9u1; Thu, 29 Apr 2021 06:45:02 +0200; (No UCE/UBE) logging access from: xyz.foo.bar(OK)-xyz.foo.bar [10.0.0.1]</example>
|
1349
|
+
<example host.name="foo.bar" service.version="8.15.2" sendmail.config.version="8.15.2" system.time="Thu, 29 Apr 2021 06:45:02 +0200">foo.bar ESMTP Sendmail 8.15.2/8.15.2/Debian-8+deb9u1; Thu, 29 Apr 2021 06:45:02 +0200; (No UCE/UBE) logging access from: xyz.foo.bar(OK)-xyz.foo.bar [10.0.0.1]</example>
|
1347
1350
|
<param pos="0" name="service.vendor" value="Sendmail"/>
|
1348
1351
|
<param pos="0" name="service.family" value="Sendmail"/>
|
1349
1352
|
<param pos="0" name="service.product" value="Sendmail"/>
|
@@ -1360,9 +1363,9 @@
|
|
1360
1363
|
<param pos="4" name="system.time"/>
|
1361
1364
|
</fingerprint>
|
1362
1365
|
|
1363
|
-
<fingerprint pattern="^([^ ]
|
1366
|
+
<fingerprint pattern="^([^ ]{1,512}) ESMTP Sendmail ([^/]+)/([^/]+)/Debian-\d\+lenny\d; (.+);">
|
1364
1367
|
<description>Sendmail - Debian 5.x (lenny)</description>
|
1365
|
-
<example service.version="8.14.3">foo.bar ESMTP Sendmail 8.14.3/8.14.3/Debian-5+lenny1; Thu, 30 Nov 2017 12:29:40 +0300; (No UCE/UBE) logging access from: xyz.foo.bar(OK)-xyz.foo.bar [10.0.0.1]</example>
|
1368
|
+
<example service.version="8.14.3" host.name="foo.bar" sendmail.config.version="8.14.3" system.time="Thu, 30 Nov 2017 12:29:40 +0300">foo.bar ESMTP Sendmail 8.14.3/8.14.3/Debian-5+lenny1; Thu, 30 Nov 2017 12:29:40 +0300; (No UCE/UBE) logging access from: xyz.foo.bar(OK)-xyz.foo.bar [10.0.0.1]</example>
|
1366
1369
|
<param pos="0" name="service.vendor" value="Sendmail"/>
|
1367
1370
|
<param pos="0" name="service.family" value="Sendmail"/>
|
1368
1371
|
<param pos="0" name="service.product" value="Sendmail"/>
|
@@ -1379,9 +1382,9 @@
|
|
1379
1382
|
<param pos="4" name="system.time"/>
|
1380
1383
|
</fingerprint>
|
1381
1384
|
|
1382
|
-
<fingerprint pattern="^([^ ]
|
1385
|
+
<fingerprint pattern="^([^ ]{1,512}) ESMTP Sendmail ([^/]+)/([^/]+)/Debian-\d\+etch\d; (.+);">
|
1383
1386
|
<description>Sendmail - Debian 4.x (etch)</description>
|
1384
|
-
<example service.version="8.13.8" sendmail.config.version="8.13.8">foo.bar ESMTP Sendmail 8.13.8/8.13.8/Debian-3+etch1; Thu, 30 Nov 2017 10:28:23 +0100; (No UCE/UBE) logging access from: xyz.foo.bar(OK)-xyz.foo.bar [10.0.0.1]</example>
|
1387
|
+
<example service.version="8.13.8" sendmail.config.version="8.13.8" host.name="foo.bar" system.time="Thu, 30 Nov 2017 10:28:23 +0100">foo.bar ESMTP Sendmail 8.13.8/8.13.8/Debian-3+etch1; Thu, 30 Nov 2017 10:28:23 +0100; (No UCE/UBE) logging access from: xyz.foo.bar(OK)-xyz.foo.bar [10.0.0.1]</example>
|
1385
1388
|
<param pos="0" name="service.vendor" value="Sendmail"/>
|
1386
1389
|
<param pos="0" name="service.family" value="Sendmail"/>
|
1387
1390
|
<param pos="0" name="service.product" value="Sendmail"/>
|
@@ -1398,9 +1401,9 @@
|
|
1398
1401
|
<param pos="4" name="system.time"/>
|
1399
1402
|
</fingerprint>
|
1400
1403
|
|
1401
|
-
<fingerprint pattern="^([^ ]
|
1404
|
+
<fingerprint pattern="^([^ ]{1,512}) ESMTP Sendmail ([^/]+)/([^/]+)/Debian-\dsarge\d; (.+);">
|
1402
1405
|
<description>Sendmail - Debian 3.1 (sarge)</description>
|
1403
|
-
<example service.version="8.13.4">foo.bar ESMTP Sendmail 8.13.4/8.13.4/Debian-3sarge1; Thu, 30 Nov 2017 10:55:47 +0100; (No UCE/UBE) logging access from: xyz.foo.bar(OK)-xyz.foo.bar [10.0.0.1]</example>
|
1406
|
+
<example service.version="8.13.4" host.name="foo.bar" sendmail.config.version="8.13.4" system.time="Thu, 30 Nov 2017 10:55:47 +0100">foo.bar ESMTP Sendmail 8.13.4/8.13.4/Debian-3sarge1; Thu, 30 Nov 2017 10:55:47 +0100; (No UCE/UBE) logging access from: xyz.foo.bar(OK)-xyz.foo.bar [10.0.0.1]</example>
|
1404
1407
|
<param pos="0" name="service.vendor" value="Sendmail"/>
|
1405
1408
|
<param pos="0" name="service.family" value="Sendmail"/>
|
1406
1409
|
<param pos="0" name="service.product" value="Sendmail"/>
|
@@ -1417,11 +1420,11 @@
|
|
1417
1420
|
<param pos="4" name="system.time"/>
|
1418
1421
|
</fingerprint>
|
1419
1422
|
|
1420
|
-
<fingerprint pattern="^([^ ]
|
1423
|
+
<fingerprint pattern="^([^ ]{1,512}) ESMTP Sendmail ([^/]+)/([^/]+)/Debian-\d(?:\.\d)?(?:build\d)?;+ (.+);">
|
1421
1424
|
<description>Sendmail - Debian patch only</description>
|
1422
|
-
<example service.version="8.15.2">foo.bar ESMTP Sendmail 8.15.2/8.15.2/Debian-3; Thu, 30 Nov 2017 10:55:50 +0200; (No UCE/UBE) logging access from: xyz.foo.bar(OK)-xyz.foo.bar [10.0.0.1]</example>
|
1423
|
-
<example service.version="8.14.3">foo.bar ESMTP Sendmail 8.14.3/8.14.3/Debian-9.4; Thu, 30 Nov 2017 10:11:54 +0100; (No UCE/UBE) logging access from: xyz.foo.bar(OK)-xyz.foo.bar [10.0.0.1]</example>
|
1424
|
-
<example service.version="8.14.2">foo.bar ESMTP Sendmail 8.14.2/8.14.2/Debian-2build1; Thu, 30 Nov 2017 04:09:50 -0600; (No UCE/UBE) logging access from: xyz.foo.bar(OK)-xyz.foo.bar [10.0.0.1]</example>
|
1425
|
+
<example service.version="8.15.2" host.name="foo.bar" sendmail.config.version="8.15.2" system.time="Thu, 30 Nov 2017 10:55:50 +0200">foo.bar ESMTP Sendmail 8.15.2/8.15.2/Debian-3; Thu, 30 Nov 2017 10:55:50 +0200; (No UCE/UBE) logging access from: xyz.foo.bar(OK)-xyz.foo.bar [10.0.0.1]</example>
|
1426
|
+
<example service.version="8.14.3" host.name="foo.bar" sendmail.config.version="8.14.3" system.time="Thu, 30 Nov 2017 10:11:54 +0100">foo.bar ESMTP Sendmail 8.14.3/8.14.3/Debian-9.4; Thu, 30 Nov 2017 10:11:54 +0100; (No UCE/UBE) logging access from: xyz.foo.bar(OK)-xyz.foo.bar [10.0.0.1]</example>
|
1427
|
+
<example service.version="8.14.2" host.name="foo.bar" sendmail.config.version="8.14.2" system.time="Thu, 30 Nov 2017 04:09:50 -0600">foo.bar ESMTP Sendmail 8.14.2/8.14.2/Debian-2build1; Thu, 30 Nov 2017 04:09:50 -0600; (No UCE/UBE) logging access from: xyz.foo.bar(OK)-xyz.foo.bar [10.0.0.1]</example>
|
1425
1428
|
<param pos="0" name="service.vendor" value="Sendmail"/>
|
1426
1429
|
<param pos="0" name="service.family" value="Sendmail"/>
|
1427
1430
|
<param pos="0" name="service.product" value="Sendmail"/>
|
@@ -1437,10 +1440,10 @@
|
|
1437
1440
|
<param pos="4" name="system.time"/>
|
1438
1441
|
</fingerprint>
|
1439
1442
|
|
1440
|
-
<fingerprint pattern="^([^ ]
|
1443
|
+
<fingerprint pattern="^([^ ]{1,512}) ESMTP Sendmail ([^/]+)/[^/]+/Debian-[\d.]+ubuntu[^ ]*; (.+);">
|
1441
1444
|
<description>Sendmail - Ubuntu</description>
|
1442
|
-
<example service.version="8.13.5.20060308">foo.bar ESMTP Sendmail 8.13.5.20060308/8.13.5/Debian-3ubuntu1.1; Fri, 24 Jul 2009 01:41:21 -0700; (No UCE/UBE) logging access from: xyz.foo.bar(OK)-xyz.foo.bar [10.0.0.1]</example>
|
1443
|
-
<example service.version="8.14.4">foo.bar ESMTP Sendmail 8.14.4/8.14.4/Debian-4.1ubuntu1; Thu, 30 Nov 2017 11:00:30 +0100; (No UCE/UBE) logging access from: xyz.foo.bar(OK)-xyz.foo.bar [10.0.0.1]</example>
|
1445
|
+
<example service.version="8.13.5.20060308" host.name="foo.bar" system.time="Fri, 24 Jul 2009 01:41:21 -0700">foo.bar ESMTP Sendmail 8.13.5.20060308/8.13.5/Debian-3ubuntu1.1; Fri, 24 Jul 2009 01:41:21 -0700; (No UCE/UBE) logging access from: xyz.foo.bar(OK)-xyz.foo.bar [10.0.0.1]</example>
|
1446
|
+
<example service.version="8.14.4" host.name="foo.bar" system.time="Thu, 30 Nov 2017 11:00:30 +0100">foo.bar ESMTP Sendmail 8.14.4/8.14.4/Debian-4.1ubuntu1; Thu, 30 Nov 2017 11:00:30 +0100; (No UCE/UBE) logging access from: xyz.foo.bar(OK)-xyz.foo.bar [10.0.0.1]</example>
|
1444
1447
|
<param pos="0" name="service.vendor" value="Sendmail"/>
|
1445
1448
|
<param pos="0" name="service.family" value="Sendmail"/>
|
1446
1449
|
<param pos="0" name="service.product" value="Sendmail"/>
|
@@ -1455,9 +1458,9 @@
|
|
1455
1458
|
<param pos="3" name="system.time"/>
|
1456
1459
|
</fingerprint>
|
1457
1460
|
|
1458
|
-
<fingerprint pattern="^([^ ]
|
1461
|
+
<fingerprint pattern="^([^ ]{1,512}) (?:E?SMTP )?Sendmail SMI-([^/]+)/(SMI-SVR4) ready at (.+)$">
|
1459
1462
|
<description>Sendmail - Solaris (SMI variant)</description>
|
1460
|
-
<example>foo.bar Sendmail SMI-8.6/SMI-SVR4 ready at Sun, 29 Jul 2001 22:58:46 -0400</example>
|
1463
|
+
<example host.name="foo.bar" service.version="8.6" sendmail.config.version="SMI-SVR4" system.time="Sun, 29 Jul 2001 22:58:46 -0400">foo.bar Sendmail SMI-8.6/SMI-SVR4 ready at Sun, 29 Jul 2001 22:58:46 -0400</example>
|
1461
1464
|
<param pos="0" name="service.vendor" value="Sendmail"/>
|
1462
1465
|
<param pos="0" name="service.family" value="Sendmail"/>
|
1463
1466
|
<param pos="0" name="service.product" value="Sendmail"/>
|
@@ -1473,9 +1476,9 @@
|
|
1473
1476
|
<param pos="4" name="system.time"/>
|
1474
1477
|
</fingerprint>
|
1475
1478
|
|
1476
|
-
<fingerprint pattern="^([^ ]
|
1479
|
+
<fingerprint pattern="^([^ ]{1,512}) ESMTP Sendmail ([^ ]+)/(linuxconf); (.+)$">
|
1477
1480
|
<description>Sendmail - unknown platform (linuxconf variant)</description>
|
1478
|
-
<example>foo.bar ESMTP Sendmail 8.9.3/linuxconf; Sun, 29 Jul 2001 22:48:28 -0400</example>
|
1481
|
+
<example host.name="foo.bar" service.version="8.9.3" sendmail.config.version="linuxconf" system.time="Sun, 29 Jul 2001 22:48:28 -0400">foo.bar ESMTP Sendmail 8.9.3/linuxconf; Sun, 29 Jul 2001 22:48:28 -0400</example>
|
1479
1482
|
<param pos="0" name="service.vendor" value="Sendmail"/>
|
1480
1483
|
<param pos="0" name="service.family" value="Sendmail"/>
|
1481
1484
|
<param pos="0" name="service.product" value="Sendmail"/>
|
@@ -1489,9 +1492,9 @@
|
|
1489
1492
|
<param pos="4" name="system.time"/>
|
1490
1493
|
</fingerprint>
|
1491
1494
|
|
1492
|
-
<fingerprint pattern="^([^ ]
|
1495
|
+
<fingerprint pattern="^([^ ]{1,512}) ESMTP MetaInfo Sendmail ([^ ]+) Build ([^ ]+) \(Berkeley ([^ ]+)\)/([^;]+); (.+)$">
|
1493
1496
|
<description>Sendmail - MetaInfo</description>
|
1494
|
-
<example host.name="foo.bar" service.version="8.8.6">foo.bar ESMTP MetaInfo Sendmail 2.5 Build 2630 (Berkeley 8.8.6)/8.8.4; Mon, 30 Jul</example>
|
1497
|
+
<example host.name="foo.bar" service.version="8.8.6" metainfo.version="2.5" metainfo.version.version="2630" sendmail.config.version="8.8.4" system.time="Mon, 30 Jul">foo.bar ESMTP MetaInfo Sendmail 2.5 Build 2630 (Berkeley 8.8.6)/8.8.4; Mon, 30 Jul</example>
|
1495
1498
|
<param pos="0" name="service.vendor" value="MetaInfo"/>
|
1496
1499
|
<param pos="0" name="service.family" value="Sendmail"/>
|
1497
1500
|
<param pos="0" name="service.product" value="Sendmail"/>
|
@@ -1508,14 +1511,14 @@
|
|
1508
1511
|
<param pos="6" name="system.time"/>
|
1509
1512
|
</fingerprint>
|
1510
1513
|
|
1511
|
-
<fingerprint pattern="^([^ ]
|
1514
|
+
<fingerprint pattern="^([^ ]{1,512}) +ESMTP .*Sendmail +([^/ ]+) */ *([^/ ]+); *((?:\w\w\w, \d+ \w\w\w \d\d\d\d [\d:]+ [-+]\d\d\d\d)?)(?: \(.+\))?$">
|
1512
1515
|
<description>Sendmail - optional timezone and timestamp, w/o OS</description>
|
1513
1516
|
<example host.name="foo.bar" service.version="8.9.3+3.4W" sendmail.config.version="8.9.3+3.4W" system.time="Tue, 30 Jan 2001 20:40:09 -0500">foo.bar ESMTP Sendmail 8.9.3+3.4W/8.9.3+3.4W; Tue, 30 Jan 2001 20:40:09 -0500 (EST)</example>
|
1514
1517
|
<example host.name="foo.bar" service.version="8.12.10" sendmail.config.version="8.12.10">foo.bar ESMTP Sendmail 8.12.10/8.12.10;</example>
|
1515
|
-
<example host.name="foo.bar" service.version="8.8.8" sendmail.config.version="8.8.9">foo.bar ESMTP Sendmail 8.8.8/8.8.9; Wed, 21 Nov 2001 23:39:07 +0100 (CET)</example>
|
1516
|
-
<example host.name="foo.bar" service.version="8.8.8" sendmail.config.version="8.8.9">foo.bar ESMTP blah Sendmail 8.8.8/8.8.9; Wed, 21 Nov 2001 23:39:07 +0100 (CET)</example>
|
1517
|
-
<example host.name="foo.bar" service.version="8.10.2" sendmail.config.version="8.10.3">foo.bar ESMTP Sendmail 8.10.2/8.10.3; Mon, 10 Sep 2001 08:37:14 -0400</example>
|
1518
|
-
<example host.name="foo.bar" service.version="8.13.8" sendmail.config.version="8.13.9">foo.bar ESMTP foo-MTA Sendmail 8.13.8/8.13.9; Mon, 18 Apr 2011 08:52:38 -0700</example>
|
1518
|
+
<example host.name="foo.bar" service.version="8.8.8" sendmail.config.version="8.8.9" system.time="Wed, 21 Nov 2001 23:39:07 +0100">foo.bar ESMTP Sendmail 8.8.8/8.8.9; Wed, 21 Nov 2001 23:39:07 +0100 (CET)</example>
|
1519
|
+
<example host.name="foo.bar" service.version="8.8.8" sendmail.config.version="8.8.9" system.time="Wed, 21 Nov 2001 23:39:07 +0100">foo.bar ESMTP blah Sendmail 8.8.8/8.8.9; Wed, 21 Nov 2001 23:39:07 +0100 (CET)</example>
|
1520
|
+
<example host.name="foo.bar" service.version="8.10.2" sendmail.config.version="8.10.3" system.time="Mon, 10 Sep 2001 08:37:14 -0400">foo.bar ESMTP Sendmail 8.10.2/8.10.3; Mon, 10 Sep 2001 08:37:14 -0400</example>
|
1521
|
+
<example host.name="foo.bar" service.version="8.13.8" sendmail.config.version="8.13.9" system.time="Mon, 18 Apr 2011 08:52:38 -0700">foo.bar ESMTP foo-MTA Sendmail 8.13.8/8.13.9; Mon, 18 Apr 2011 08:52:38 -0700</example>
|
1519
1522
|
<param pos="0" name="service.vendor" value="Sendmail"/>
|
1520
1523
|
<param pos="0" name="service.product" value="Sendmail"/>
|
1521
1524
|
<param pos="0" name="system.time.format" value="EEE, d MMM yyyy HH:mm:ss Z"/>
|
@@ -1526,7 +1529,7 @@
|
|
1526
1529
|
<param pos="4" name="system.time"/>
|
1527
1530
|
</fingerprint>
|
1528
1531
|
|
1529
|
-
<fingerprint pattern="^([^ ]
|
1532
|
+
<fingerprint pattern="^([^ ]{1,512}) +ESMTP .*Sendmail +([^/ ]+) */ *([^/ ]+); *(\w\w\w, \d+ \w\w\w \d\d\d\d [\d:]+ \w+)\.?$">
|
1530
1533
|
<description>Sendmail - with timezone and timestamp, w/o timezone offset or OS</description>
|
1531
1534
|
<example host.name="foo.bar" service.version="8.14.4" sendmail.config.version="8.14.4" system.time="Thu, 5 Apr 2018 19:30:58 GMT">foo.bar ESMTP Sendmail 8.14.4/8.14.4; Thu, 5 Apr 2018 19:30:58 GMT</example>
|
1532
1535
|
<param pos="0" name="service.vendor" value="Sendmail"/>
|
@@ -1539,7 +1542,7 @@
|
|
1539
1542
|
<param pos="4" name="system.time"/>
|
1540
1543
|
</fingerprint>
|
1541
1544
|
|
1542
|
-
<fingerprint pattern="^([^ ]
|
1545
|
+
<fingerprint pattern="^([^ ]{1,512}) +ESMTP +Sendmail ([^ ]+) ready at *(\w\w\w, \d+ \w\w\w \d\d\d\d [\d:]+ [-+]\d\d\d\d)(?: \(.+\))$">
|
1543
1546
|
<description>Sendmail - with version and date (optional timezone), w/o config version</description>
|
1544
1547
|
<example host.name="foo.bar" service.version="8.8.8" system.time="Tue, 6 Feb 2001 14:37:14 +0100">foo.bar ESMTP Sendmail 8.8.8 ready at Tue, 6 Feb 2001 14:37:14 +0100 (CET)</example>
|
1545
1548
|
<param pos="0" name="service.vendor" value="Sendmail"/>
|
@@ -1552,9 +1555,9 @@
|
|
1552
1555
|
<param pos="3" name="system.time"/>
|
1553
1556
|
</fingerprint>
|
1554
1557
|
|
1555
|
-
<fingerprint pattern="^([^ ]
|
1558
|
+
<fingerprint pattern="^([^ ]{1,512}) +ESMTP +Sendmail ([^ /]+) - \([^\)]+\)/[^ ]+;? *(\w\w\w, \d+ \w\w\w \d\d\d\d [\d:]+ [-+]\d\d\d\d)(?: \(.+\)) *$">
|
1556
1559
|
<description>Sendmail - revision variant 1</description>
|
1557
|
-
<example>foo.foo.bar ESMTP Sendmail 8.11.1 - (Revision 1.010)/8.9.3; Sat, 22 Jan 2011 10:08:35 -0500 (EST)</example>
|
1560
|
+
<example host.name="foo.foo.bar" service.version="8.11.1" system.time="Sat, 22 Jan 2011 10:08:35 -0500">foo.foo.bar ESMTP Sendmail 8.11.1 - (Revision 1.010)/8.9.3; Sat, 22 Jan 2011 10:08:35 -0500 (EST)</example>
|
1558
1561
|
<param pos="0" name="service.vendor" value="Sendmail"/>
|
1559
1562
|
<param pos="0" name="service.family" value="Sendmail"/>
|
1560
1563
|
<param pos="0" name="service.product" value="Sendmail"/>
|
@@ -1565,9 +1568,9 @@
|
|
1565
1568
|
<param pos="3" name="system.time"/>
|
1566
1569
|
</fingerprint>
|
1567
1570
|
|
1568
|
-
<fingerprint pattern="^([^ ]
|
1571
|
+
<fingerprint pattern="^([^ ]{1,512}) +ESMTP +Sendmail +(?:[^ ]+) +version +([^ ]+) +- +(?:[^;]+); *(\w\w\w, \d+ \w\w\w \d\d\d\d [\d:]+ [-+]\d\d\d\d)(?: \(.+\)) *$">
|
1569
1572
|
<description>Sendmail - revision variant 2</description>
|
1570
|
-
<example>foo.foo.bar ESMTP Sendmail @(#)Sendmail version 8.13.3 - Revision 2.007 - 8 December 2008/8.8.6; Wed, 21 Jul 2010 11:17:01 -0400 (EDT)</example>
|
1573
|
+
<example host.name="foo.foo.bar" service.version="8.13.3" system.time="Wed, 21 Jul 2010 11:17:01 -0400">foo.foo.bar ESMTP Sendmail @(#)Sendmail version 8.13.3 - Revision 2.007 - 8 December 2008/8.8.6; Wed, 21 Jul 2010 11:17:01 -0400 (EDT)</example>
|
1571
1574
|
<param pos="0" name="service.vendor" value="Sendmail"/>
|
1572
1575
|
<param pos="0" name="service.family" value="Sendmail"/>
|
1573
1576
|
<param pos="0" name="service.product" value="Sendmail"/>
|
@@ -1578,13 +1581,13 @@
|
|
1578
1581
|
<param pos="3" name="system.time"/>
|
1579
1582
|
</fingerprint>
|
1580
1583
|
|
1581
|
-
<fingerprint pattern="
|
1584
|
+
<fingerprint pattern="(?i)^([^ ]{1,512}) {1,8}(?:ESMTP +)?Sendmail *(?: Ready.? ?)?(?:;|at)? ?((?:\w\w\w, \d+ \w\w\w \d\d\d\d [\d:]+ [-+]\d\d\d\d)?)(?: \(.+\))?$">
|
1582
1585
|
<description>Sendmail - with date, w/o version or platform, optional status string.</description>
|
1583
|
-
<example host.name="foo.bar">foo.bar ESMTP Sendmail ; Thu, 30 Nov 2017 17:50:14 +0900</example>
|
1584
|
-
<example host.name="foo.bar">foo.bar ESMTP Sendmail; Thu, 30 Nov 2017 17:50:14 +0900</example>
|
1586
|
+
<example host.name="foo.bar" system.time="Thu, 30 Nov 2017 17:50:14 +0900">foo.bar ESMTP Sendmail ; Thu, 30 Nov 2017 17:50:14 +0900</example>
|
1587
|
+
<example host.name="foo.bar" system.time="Thu, 30 Nov 2017 17:50:14 +0900">foo.bar ESMTP Sendmail; Thu, 30 Nov 2017 17:50:14 +0900</example>
|
1585
1588
|
<example host.name="foo.bar" system.time="Wed, 20 May 2015 17:17:56 -0600">foo.bar ESMTP Sendmail Wed, 20 May 2015 17:17:56 -0600</example>
|
1586
1589
|
<example host.name="foo.bar" system.time="Thu, 30 Nov 2017 10:24:14 +0100">foo.bar ESMTP Sendmail Ready; Thu, 30 Nov 2017 10:24:14 +0100</example>
|
1587
|
-
<example host.name="foo.bar">foo.bar ESMTP Sendmail ready at Fri, 6 Apr 2018 04:57:01 +0900</example>
|
1590
|
+
<example host.name="foo.bar" system.time="Fri, 6 Apr 2018 04:57:01 +0900">foo.bar ESMTP Sendmail ready at Fri, 6 Apr 2018 04:57:01 +0900</example>
|
1588
1591
|
<example host.name="foo.bar">foo.bar ESMTP Sendmail ready</example>
|
1589
1592
|
<example host.name="foo.bar">foo.bar ESMTP Sendmail ready. </example>
|
1590
1593
|
<example host.name="foo.bar">foo.bar ESMTP Sendmail</example>
|
@@ -1612,9 +1615,9 @@
|
|
1612
1615
|
<param pos="3" name="system.time"/>
|
1613
1616
|
</fingerprint>
|
1614
1617
|
|
1615
|
-
<fingerprint pattern="^([^ ]
|
1618
|
+
<fingerprint pattern="^([^ ]{1,512}) +ESMTP +Sendmail ([^ /]+) \([^\)]+\) *(.+) \(.+\)$">
|
1616
1619
|
<description>Sendmail - unknown (date in version string variant)</description>
|
1617
|
-
<example>mail.foo.bar ESMTP Sendmail 8.11.1 (1.1.2.11/12Jul01-1016AM) Wed, 8 Jan 2003 11:21:22 +0100 (MET)</example>
|
1620
|
+
<example host.name="mail.foo.bar" service.version="8.11.1" system.time="Wed, 8 Jan 2003 11:21:22 +0100">mail.foo.bar ESMTP Sendmail 8.11.1 (1.1.2.11/12Jul01-1016AM) Wed, 8 Jan 2003 11:21:22 +0100 (MET)</example>
|
1618
1621
|
<param pos="0" name="service.vendor" value="Sendmail"/>
|
1619
1622
|
<param pos="0" name="service.family" value="Sendmail"/>
|
1620
1623
|
<param pos="0" name="service.product" value="Sendmail"/>
|
@@ -1627,7 +1630,7 @@
|
|
1627
1630
|
|
1628
1631
|
<!-- *Sendmail* fingerprints after this line had NO matches in 2017.11.30 Project Sonar data set-->
|
1629
1632
|
|
1630
|
-
<fingerprint pattern="^([^ ]
|
1633
|
+
<fingerprint pattern="^([^ ]{1,512}) Sendmail ([^;]+); ([^;\.]+)$">
|
1631
1634
|
<description>Sendmail - unknown platform, variant 1</description>
|
1632
1635
|
<param pos="0" name="service.vendor" value="Sendmail"/>
|
1633
1636
|
<param pos="0" name="service.family" value="Sendmail"/>
|
@@ -1650,7 +1653,7 @@
|
|
1650
1653
|
<param pos="3" name="host.name"/>
|
1651
1654
|
</fingerprint>
|
1652
1655
|
|
1653
|
-
<fingerprint pattern="^([^ ]
|
1656
|
+
<fingerprint pattern="^([^ ]{1,512}) -- Server ESMTP \(Sun Internet Mail Server sims\.(\d\.[\w.]+)\)$">
|
1654
1657
|
<description>Sun Internet Mail Server</description>
|
1655
1658
|
<example host.name="foo.bar" service.version="4.0.2000.10.12.16.25.p8">foo.bar -- Server ESMTP (Sun Internet Mail Server sims.4.0.2000.10.12.16.25.p8)</example>
|
1656
1659
|
<param pos="0" name="service.vendor" value="Sun"/>
|
@@ -1664,12 +1667,12 @@
|
|
1664
1667
|
<param pos="2" name="service.version"/>
|
1665
1668
|
</fingerprint>
|
1666
1669
|
|
1667
|
-
<fingerprint pattern="^(?:2.0.0 )?([^ ]
|
1670
|
+
<fingerprint pattern="^(?:2.0.0 )?([^ ]{1,512}) ESMTP ecelerity (\d\.[\d.]+) r\(([^)]+)\) (\w\w\w, \d+ \w\w\w \d\d\d\d [\d:]+ [-+]\d\d\d\d) *$">
|
1668
1671
|
<description>Ecelerity</description>
|
1669
|
-
<example host.name="foo.bar" system.time="Thu, 30 Nov 2017 05:11:00 -0500">2.0.0 foo.bar ESMTP ecelerity 4.0.0.43760 r(Platform:4.0.0.1) Thu, 30 Nov 2017 05:11:00 -0500</example>
|
1670
|
-
<example>foo.bar ESMTP ecelerity 3.3.1.44388 r(44388) Thu, 30 Nov 2017 03:10:11 -0700</example>
|
1671
|
-
<example>foo.bar ESMTP ecelerity 3.6.25.56547 r(Core:3.6.25.0) Thu, 30 Nov 2017 03:17:07 -0600</example>
|
1672
|
-
<example service.version="4.2.37.61980" service.component.version=":">foo.bar ESMTP ecelerity 4.2.37.61980 r(:) Thu, 30 Nov 2017 09:58:54 +0000</example>
|
1672
|
+
<example host.name="foo.bar" system.time="Thu, 30 Nov 2017 05:11:00 -0500" service.version="4.0.0.43760" service.component.version="Platform:4.0.0.1">2.0.0 foo.bar ESMTP ecelerity 4.0.0.43760 r(Platform:4.0.0.1) Thu, 30 Nov 2017 05:11:00 -0500</example>
|
1673
|
+
<example host.name="foo.bar" service.version="3.3.1.44388" service.component.version="44388" system.time="Thu, 30 Nov 2017 03:10:11 -0700">foo.bar ESMTP ecelerity 3.3.1.44388 r(44388) Thu, 30 Nov 2017 03:10:11 -0700</example>
|
1674
|
+
<example host.name="foo.bar" service.version="3.6.25.56547" service.component.version="Core:3.6.25.0" system.time="Thu, 30 Nov 2017 03:17:07 -0600">foo.bar ESMTP ecelerity 3.6.25.56547 r(Core:3.6.25.0) Thu, 30 Nov 2017 03:17:07 -0600</example>
|
1675
|
+
<example service.version="4.2.37.61980" service.component.version=":" host.name="foo.bar" system.time="Thu, 30 Nov 2017 09:58:54 +0000">foo.bar ESMTP ecelerity 4.2.37.61980 r(:) Thu, 30 Nov 2017 09:58:54 +0000</example>
|
1673
1676
|
<param pos="0" name="service.vendor" value="Ecelerity"/>
|
1674
1677
|
<param pos="0" name="service.family" value="Ecelerity Mail Server"/>
|
1675
1678
|
<param pos="0" name="service.product" value="Ecelerity Mail Server"/>
|
@@ -1680,11 +1683,11 @@
|
|
1680
1683
|
<param pos="4" name="system.time"/>
|
1681
1684
|
</fingerprint>
|
1682
1685
|
|
1683
|
-
<fingerprint pattern="
|
1686
|
+
<fingerprint pattern="(?i)^([^ ]{1,512}) SMTP Server SLMail v?(\d\.[\d.]+) Ready ESMTP spoken here *$">
|
1684
1687
|
<description>Seattle Labs SLMail server for Windows NT/2k (v2.7 runs on Win9x)</description>
|
1685
|
-
<example service.version="2.7">foo.bar Smtp Server SLMail v2.7 Ready ESMTP spoken here</example>
|
1686
|
-
<example service.version="3.2.3113">foo.bar SMTP Server SLmail 3.2.3113 Ready ESMTP spoken here</example>
|
1687
|
-
<example service.version="5.5.0.4433">foo.bar SMTP Server SLmail 5.5.0.4433 Ready ESMTP spoken here</example>
|
1688
|
+
<example service.version="2.7" host.name="foo.bar">foo.bar Smtp Server SLMail v2.7 Ready ESMTP spoken here</example>
|
1689
|
+
<example service.version="3.2.3113" host.name="foo.bar">foo.bar SMTP Server SLmail 3.2.3113 Ready ESMTP spoken here</example>
|
1690
|
+
<example service.version="5.5.0.4433" host.name="foo.bar">foo.bar SMTP Server SLmail 5.5.0.4433 Ready ESMTP spoken here</example>
|
1688
1691
|
<param pos="0" name="service.vendor" value="Seattle Labs"/>
|
1689
1692
|
<param pos="0" name="service.family" value="SLMail"/>
|
1690
1693
|
<param pos="0" name="service.product" value="SLMail"/>
|
@@ -1692,7 +1695,7 @@
|
|
1692
1695
|
<param pos="2" name="service.version"/>
|
1693
1696
|
</fingerprint>
|
1694
1697
|
|
1695
|
-
<fingerprint pattern="^([^ ]
|
1698
|
+
<fingerprint pattern="^([^ ]{1,512}) +ESMTP Symantec Mail Security$">
|
1696
1699
|
<description>Symantec Mail Security for SMTP</description>
|
1697
1700
|
<example host.name="foo.bar">foo.bar ESMTP Symantec Mail Security</example>
|
1698
1701
|
<param pos="0" name="service.vendor" value="Symantec"/>
|
@@ -1701,7 +1704,7 @@
|
|
1701
1704
|
<param pos="1" name="host.name"/>
|
1702
1705
|
</fingerprint>
|
1703
1706
|
|
1704
|
-
<fingerprint pattern="^([^ ]
|
1707
|
+
<fingerprint pattern="^([^ ]{1,512}) ESMTP Symantec Messaging Gateway$">
|
1705
1708
|
<description>Symantec Mail Gateway</description>
|
1706
1709
|
<example host.name="foo.bar">foo.bar ESMTP Symantec Messaging Gateway</example>
|
1707
1710
|
<param pos="0" name="service.vendor" value="Symantec"/>
|
@@ -1712,7 +1715,7 @@
|
|
1712
1715
|
|
1713
1716
|
<!-- SonicWall makes hardware, virtual appliances, and Windows software. The banner doesn't indicate which. -->
|
1714
1717
|
|
1715
|
-
<fingerprint pattern="
|
1718
|
+
<fingerprint pattern="(?i)^([^ ]{1,512}) ESMTP SonicWALL \(([\d.]+)\)$">
|
1716
1719
|
<description>SonicWall Email Security</description>
|
1717
1720
|
<example host.name="foo.bar" service.version="9.0.5.2077">foo.bar ESMTP SonicWALL (9.0.5.2077)</example>
|
1718
1721
|
<example host.name="foo.bar" service.version="9.1.1.3113">foo.bar ESMTP SonicWall (9.1.1.3113)</example>
|
@@ -1721,9 +1724,10 @@
|
|
1721
1724
|
<param pos="0" name="service.product" value="Email Security"/>
|
1722
1725
|
<param pos="1" name="host.name"/>
|
1723
1726
|
<param pos="2" name="service.version"/>
|
1727
|
+
<param pos="0" name="service.cpe23" value="cpe:/a:sonicwall:email_security:{service.version}"/>
|
1724
1728
|
</fingerprint>
|
1725
1729
|
|
1726
|
-
<fingerprint pattern="^([^ ]
|
1730
|
+
<fingerprint pattern="^([^ ]{1,512}) \(PowerMTA\(TM\) v([\d.r]+)\) ESMTP service ready$">
|
1727
1731
|
<description>PowerMTA</description>
|
1728
1732
|
<example host.name="foo.bar" service.version="3.2r24">foo.bar (PowerMTA(TM) v3.2r24) ESMTP service ready</example>
|
1729
1733
|
<param pos="0" name="service.vendor" value="port25"/>
|
@@ -1733,7 +1737,7 @@
|
|
1733
1737
|
<param pos="2" name="service.version"/>
|
1734
1738
|
</fingerprint>
|
1735
1739
|
|
1736
|
-
<fingerprint pattern="^([^ ]
|
1740
|
+
<fingerprint pattern="^([^ ]{1,512}) +VOPmail ESMTP Receiver Version (\d\.[\d.]+) Ready$">
|
1737
1741
|
<description>VOPMail http://www.vircom.com/en/products/vopmail/vopmail.shtml</description>
|
1738
1742
|
<example host.name="foo.bar" service.version="4.0.179.0">foo.bar VOPmail ESMTP Receiver Version 4.0.179.0 Ready</example>
|
1739
1743
|
<param pos="0" name="service.vendor" value="Vircom"/>
|
@@ -1743,20 +1747,20 @@
|
|
1743
1747
|
<param pos="2" name="service.version"/>
|
1744
1748
|
</fingerprint>
|
1745
1749
|
|
1746
|
-
<fingerprint pattern="^([^ ]
|
1750
|
+
<fingerprint pattern="^([^ ]{1,512}) VPOP3 E?SMTP Server (?:Ready|access not allowed!)$">
|
1747
1751
|
<description>VPOP3 Email server: http://www.pscs.co.uk/products/vpop3/index.html</description>
|
1748
|
-
<example>foo.bar VPOP3 ESMTP Server Ready</example>
|
1749
|
-
<example>foo.bar VPOP3 SMTP Server Ready</example>
|
1750
|
-
<example>foo.bar VPOP3 SMTP Server access not allowed!</example>
|
1752
|
+
<example host.name="foo.bar">foo.bar VPOP3 ESMTP Server Ready</example>
|
1753
|
+
<example host.name="foo.bar">foo.bar VPOP3 SMTP Server Ready</example>
|
1754
|
+
<example host.name="foo.bar">foo.bar VPOP3 SMTP Server access not allowed!</example>
|
1751
1755
|
<param pos="0" name="service.vendor" value="Paul Smith Computer Services"/>
|
1752
1756
|
<param pos="0" name="service.family" value="VPOP3"/>
|
1753
1757
|
<param pos="0" name="service.product" value="VPOP3"/>
|
1754
1758
|
<param pos="1" name="host.name"/>
|
1755
1759
|
</fingerprint>
|
1756
1760
|
|
1757
|
-
<fingerprint pattern="^([^ ]
|
1761
|
+
<fingerprint pattern="^([^ ]{1,512}) WebShield SMTP V([^ ]+\.[^ ]+) ([^ ]+)? ?Network Associates.*Ready at (.+) *$">
|
1758
1762
|
<description>McAfee WebShield</description>
|
1759
|
-
<example host.name="foo.bar" service.version="4.5" service.version.version="MR1a">foo.bar WebShield SMTP V4.5 MR1a Network Associates, Inc. Ready at Thu Nov 30 09:15:32 2017</example>
|
1763
|
+
<example host.name="foo.bar" service.version="4.5" service.version.version="MR1a" system.time="Thu Nov 30 09:15:32 2017">foo.bar WebShield SMTP V4.5 MR1a Network Associates, Inc. Ready at Thu Nov 30 09:15:32 2017</example>
|
1760
1764
|
<example host.name="foo.bar" service.version="4.5" system.time="Thu Nov 30 09:15:32 2017">foo.bar WebShield SMTP V4.5 Network Associates, Inc. Ready at Thu Nov 30 09:15:32 2017</example>
|
1761
1765
|
<param pos="0" name="service.vendor" value="McAfee"/>
|
1762
1766
|
<param pos="0" name="service.family" value="WebShield"/>
|
@@ -1769,7 +1773,7 @@
|
|
1769
1773
|
<param pos="4" name="system.time"/>
|
1770
1774
|
</fingerprint>
|
1771
1775
|
|
1772
|
-
<fingerprint pattern="^([^ ]
|
1776
|
+
<fingerprint pattern="^([^ ]{1,512}) McAfee WebShield ASaP v([^ ]+\.[^ ]+\.[^ ]+): (.+) *$">
|
1773
1777
|
<description>McAfee Webshield ASaP (bundled hardware / software)</description>
|
1774
1778
|
<example host.name="foo.bar" service.version="1.0.1" system.time="Sun, 29 Jul 2001 22:46:18 -0700">foo.bar McAfee WebShield ASaP v1.0.1: Sun, 29 Jul 2001 22:46:18 -0700</example>
|
1775
1779
|
<param pos="0" name="service.vendor" value="McAfee"/>
|
@@ -1785,7 +1789,7 @@
|
|
1785
1789
|
<param pos="3" name="system.time"/>
|
1786
1790
|
</fingerprint>
|
1787
1791
|
|
1788
|
-
<fingerprint pattern="^([^ ]
|
1792
|
+
<fingerprint pattern="^([^ ]{1,512}) McAfee VirusScreen ASaP v([^ ]+\.[^ ]+): (.+) *$">
|
1789
1793
|
<description>McAfee VirusScreen</description>
|
1790
1794
|
<example host.name="foo.bar" service.version="1.1" system.time="Sun, 20 Jul 2003 09:20:52 -0700">foo.bar McAfee VirusScreen ASaP v1.1: Sun, 20 Jul 2003 09:20:52 -0700</example>
|
1791
1795
|
<param pos="0" name="service.vendor" value="McAfee"/>
|
@@ -1801,7 +1805,7 @@
|
|
1801
1805
|
<param pos="3" name="system.time"/>
|
1802
1806
|
</fingerprint>
|
1803
1807
|
|
1804
|
-
<fingerprint pattern="^([^ ]
|
1808
|
+
<fingerprint pattern="^([^ ]{1,512}) ESMTP Lyris ListManager service ready$">
|
1805
1809
|
<description>Lyris ListManager</description>
|
1806
1810
|
<example host.name="foo.bar">foo.bar ESMTP Lyris ListManager service ready</example>
|
1807
1811
|
<param pos="0" name="service.vendor" value="Lyris"/>
|
@@ -1810,7 +1814,7 @@
|
|
1810
1814
|
<param pos="1" name="host.name"/>
|
1811
1815
|
</fingerprint>
|
1812
1816
|
|
1813
|
-
<fingerprint pattern="^([^ ]
|
1817
|
+
<fingerprint pattern="^([^ ]{1,512}) ESMTP - WinRoute Pro ([^ ]+\.[^ ]+)$">
|
1814
1818
|
<description>WinRoute Pro, runs on 9x/NT/2k http://www.tinysoftware.com/winpro.php</description>
|
1815
1819
|
<example host.name="foo.bar" service.version="4.2.4">foo.bar ESMTP - WinRoute Pro 4.2.4</example>
|
1816
1820
|
<param pos="0" name="service.family" value="WinRoute"/>
|
@@ -1821,7 +1825,7 @@
|
|
1821
1825
|
|
1822
1826
|
<fingerprint pattern="^ESMTP - WinRoute Pro ([^ ]+\.[^ ]+) *(?: #\d)? ?.?((?:\w\w\w, \d+ \w\w\w \d\d\d\d [\d:]+ [-+]\d\d\d\d)?)$">
|
1823
1827
|
<description>WinRoute Pro w/o hostname</description>
|
1824
|
-
<example service.version="4.2.1">ESMTP - WinRoute Pro 4.2.1 Thu, 16 Nov 2017 11:48:15 +0300</example>
|
1828
|
+
<example service.version="4.2.1" system.time="Thu, 16 Nov 2017 11:48:15 +0300">ESMTP - WinRoute Pro 4.2.1 Thu, 16 Nov 2017 11:48:15 +0300</example>
|
1825
1829
|
<param pos="0" name="service.family" value="WinRoute"/>
|
1826
1830
|
<param pos="0" name="service.product" value="WinRoute"/>
|
1827
1831
|
<param pos="0" name="system.time.format" value="EEE, dd MMM yyyy HH:mm:ss Z"/>
|
@@ -1829,9 +1833,9 @@
|
|
1829
1833
|
<param pos="2" name="system.time"/>
|
1830
1834
|
</fingerprint>
|
1831
1835
|
|
1832
|
-
<fingerprint pattern="^([^ ]
|
1836
|
+
<fingerprint pattern="^([^ ]{1,512}) ZMailer Server (\d\.[\d.]+) #([^ ]+) ESMTP ready at (.+) *$">
|
1833
1837
|
<description>ZMailer http://www.zmailer.org/technical.html</description>
|
1834
|
-
<example service.version="2.99.57" service.version.version="1">foo.bar ZMailer Server 2.99.57 #1 ESMTP ready at Thu, 16 Nov 2017 12:00:12 +0300</example>
|
1838
|
+
<example service.version="2.99.57" service.version.version="1" host.name="foo.bar" system.time="Thu, 16 Nov 2017 12:00:12 +0300">foo.bar ZMailer Server 2.99.57 #1 ESMTP ready at Thu, 16 Nov 2017 12:00:12 +0300</example>
|
1835
1839
|
<param pos="0" name="service.vendor" value="ZMailer"/>
|
1836
1840
|
<param pos="0" name="service.family" value="ZMailer"/>
|
1837
1841
|
<param pos="0" name="service.product" value="ZMailer"/>
|
@@ -1842,9 +1846,9 @@
|
|
1842
1846
|
<param pos="4" name="system.time"/>
|
1843
1847
|
</fingerprint>
|
1844
1848
|
|
1845
|
-
<fingerprint pattern="^([^ ]
|
1849
|
+
<fingerprint pattern="^([^ ]{1,512}) ZMailer Server (\d\.[\d.]+) #([^ ]+) ESMTP\+IDENT ready at (.+) *$">
|
1846
1850
|
<description>ZMailer server that supports IDENT</description>
|
1847
|
-
<example service.version="2.99.55" service.version.version="16">foo.bar ZMailer Server 2.99.55 #16 ESMTP+IDENT ready at Thu, 16 Nov 2017 06:51:42 -0300</example>
|
1851
|
+
<example service.version="2.99.55" service.version.version="16" host.name="foo.bar" system.time="Thu, 16 Nov 2017 06:51:42 -0300">foo.bar ZMailer Server 2.99.55 #16 ESMTP+IDENT ready at Thu, 16 Nov 2017 06:51:42 -0300</example>
|
1848
1852
|
<param pos="0" name="service.vendor" value="ZMailer"/>
|
1849
1853
|
<param pos="0" name="service.family" value="ZMailer"/>
|
1850
1854
|
<param pos="0" name="service.product" value="ZMailer"/>
|
@@ -1856,10 +1860,10 @@
|
|
1856
1860
|
<param pos="4" name="system.time"/>
|
1857
1861
|
</fingerprint>
|
1858
1862
|
|
1859
|
-
<fingerprint pattern="^([^ ]
|
1863
|
+
<fingerprint pattern="^([^ ]{1,512}) Kerio Connect (\d\.[\d.]+) (?:patch (\d) )?ESMTP ready$">
|
1860
1864
|
<description>Kerio Connect ESMTP</description>
|
1861
1865
|
<example host.name="foo.bar" service.version="8.0.2">foo.bar Kerio Connect 8.0.2 ESMTP ready</example>
|
1862
|
-
<example service.version="9.2.5" service.version.version="3">foo.bar Kerio Connect 9.2.5 patch 3 ESMTP ready</example>
|
1866
|
+
<example service.version="9.2.5" service.version.version="3" host.name="foo.bar">foo.bar Kerio Connect 9.2.5 patch 3 ESMTP ready</example>
|
1863
1867
|
<param pos="0" name="service.vendor" value="Kerio"/>
|
1864
1868
|
<param pos="0" name="service.family" value="Connect"/>
|
1865
1869
|
<param pos="0" name="service.product" value="ESMTP"/>
|
@@ -1868,7 +1872,7 @@
|
|
1868
1872
|
<param pos="3" name="service.version.version"/>
|
1869
1873
|
</fingerprint>
|
1870
1874
|
|
1871
|
-
<fingerprint pattern="^([^ ]
|
1875
|
+
<fingerprint pattern="^([^ ]{1,512}) ESMTP CommuniGate Pro (\d\.[\w.]+)(?:. It is you again :-\()?$">
|
1872
1876
|
<description>Communigate Pro</description>
|
1873
1877
|
<example host.name="foo.bar" service.version="5.3.1">foo.bar ESMTP CommuniGate Pro 5.3.1</example>
|
1874
1878
|
<example host.name="foo.bar" service.version="6.2c3">foo.bar ESMTP CommuniGate Pro 6.2c3</example>
|
@@ -1881,7 +1885,7 @@
|
|
1881
1885
|
<param pos="0" name="service.cpe23" value="cpe:/a:communigate:communigate_pro:{service.version}"/>
|
1882
1886
|
</fingerprint>
|
1883
1887
|
|
1884
|
-
<fingerprint pattern="^(\S
|
1888
|
+
<fingerprint pattern="^(\S{1,512}) NO UCE NO UBE NO RELAY PROBES ESMTP">
|
1885
1889
|
<description>Twisted SMTP server</description>
|
1886
1890
|
<example host.name="foo.bar">foo.bar NO UCE NO UBE NO RELAY PROBES ESMTP</example>
|
1887
1891
|
<param pos="0" name="service.vendor" value="Twisted Matrix Labs"/>
|
@@ -1909,9 +1913,9 @@
|
|
1909
1913
|
<param pos="1" name="service.version"/>
|
1910
1914
|
</fingerprint>
|
1911
1915
|
|
1912
|
-
<fingerprint pattern="^([^ ]
|
1916
|
+
<fingerprint pattern="^([^ ]{1,512}) Service ready by David.fx \((\d+)\) ESMTP Server \(Tobit.Software, Germany\)$">
|
1913
1917
|
<description>Tobit Software David</description>
|
1914
|
-
<example service.version="0486">foo.bar Service ready by David.fx (0486) ESMTP Server (Tobit.Software, Germany)</example>
|
1918
|
+
<example service.version="0486" host.name="foo.bar">foo.bar Service ready by David.fx (0486) ESMTP Server (Tobit.Software, Germany)</example>
|
1915
1919
|
<param pos="0" name="service.vendor" value="Tobit Software"/>
|
1916
1920
|
<param pos="0" name="service.family" value="David"/>
|
1917
1921
|
<param pos="0" name="service.product" value="ESMTP"/>
|
@@ -1919,14 +1923,14 @@
|
|
1919
1923
|
<param pos="2" name="service.version"/>
|
1920
1924
|
</fingerprint>
|
1921
1925
|
|
1922
|
-
<fingerprint pattern="
|
1926
|
+
<fingerprint pattern="(?i)^(\S{1,512}) E?SMTP Perl">
|
1923
1927
|
<description>Some simple PERL SMTP server</description>
|
1924
1928
|
<example host.name="foo.bar">foo.bar ESMTP Perl</example>
|
1925
1929
|
<param pos="0" name="service.product" value="Perl"/>
|
1926
1930
|
<param pos="1" name="host.name"/>
|
1927
1931
|
</fingerprint>
|
1928
1932
|
|
1929
|
-
<fingerprint pattern="
|
1933
|
+
<fingerprint pattern="(?i)^(?:([^ ]{1,512}) )?E?SMTP(?: (?:Service )?Ready\.?)?$">
|
1930
1934
|
<description>Non-specific banner with optional hostname</description>
|
1931
1935
|
<example host.name="foo.bar">foo.bar ESMTP</example>
|
1932
1936
|
<example host.name="foo.bar">foo.bar ESMTP Ready</example>
|
@@ -1938,7 +1942,7 @@
|
|
1938
1942
|
<param pos="1" name="host.name"/>
|
1939
1943
|
</fingerprint>
|
1940
1944
|
|
1941
|
-
<fingerprint pattern="^([^ ]
|
1945
|
+
<fingerprint pattern="^([^ ]{1,512}) ESMTP OpenSMTPD$">
|
1942
1946
|
<description>OpenSMPTD</description>
|
1943
1947
|
<example host.name="foo.bar">foo.bar ESMTP OpenSMTPD</example>
|
1944
1948
|
<param pos="0" name="service.vendor" value="OpenBSD"/>
|