recog 2.3.22 → 2.3.23

Sign up to get free protection for your applications and to get access to all the features.
Files changed (69) hide show
  1. checksums.yaml +4 -4
  2. data/.github/workflows/ci.yml +1 -1
  3. data/.github/workflows/verify.yml +1 -1
  4. data/.vscode/bin/monitor-recog-fingerprints.sh +54 -0
  5. data/.vscode/extensions.json +5 -0
  6. data/.vscode/settings.json +8 -0
  7. data/.vscode/tasks.json +77 -0
  8. data/CONTRIBUTING.md +2 -0
  9. data/bin/recog_verify +42 -7
  10. data/cpe-remap.yaml +20 -2
  11. data/features/data/schema_failure.xml +4 -0
  12. data/features/data/tests_with_failures.xml +6 -0
  13. data/features/support/hooks.rb +9 -0
  14. data/features/verify.feature +81 -17
  15. data/identifiers/hw_device.txt +2 -0
  16. data/identifiers/hw_product.txt +2 -0
  17. data/identifiers/os_device.txt +2 -0
  18. data/identifiers/os_family.txt +1 -0
  19. data/identifiers/os_product.txt +8 -1
  20. data/identifiers/service_product.txt +14 -0
  21. data/identifiers/vendor.txt +13 -1
  22. data/lib/recog/fingerprint.rb +21 -7
  23. data/lib/recog/fingerprint_parse_error.rb +10 -0
  24. data/lib/recog/verifier.rb +4 -4
  25. data/lib/recog/verify_reporter.rb +7 -6
  26. data/lib/recog/version.rb +1 -1
  27. data/requirements.txt +1 -1
  28. data/spec/data/external_example_fingerprint/hp_printer_ex_01.txt +1 -0
  29. data/spec/data/external_example_fingerprint/hp_printer_ex_02.txt +1 -0
  30. data/spec/data/external_example_fingerprint.xml +8 -0
  31. data/spec/data/external_example_illegal_path_fingerprint.xml +7 -0
  32. data/spec/lib/recog/db_spec.rb +84 -61
  33. data/spec/lib/recog/fingerprint_spec.rb +4 -4
  34. data/spec/lib/recog/verify_reporter_spec.rb +8 -8
  35. data/update_cpes.py +129 -36
  36. data/xml/apache_os.xml +61 -19
  37. data/xml/architecture.xml +15 -1
  38. data/xml/dhcp_vendor_class.xml +1 -1
  39. data/xml/dns_versionbind.xml +16 -13
  40. data/xml/favicons.xml +87 -5
  41. data/xml/fingerprints.xsd +9 -1
  42. data/xml/ftp_banners.xml +131 -141
  43. data/xml/h323_callresp.xml +2 -2
  44. data/xml/hp_pjl_id.xml +81 -81
  45. data/xml/html_title.xml +178 -9
  46. data/xml/http_cookies.xml +83 -27
  47. data/xml/http_servers.xml +409 -269
  48. data/xml/http_wwwauth.xml +70 -37
  49. data/xml/imap_banners.xml +2 -2
  50. data/xml/nntp_banners.xml +8 -5
  51. data/xml/ntp_banners.xml +33 -33
  52. data/xml/operating_system.xml +92 -77
  53. data/xml/pop_banners.xml +17 -17
  54. data/xml/sip_banners.xml +16 -5
  55. data/xml/sip_user_agents.xml +122 -27
  56. data/xml/smb_native_lm.xml +5 -5
  57. data/xml/smb_native_os.xml +25 -25
  58. data/xml/smtp_banners.xml +132 -131
  59. data/xml/smtp_help.xml +1 -1
  60. data/xml/snmp_sysdescr.xml +1227 -1227
  61. data/xml/snmp_sysobjid.xml +2 -2
  62. data/xml/ssh_banners.xml +9 -5
  63. data/xml/telnet_banners.xml +49 -0
  64. data/xml/tls_jarm.xml +22 -2
  65. data/xml/x11_banners.xml +3 -3
  66. data/xml/x509_issuers.xml +3 -2
  67. data/xml/x509_subjects.xml +3 -3
  68. metadata +19 -3
  69. data/lib/recog/verifier_factory.rb +0 -13
data/xml/smtp_banners.xml CHANGED
@@ -23,7 +23,7 @@
23
23
 
24
24
  <fingerprint pattern="^X1 NT-ESMTP Server ([^ ]+) \(IMail (\d+\.[^ ]+) EVAL \d+-\d+\)$">
25
25
  <description>IMail - EVAL version</description>
26
- <example service.version="6.06">X1 NT-ESMTP Server foo.bar (IMail 6.06 EVAL 11347-1)</example>
26
+ <example service.version="6.06" host.name="foo.bar">X1 NT-ESMTP Server foo.bar (IMail 6.06 EVAL 11347-1)</example>
27
27
  <param pos="0" name="service.vendor" value="Ipswitch"/>
28
28
  <param pos="0" name="service.family" value="IMail Server"/>
29
29
  <param pos="0" name="service.product" value="IMail Server"/>
@@ -35,7 +35,7 @@
35
35
 
36
36
  <fingerprint pattern="^X1 NT-ESMTP Server ([^ ]+) \(IMail (\d+\.[^ ]+) \d+-\d+\)$">
37
37
  <description>IMail - non-EVAL version</description>
38
- <example service.version="6.06">X1 NT-ESMTP Server foo.bar (IMail 6.06 899085-1)</example>
38
+ <example service.version="6.06" host.name="foo.bar">X1 NT-ESMTP Server foo.bar (IMail 6.06 899085-1)</example>
39
39
  <param pos="0" name="service.vendor" value="Ipswitch"/>
40
40
  <param pos="0" name="service.family" value="IMail Server"/>
41
41
  <param pos="0" name="service.product" value="IMail Server"/>
@@ -115,8 +115,8 @@
115
115
 
116
116
  <fingerprint pattern="^([^ ]{1,512}) +AppleShare IP Mail Server ([^ ]+\.[\d.]+) SMTP Server Ready *$">
117
117
  <description>AppleShare IP Mail Server</description>
118
- <example service.version="6.2.1">foo.bar AppleShare IP Mail Server 6.2.1 SMTP Server Ready</example>
119
- <example service.version="6.2">foo.bar AppleShare IP Mail Server 6.2 SMTP Server Ready</example>
118
+ <example service.version="6.2.1" host.name="foo.bar">foo.bar AppleShare IP Mail Server 6.2.1 SMTP Server Ready</example>
119
+ <example service.version="6.2" host.name="foo.bar">foo.bar AppleShare IP Mail Server 6.2 SMTP Server Ready</example>
120
120
  <param pos="0" name="service.vendor" value="Apple"/>
121
121
  <param pos="0" name="service.family" value="AppleShare IP Mail Server"/>
122
122
  <param pos="0" name="service.product" value="AppleShare IP Mail Server"/>
@@ -249,7 +249,7 @@
249
249
 
250
250
  <fingerprint pattern="^([^ ]{1,512}) Microsoft ESMTP MAIL Service ready at">
251
251
  <description>Microsoft Exchange 2007/2010 (for sure, can't be confused with the IIS builtin SMTP service)</description>
252
- <example>foo.bar Microsoft ESMTP MAIL Service ready at Wed, 21 Jul 2010 19:04:24 -0700</example>
252
+ <example host.name="foo.bar">foo.bar Microsoft ESMTP MAIL Service ready at Wed, 21 Jul 2010 19:04:24 -0700</example>
253
253
  <param pos="0" name="service.vendor" value="Microsoft"/>
254
254
  <param pos="0" name="service.family" value="Exchange Server"/>
255
255
  <param pos="0" name="service.product" value="Exchange Server"/>
@@ -263,8 +263,8 @@
263
263
 
264
264
  <fingerprint pattern="^([^ ]{1,512})? ?Microsoft ESMTP MAIL Service, Version: +(10\.0\.14393\.[\d.]+) +ready +(?:at +)?(.+)$">
265
265
  <description>Microsoft IIS builtin SMTP service - Windows Server 2016</description>
266
- <example host.name="foo.bar" service.version="10.0.14393.2608">foo.bar Microsoft ESMTP MAIL Service, Version: 10.0.14393.2608 ready at Sun, 19 May 2019 09:04:29 -0500</example>
267
- <example service.version="10.0.14393.2608"> Microsoft ESMTP MAIL Service, Version: 10.0.14393.2608 ready at Sun, 19 May 2019 09:04:29 -0500</example>
266
+ <example host.name="foo.bar" service.version="10.0.14393.2608" system.time="Sun, 19 May 2019 09:04:29 -0500">foo.bar Microsoft ESMTP MAIL Service, Version: 10.0.14393.2608 ready at Sun, 19 May 2019 09:04:29 -0500</example>
267
+ <example service.version="10.0.14393.2608" system.time="Sun, 19 May 2019 09:04:29 -0500"> Microsoft ESMTP MAIL Service, Version: 10.0.14393.2608 ready at Sun, 19 May 2019 09:04:29 -0500</example>
268
268
  <param pos="0" name="service.vendor" value="Microsoft"/>
269
269
  <param pos="0" name="service.family" value="IIS"/>
270
270
  <param pos="0" name="service.product" value="IIS"/>
@@ -281,7 +281,7 @@
281
281
 
282
282
  <fingerprint pattern="^([^ ]{1,512})? ?Microsoft ESMTP MAIL Service, Version: +(10\.0\.17763\.[\d.]+) +ready +(?:at +)?(.+)$">
283
283
  <description>Microsoft IIS builtin SMTP service - Windows Server 2019</description>
284
- <example host.name="foo.bar" service.version="10.0.17763.1">foo.bar Microsoft ESMTP MAIL Service, Version: 10.0.17763.1 ready at Sun, 19 May 2019 09:04:29 -0500</example>
284
+ <example host.name="foo.bar" service.version="10.0.17763.1" system.time="Sun, 19 May 2019 09:04:29 -0500">foo.bar Microsoft ESMTP MAIL Service, Version: 10.0.17763.1 ready at Sun, 19 May 2019 09:04:29 -0500</example>
285
285
  <param pos="0" name="service.vendor" value="Microsoft"/>
286
286
  <param pos="0" name="service.family" value="IIS"/>
287
287
  <param pos="0" name="service.product" value="IIS"/>
@@ -298,7 +298,7 @@
298
298
 
299
299
  <fingerprint pattern="^([^ ]{1,512}) Microsoft SMTP MAIL ready at (.+) Version: +(\d+\.\d+\.\d+\.\d+\.\d+) *$">
300
300
  <description>Microsoft IIS builtin SMTP service, or Microsoft Exchange Server (they are differentiated from each other in smtp-iis.clp) - variant 1</description>
301
- <example host.name="foo.bar" service.version="5.5.1877.197.19">foo.bar Microsoft SMTP MAIL ready at Wed, 29 Nov 2017 23:48:59 +0000 Version: 5.5.1877.197.19</example>
301
+ <example host.name="foo.bar" service.version="5.5.1877.197.19" system.time="Wed, 29 Nov 2017 23:48:59 +0000">foo.bar Microsoft SMTP MAIL ready at Wed, 29 Nov 2017 23:48:59 +0000 Version: 5.5.1877.197.19</example>
302
302
  <param pos="0" name="service.vendor" value="Microsoft"/>
303
303
  <param pos="0" name="service.family" value="IIS"/>
304
304
  <param pos="0" name="service.product" value="IIS"/>
@@ -315,8 +315,8 @@
315
315
 
316
316
  <fingerprint pattern="^([^ ]{1,512})? ?Microsoft ESMTP MAIL Service, Version: +(\d+\.\d+\.\d+\.\d+)(?: +ready)?(?: +(?:at +)?(\w\w\w, \d.+))?$">
317
317
  <description>Microsoft IIS builtin SMTP service, or Microsoft Exchange Server (they are differentiated from each other in smtp-iis.clp) - variant 2 </description>
318
- <example service.version="5.0.2195.5329"> Microsoft ESMTP MAIL Service, Version: 5.0.2195.5329 ready Thu, 30 Nov 2017 11:40:25 +0200</example>
319
- <example service.version="6.0.3790.4675" host.name="foo.bar">foo.bar Microsoft ESMTP MAIL Service, Version: 6.0.3790.4675 ready at Wed, 21 Jul 2010 19:04:24 -0700</example>
318
+ <example service.version="5.0.2195.5329" system.time="Thu, 30 Nov 2017 11:40:25 +0200"> Microsoft ESMTP MAIL Service, Version: 5.0.2195.5329 ready Thu, 30 Nov 2017 11:40:25 +0200</example>
319
+ <example service.version="6.0.3790.4675" host.name="foo.bar" system.time="Wed, 21 Jul 2010 19:04:24 -0700">foo.bar Microsoft ESMTP MAIL Service, Version: 6.0.3790.4675 ready at Wed, 21 Jul 2010 19:04:24 -0700</example>
320
320
  <example service.version="6.0.2600.5512" system.time="Thu, 30 Nov 2017 18:22:40 +0900">Microsoft ESMTP MAIL Service, Version: 6.0.2600.5512 ready at Thu, 30 Nov 2017 18:22:40 +0900</example>
321
321
  <example service.version="6.0.3790.3959" host.name="foo.bar">foo.bar Microsoft ESMTP MAIL Service, Version: 6.0.3790.3959 ready</example>
322
322
  <example service.version="6.0.3790.1830" host.name="foo.bar">foo.bar Microsoft ESMTP MAIL Service, Version: 6.0.3790.1830</example>
@@ -347,17 +347,17 @@
347
347
 
348
348
  <fingerprint pattern="^ ?([^, ]{1,512}),? +ESMTP \(?(?i:Exim) +(\d+\.[\d_.bdRC-]+)\)?(?: +#\d+)? ?.?((?:\w\w\w, \d+ \w\w\w \d\d\d\d [\d:]+ [-+]\d{3,4})?) *(?:We do not authorize the use of this system to transport unsolicited, and\/or bulk e-mail.)?$">
349
349
  <description>Exim - with version string and optional timestamp</description>
350
- <example service.version="4.91" host.name="foo.bar">foo.bar ESMTP Exim 4.91 Thu, 29 Apr 2021 05:41:36 +400</example>
350
+ <example service.version="4.91" host.name="foo.bar" system.time="Thu, 29 Apr 2021 05:41:36 +400">foo.bar ESMTP Exim 4.91 Thu, 29 Apr 2021 05:41:36 +400</example>
351
351
  <example service.version="4.89" host.name="foo.bar">foo.bar ESMTP Exim 4.89 "</example>
352
352
  <example service.version="4.83" host.name="foo.bar">foo.bar, ESMTP EXIM 4.83</example>
353
353
  <example service.version="4.84_2" host.name="foo.bar">foo.bar ESMTP Exim 4.84_2 </example>
354
- <example service.version="4.90_RC3" host.name="foo.bar">foo.bar ESMTP Exim 4.90_RC3 Thu, 30 Nov 2017 03:52:16 -0700 </example>
355
- <example service.version="4.89_1b" host.name="foo.bar">foo.bar ESMTP Exim 4.89_1b Thu, 05 Apr 2018 21:30:37 +0200</example>
356
- <example service.version="4.89-122312">foo.bar ESMTP Exim 4.89-122312 Thu, 16 Nov 2017 10:33:38 +0200 </example>
357
- <example service.version="4.87">foo.bar ESMTP (Exim 4.87) Thu, 30 Nov 2017 03:25:58 -0800 </example>
358
- <example service.version="4.80" system.time="Thu, 16 Nov 2017 01:04:30 -0800">foo.bar ESMTP Exim 4.80 Thu, 16 Nov 2017 01:04:30 -0800 </example>
359
- <example service.version="4.92.2" system.time="Thu, 29 Apr 2021 07:43:39 +0200">foo.bar ESMTP Exim 4.92.2 #89 Thu, 29 Apr 2021 07:43:39 +0200 </example>
360
- <example service.version="4.89" host.name="foo.bar"> foo.bar ESMTP Exim 4.89 #1 Thu, 16 Nov 2017 04:55:31 -0500 We do not authorize the use of this system to transport unsolicited, and/or bulk e-mail.</example>
354
+ <example service.version="4.90_RC3" host.name="foo.bar" system.time="Thu, 30 Nov 2017 03:52:16 -0700">foo.bar ESMTP Exim 4.90_RC3 Thu, 30 Nov 2017 03:52:16 -0700 </example>
355
+ <example service.version="4.89_1b" host.name="foo.bar" system.time="Thu, 05 Apr 2018 21:30:37 +0200">foo.bar ESMTP Exim 4.89_1b Thu, 05 Apr 2018 21:30:37 +0200</example>
356
+ <example service.version="4.89-122312" host.name="foo.bar" system.time="Thu, 16 Nov 2017 10:33:38 +0200">foo.bar ESMTP Exim 4.89-122312 Thu, 16 Nov 2017 10:33:38 +0200 </example>
357
+ <example service.version="4.87" host.name="foo.bar" system.time="Thu, 30 Nov 2017 03:25:58 -0800">foo.bar ESMTP (Exim 4.87) Thu, 30 Nov 2017 03:25:58 -0800 </example>
358
+ <example service.version="4.80" system.time="Thu, 16 Nov 2017 01:04:30 -0800" host.name="foo.bar">foo.bar ESMTP Exim 4.80 Thu, 16 Nov 2017 01:04:30 -0800 </example>
359
+ <example service.version="4.92.2" system.time="Thu, 29 Apr 2021 07:43:39 +0200" host.name="foo.bar">foo.bar ESMTP Exim 4.92.2 #89 Thu, 29 Apr 2021 07:43:39 +0200 </example>
360
+ <example service.version="4.89" host.name="foo.bar" system.time="Thu, 16 Nov 2017 04:55:31 -0500"> foo.bar ESMTP Exim 4.89 #1 Thu, 16 Nov 2017 04:55:31 -0500 We do not authorize the use of this system to transport unsolicited, and/or bulk e-mail.</example>
361
361
  <param pos="0" name="service.vendor" value="exim"/>
362
362
  <param pos="0" name="service.family" value="exim"/>
363
363
  <param pos="0" name="service.product" value="exim"/>
@@ -370,7 +370,7 @@
370
370
 
371
371
  <fingerprint pattern="^([^, ]{1,512}),? ESMTP (?i:Exim) +(\d+) ((?:\w\w\w, \d+ \w\w\w \d\d\d\d [\d:]+ [-+]\d\d\d\d)?) *$">
372
372
  <description>Exim - with digit only version string and optional timestamp</description>
373
- <example service.version="125302" host.name="foo.bar">foo.bar ESMTP Exim 125302 Thu, 16 Nov 2017 04:55:11 -0500 </example>
373
+ <example service.version="125302" host.name="foo.bar" system.time="Thu, 16 Nov 2017 04:55:11 -0500">foo.bar ESMTP Exim 125302 Thu, 16 Nov 2017 04:55:11 -0500 </example>
374
374
  <param pos="0" name="service.vendor" value="exim"/>
375
375
  <param pos="0" name="service.family" value="exim"/>
376
376
  <param pos="0" name="service.product" value="exim"/>
@@ -383,7 +383,7 @@
383
383
 
384
384
  <fingerprint pattern="^([^, ]{1,512}),? ESMTP (?i:Exim) +(\d+\.[\d_.]+)(?: +#\d)? Ubuntu ((?:\w\w\w, \d+ \w\w\w \d\d\d\d [\d:]+ [-+]\d\d\d\d)?) *$">
385
385
  <description>Exim - with version string and optional timestamp (Ubuntu)</description>
386
- <example service.version="4.82" system.time="Thu, 16 Nov 2017 11:30:44 +0300">foo.bar ESMTP Exim 4.82 Ubuntu Thu, 16 Nov 2017 11:30:44 +0300 </example>
386
+ <example service.version="4.82" system.time="Thu, 16 Nov 2017 11:30:44 +0300" host.name="foo.bar">foo.bar ESMTP Exim 4.82 Ubuntu Thu, 16 Nov 2017 11:30:44 +0300 </example>
387
387
  <param pos="0" name="os.vendor" value="Ubuntu"/>
388
388
  <param pos="0" name="os.family" value="Linux"/>
389
389
  <param pos="0" name="os.product" value="Linux"/>
@@ -415,8 +415,8 @@
415
415
  <fingerprint pattern="^ ?ESMTP (?i:Exim) (\d+\.[\d_.]+)(?: +#\d)? ?.?((?:\w\w\w, \d+ \w\w\w \d\d\d\d [\d:]+ [-+]\d\d\d\d)?) *$">
416
416
  <description>Exim - without hostname</description>
417
417
  <example service.version="4.82" system.time="Thu, 16 Nov 2017 12:19:22 +0300">ESMTP Exim 4.82 Thu, 16 Nov 2017 12:19:22 +0300 </example>
418
- <example service.version="4.82"> ESMTP Exim 4.82 Thu, 16 Nov 2017 11:41:41 +0300 </example>
419
- <example service.version="4.89"> ESMTP Exim 4.89 #1 Thu, 16 Nov 2017 07:32:28 -0200 </example>
418
+ <example service.version="4.82" system.time="Thu, 16 Nov 2017 11:41:41 +0300"> ESMTP Exim 4.82 Thu, 16 Nov 2017 11:41:41 +0300 </example>
419
+ <example service.version="4.89" system.time="Thu, 16 Nov 2017 07:32:28 -0200"> ESMTP Exim 4.89 #1 Thu, 16 Nov 2017 07:32:28 -0200 </example>
420
420
  <param pos="0" name="service.vendor" value="exim"/>
421
421
  <param pos="0" name="service.family" value="exim"/>
422
422
  <param pos="0" name="service.product" value="exim"/>
@@ -466,7 +466,7 @@
466
466
 
467
467
  <fingerprint pattern="^([^ ]{1,512}) GroupWise Internet Agent ([^ ]+\.[^ ]+\.[^ ]+) Ready \(C\).* Novell, Inc\. *$">
468
468
  <description>Novell GroupWise Internet Agent - versions 5 and higher</description>
469
- <example service.version="5.5.1">foo.bar GroupWise Internet Agent 5.5.1 Ready (C)1993, 1998 Novell, Inc.</example>
469
+ <example service.version="5.5.1" host.name="foo.bar">foo.bar GroupWise Internet Agent 5.5.1 Ready (C)1993, 1998 Novell, Inc.</example>
470
470
  <param pos="0" name="service.vendor" value="Novell"/>
471
471
  <param pos="0" name="service.family" value="GroupWise"/>
472
472
  <param pos="0" name="service.product" value="GroupWise"/>
@@ -477,8 +477,8 @@
477
477
 
478
478
  <fingerprint pattern="^([^ ]{1,512}) GroupWise Internet Agent (\d+\.[\d.]+) Copyright .*\d{4}-\d{4} Novell, Inc..* All rights reserved. Ready *$">
479
479
  <description>Novell GroupWise Internet Agent - versions 5 and higher, second variant</description>
480
- <example service.version="8.0.3">foo.bar GroupWise Internet Agent 8.0.3 Copyright (c) 1993-2012 Novell, Inc. All rights reserved. Ready</example>
481
- <example service.version="14.2.1">foo.bar GroupWise Internet Agent 14.2.1 Copyright 1993-2016 Novell, Inc., a Micro Focus Company. All rights reserved. Ready</example>
480
+ <example service.version="8.0.3" host.name="foo.bar">foo.bar GroupWise Internet Agent 8.0.3 Copyright (c) 1993-2012 Novell, Inc. All rights reserved. Ready</example>
481
+ <example service.version="14.2.1" host.name="foo.bar">foo.bar GroupWise Internet Agent 14.2.1 Copyright 1993-2016 Novell, Inc., a Micro Focus Company. All rights reserved. Ready</example>
482
482
  <param pos="0" name="service.vendor" value="Novell"/>
483
483
  <param pos="0" name="service.family" value="GroupWise"/>
484
484
  <param pos="0" name="service.product" value="GroupWise"/>
@@ -501,9 +501,9 @@
501
501
 
502
502
  <fingerprint pattern="^([^ ]{1,512}) (?:ESMTP )?running IBM VM SMTP (.+)(?:; | on )(.+) *$">
503
503
  <description>IBM SMTP server for VM/ESA on IBM S/390 and IBM eserver z/Series 900.</description>
504
- <example service.version="Level 640" system.time="Thu, 30 Nov 2017 01:08:59 PDT">foo.bar running IBM VM SMTP Level 640 on Thu, 30 Nov 2017 01:08:59 PDT</example>
505
- <example service.version="Level 3A0">foo.bar running IBM VM SMTP Level 3A0 on Mon, 10 Sep 2001 07:21:54 EDT</example>
506
- <example service.version="V2R4" system.time="Mon, 10 Sep 2001 07:24:35 -0400 (EDT)">foo.bar ESMTP running IBM VM SMTP V2R4; Mon, 10 Sep 2001 07:24:35 -0400 (EDT)</example>
504
+ <example service.version="Level 640" system.time="Thu, 30 Nov 2017 01:08:59 PDT" host.name="foo.bar">foo.bar running IBM VM SMTP Level 640 on Thu, 30 Nov 2017 01:08:59 PDT</example>
505
+ <example service.version="Level 3A0" host.name="foo.bar" system.time="Mon, 10 Sep 2001 07:21:54 EDT">foo.bar running IBM VM SMTP Level 3A0 on Mon, 10 Sep 2001 07:21:54 EDT</example>
506
+ <example service.version="V2R4" system.time="Mon, 10 Sep 2001 07:24:35 -0400 (EDT)" host.name="foo.bar">foo.bar ESMTP running IBM VM SMTP V2R4; Mon, 10 Sep 2001 07:24:35 -0400 (EDT)</example>
507
507
  <param pos="0" name="service.vendor" value="IBM"/>
508
508
  <param pos="0" name="service.family" value="VM"/>
509
509
  <param pos="0" name="service.product" value="VM"/>
@@ -528,7 +528,7 @@
528
528
 
529
529
  <fingerprint pattern="^(\S{1,512}) E?SMTP Server \(JAMES E?SMTP Server ([\d\.]+)\) ready (\w\w\w, \d+ \w\w\w \d\d\d\d [\d:]+ [-+]\d\d\d\d) \(.+\)$">
530
530
  <description>JAMES SMTP Server</description>
531
- <example host.name="foo.bar" service.version="2.3.2">foo.bar SMTP Server (JAMES SMTP Server 2.3.2) ready Tue, 19 May 2015 00:36:13 +0200 (CEST)</example>
531
+ <example host.name="foo.bar" service.version="2.3.2" system.time="Tue, 19 May 2015 00:36:13 +0200">foo.bar SMTP Server (JAMES SMTP Server 2.3.2) ready Tue, 19 May 2015 00:36:13 +0200 (CEST)</example>
532
532
  <param pos="0" name="service.vendor" value="Apache"/>
533
533
  <param pos="0" name="service.product" value="James"/>
534
534
  <param pos="2" name="service.version"/>
@@ -541,6 +541,7 @@
541
541
  <fingerprint pattern="^(?:(\S{1,512}) {1,8})?ESMTP MailEnable Service, Version: ([\d.]+)$">
542
542
  <description>MailEnable - Simple</description>
543
543
  <example service.version="9.53">ESMTP MailEnable Service, Version: 9.53</example>
544
+ <example host.name="foo.home" service.version="10.34">foo.home ESMTP MailEnable Service, Version: 10.34</example>
544
545
  <param pos="0" name="os.vendor" value="Microsoft"/>
545
546
  <param pos="0" name="os.family" value="Windows"/>
546
547
  <param pos="0" name="os.product" value="Windows"/>
@@ -557,9 +558,9 @@
557
558
 
558
559
  <fingerprint pattern="^(?:(\S{1,512}) {1,8})?ESMTP MailEnable Service, Version: (?:([\d.]+))?-[\d.]*-[\d.]* (?:ready|denied access) at (\d{2}/\d{2}/\d{2} \d{2}:\d{2}:\d{2})$">
559
560
  <description>MailEnable - Complex</description>
560
- <example host.name="foo.bar" service.version="1.8">foo.bar ESMTP MailEnable Service, Version: 1.8-- ready at 05/20/15 08:50:22</example>
561
- <example host.name="*.foo.bar" service.version="9.53">*.foo.bar ESMTP MailEnable Service, Version: 9.53-9.53- ready at 11/30/17 00:57:37</example>
562
- <example host.name="%WPI_HOSTNAME%" service.version="10.27">%WPI_HOSTNAME% ESMTP MailEnable Service, Version: 10.27-- ready at 07/07/21 18:24:47</example>
561
+ <example host.name="foo.bar" service.version="1.8" system.time="05/20/15 08:50:22">foo.bar ESMTP MailEnable Service, Version: 1.8-- ready at 05/20/15 08:50:22</example>
562
+ <example host.name="*.foo.bar" service.version="9.53" system.time="11/30/17 00:57:37">*.foo.bar ESMTP MailEnable Service, Version: 9.53-9.53- ready at 11/30/17 00:57:37</example>
563
+ <example host.name="%WPI_HOSTNAME%" service.version="10.27" system.time="07/07/21 18:24:47">%WPI_HOSTNAME% ESMTP MailEnable Service, Version: 10.27-- ready at 07/07/21 18:24:47</example>
563
564
  <example host.name="foo.bar" service.version="9.00" system.time="11/30/17 09:30:34">foo.bar ESMTP MailEnable Service, Version: 9.00--9.00 ready at 11/30/17 09:30:34</example>
564
565
  <example host.name="foo.bar" service.version="1.986" system.time="04/05/18 16:15:25">foo.bar ESMTP MailEnable Service, Version: 1.986-- denied access at 04/05/18 16:15:25</example>
565
566
  <param pos="0" name="os.vendor" value="Microsoft"/>
@@ -578,8 +579,8 @@
578
579
 
579
580
  <fingerprint pattern="^([^ ]{1,512}) \(Mail-Max Version (\d+\.[\d\.]+), (.+, .+)\) ESMTP Mail Server Ready. *$">
580
581
  <description>Mail Max</description>
581
- <example host.name="foo.bar" service.version="4.2.4.7">foo.bar (Mail-Max Version 4.2.4.7, Wed, 31 Jan 2001 03:44:35 +0100 WST) ESMTP Mail Server Ready.</example>
582
- <example host.name="foo.bar" service.version="3.073">foo.bar (Mail-Max Version 3.073, Thu, 30 Nov 2017 17:24:59 +0800 ) ESMTP Mail Server Ready.</example>
582
+ <example host.name="foo.bar" service.version="4.2.4.7" system.time="Wed, 31 Jan 2001 03:44:35 +0100 WST">foo.bar (Mail-Max Version 4.2.4.7, Wed, 31 Jan 2001 03:44:35 +0100 WST) ESMTP Mail Server Ready.</example>
583
+ <example host.name="foo.bar" service.version="3.073" system.time="Thu, 30 Nov 2017 17:24:59 +0800 ">foo.bar (Mail-Max Version 3.073, Thu, 30 Nov 2017 17:24:59 +0800 ) ESMTP Mail Server Ready.</example>
583
584
  <param pos="0" name="service.vendor" value="Mail-Max"/>
584
585
  <param pos="0" name="service.family" value="Mail-Max"/>
585
586
  <param pos="0" name="service.product" value="Mail-Max"/>
@@ -620,7 +621,7 @@
620
621
 
621
622
  <fingerprint pattern="^([^ ]{1,512}) {1,8}MAILsweeper ESMTP Receiver Version (\d\.[\d.]+) Ready *$">
622
623
  <description>Content Security MAILsweeper for SMTP (http://www.contenttechnologies.com/products/msw4smtp/default.asp)</description>
623
- <example service.version="4.2.1.0">foo.bar MAILsweeper ESMTP Receiver Version 4.2.1.0 Ready</example>
624
+ <example service.version="4.2.1.0" host.name="foo.bar">foo.bar MAILsweeper ESMTP Receiver Version 4.2.1.0 Ready</example>
624
625
  <param pos="0" name="service.vendor" value="Clearswift"/>
625
626
  <param pos="0" name="service.family" value="MAILsweeper"/>
626
627
  <param pos="0" name="service.product" value="MAILsweeper"/>
@@ -630,7 +631,7 @@
630
631
 
631
632
  <fingerprint pattern="^([^ ]{1,512}) {1,8}ESMTP MDaemon ([^ ]+\.[^ ]+\.[^ ]+) UNREGISTERED; *(.+) *$">
632
633
  <description>MDaemon mail server - with timestamp, unregistered</description>
633
- <example service.version="4.0.5">foo.bar ESMTP MDaemon 4.0.5 UNREGISTERED; Sat, 06 Oct 2001 09:10:56 +0400</example>
634
+ <example service.version="4.0.5" host.name="foo.bar" system.time="Sat, 06 Oct 2001 09:10:56 +0400">foo.bar ESMTP MDaemon 4.0.5 UNREGISTERED; Sat, 06 Oct 2001 09:10:56 +0400</example>
634
635
  <param pos="0" name="service.vendor" value="Alt-N"/>
635
636
  <param pos="0" name="service.family" value="MDaemon"/>
636
637
  <param pos="0" name="service.product" value="MDaemon"/>
@@ -649,7 +650,7 @@
649
650
 
650
651
  <fingerprint pattern="^([^ ]{1,512}) {1,8}ESMTP MDaemon ([^ ]+\.[^ ]+\.[^ ]+); *(.+) *$">
651
652
  <description>MDaemon mail server - with timestamp</description>
652
- <example service.version="4.0.2">foo.bar ESMTP MDaemon 4.0.2; Sat, 06 Oct 2001 01:46:44 -0500</example>
653
+ <example service.version="4.0.2" host.name="foo.bar" system.time="Sat, 06 Oct 2001 01:46:44 -0500">foo.bar ESMTP MDaemon 4.0.2; Sat, 06 Oct 2001 01:46:44 -0500</example>
653
654
  <param pos="0" name="service.vendor" value="Alt-N"/>
654
655
  <param pos="0" name="service.family" value="MDaemon"/>
655
656
  <param pos="0" name="service.product" value="MDaemon"/>
@@ -667,7 +668,7 @@
667
668
 
668
669
  <fingerprint pattern="^([^ ]{1,512}) {1,8}ESMTP MDaemon ([^ ]+\.[^ ]+\.[^ ]+) ready *$">
669
670
  <description>MDaemon mail server - without timestamp</description>
670
- <example service.version="3.5.7">foo.bar ESMTP MDaemon 3.5.7 ready</example>
671
+ <example service.version="3.5.7" host.name="foo.bar">foo.bar ESMTP MDaemon 3.5.7 ready</example>
671
672
  <param pos="0" name="service.vendor" value="Alt-N"/>
672
673
  <param pos="0" name="service.family" value="MDaemon"/>
673
674
  <param pos="0" name="service.product" value="MDaemon"/>
@@ -683,9 +684,9 @@
683
684
 
684
685
  <fingerprint pattern="^([^ ]{1,512}) {1,8}ESMTP service ready \[[0-9]+\] (?:using )?MDaemon v(\d+\.[\d.]+) ([^ ]+) *$">
685
686
  <description>MDaemon mail server - with version revision</description>
686
- <example service.version="2.84" service.version.version="R">foo.bar ESMTP service ready [1] MDaemon v2.84 R</example>
687
- <example service.version="3.0.3" service.version.version="R">foo.bar ESMTP service ready [1] using MDaemon v3.0.3 R</example>
688
- <example service.version="2.8.7.0" service.version.version="R">foo.bar ESMTP service ready [1] MDaemon v2.8.7.0 R</example>
687
+ <example service.version="2.84" service.version.version="R" host.name="foo.bar">foo.bar ESMTP service ready [1] MDaemon v2.84 R</example>
688
+ <example service.version="3.0.3" service.version.version="R" host.name="foo.bar">foo.bar ESMTP service ready [1] using MDaemon v3.0.3 R</example>
689
+ <example service.version="2.8.7.0" service.version.version="R" host.name="foo.bar">foo.bar ESMTP service ready [1] MDaemon v2.8.7.0 R</example>
689
690
  <param pos="0" name="service.vendor" value="Alt-N"/>
690
691
  <param pos="0" name="service.family" value="MDaemon"/>
691
692
  <param pos="0" name="service.product" value="MDaemon"/>
@@ -702,8 +703,8 @@
702
703
 
703
704
  <fingerprint pattern="^([^ ]{1,512}) {1,8}ESMTP service ready \[[0-9]+\] (?:\()?MDaemon v([\d.]+) ([^ ]+) ([^ )]+)(?:\))? *$">
704
705
  <description>MDaemon mail server - with service pack</description>
705
- <example service.version="2.7" service.version.version="SP5" service.version.version.version="R">foo.bar ESMTP service ready [1] MDaemon v2.7 SP5 R</example>
706
- <example service.version="2.7" service.version.version="SP4" service.version.version.version="R">foo.bar ESMTP service ready [1] (MDaemon v2.7 SP4 R)</example>
706
+ <example service.version="2.7" service.version.version="SP5" service.version.version.version="R" host.name="foo.bar">foo.bar ESMTP service ready [1] MDaemon v2.7 SP5 R</example>
707
+ <example service.version="2.7" service.version.version="SP4" service.version.version.version="R" host.name="foo.bar">foo.bar ESMTP service ready [1] (MDaemon v2.7 SP4 R)</example>
707
708
  <param pos="0" name="service.vendor" value="Alt-N"/>
708
709
  <param pos="0" name="service.family" value="MDaemon"/>
709
710
  <param pos="0" name="service.product" value="MDaemon"/>
@@ -721,7 +722,7 @@
721
722
 
722
723
  <fingerprint pattern="^([^ ]{1,512}) {1,8}ESMTP service ready \[[0-9]+\] \(MDaemon v([^ ]+\.[^ ]+) ([^ ]+) ([^ ]+) ([^ ]+)\) *$">
723
724
  <description>MDaemon mail server</description>
724
- <example service.version="2.5" service.version.version.version="b1">foo.bar ESMTP service ready [1] (MDaemon v2.5 rB b1 32-T)</example>
725
+ <example service.version="2.5" service.version.version.version="b1" host.name="foo.bar" service.version.version="rB" service.version.version.version.version="32-T">foo.bar ESMTP service ready [1] (MDaemon v2.5 rB b1 32-T)</example>
725
726
  <param pos="0" name="service.vendor" value="Alt-N"/>
726
727
  <param pos="0" name="service.family" value="MDaemon"/>
727
728
  <param pos="0" name="service.product" value="MDaemon"/>
@@ -742,9 +743,9 @@
742
743
 
743
744
  <fingerprint pattern="^([^ ]{1,512}) +E?SMTP (?i:MERAK) ([^ ]+\.[^ ]+\.[^ ]+); *(.+) *$">
744
745
  <description>Merak mail server - http://www.icewarp.com/merakmail/ (runs on 2000/NT/9x)</description>
745
- <example host.name="foo.bar" service.version="8.0.3">foo.bar SMTP Merak 8.0.3; Thu, 30 Nov 2017 20:01:41 +1000</example>
746
- <example host.name="foo.bar" service.version="8.0.3">foo.bar ESMTP Merak 8.0.3; Thu, 30 Nov 2017 12:08:09 +0200</example>
747
- <example host.name="foo.bar" service.version="2.10.284">foo.bar ESMTP MERAK 2.10.284; Thu, 30 Nov 2017 17:55:10 +0800</example>
746
+ <example host.name="foo.bar" service.version="8.0.3" system.time="Thu, 30 Nov 2017 20:01:41 +1000">foo.bar SMTP Merak 8.0.3; Thu, 30 Nov 2017 20:01:41 +1000</example>
747
+ <example host.name="foo.bar" service.version="8.0.3" system.time="Thu, 30 Nov 2017 12:08:09 +0200">foo.bar ESMTP Merak 8.0.3; Thu, 30 Nov 2017 12:08:09 +0200</example>
748
+ <example host.name="foo.bar" service.version="2.10.284" system.time="Thu, 30 Nov 2017 17:55:10 +0800">foo.bar ESMTP MERAK 2.10.284; Thu, 30 Nov 2017 17:55:10 +0800</example>
748
749
  <param pos="0" name="service.vendor" value="Merak"/>
749
750
  <param pos="0" name="service.family" value="Mail Server"/>
750
751
  <param pos="0" name="service.product" value="Mail Server"/>
@@ -756,7 +757,7 @@
756
757
 
757
758
  <fingerprint pattern="^MERCUR SMTP-Server \(v([^ ]+\.[^ ])0\.([^ ]+) ([^ ]+)\) for (.+) ready at (.+) *$">
758
759
  <description>Atrium's MERCUR SMTP server (http://www.atrium-software.com/pub/support_e.cfm)</description>
759
- <example service.version="3.3" service.version.version="09" service.version.version.version="SA-0000005" mercur.os.info="Windows NT">MERCUR SMTP-Server (v3.30.09 SA-0000005) for Windows NT ready at Thu, 30 Nov 2017 10:01:06 +0100</example>
760
+ <example service.version="3.3" service.version.version="09" service.version.version.version="SA-0000005" mercur.os.info="Windows NT" system.time="Thu, 30 Nov 2017 10:01:06 +0100">MERCUR SMTP-Server (v3.30.09 SA-0000005) for Windows NT ready at Thu, 30 Nov 2017 10:01:06 +0100</example>
760
761
  <param pos="0" name="service.vendor" value="Atrium Software"/>
761
762
  <param pos="0" name="service.family" value="MERCUR"/>
762
763
  <param pos="0" name="service.product" value="MERCUR"/>
@@ -783,8 +784,8 @@
783
784
 
784
785
  <fingerprint pattern="^^([^ ]{1,512}) Mercury\/32 v([^ ]+\.[^ ]+) (?:SMTP\/)?ESMTP server ready.?$">
785
786
  <description>Mercury/32 for Win9x/NT/2000 ( http://www.pmail.com/index.cfm )</description>
786
- <example service.version="3.01a">foo.bar Mercury/32 v3.01a SMTP/ESMTP server ready.</example>
787
- <example service.version="3.30">foo.bar Mercury/32 v3.30 ESMTP server ready.</example>
787
+ <example service.version="3.01a" host.name="foo.bar">foo.bar Mercury/32 v3.01a SMTP/ESMTP server ready.</example>
788
+ <example service.version="3.30" host.name="foo.bar">foo.bar Mercury/32 v3.30 ESMTP server ready.</example>
788
789
  <param pos="0" name="service.family" value="Mercury Mail Transport System"/>
789
790
  <param pos="0" name="service.product" value="Mercury Mail Transport System"/>
790
791
  <param pos="0" name="os.vendor" value="Microsoft"/>
@@ -797,7 +798,7 @@
797
798
 
798
799
  <fingerprint pattern="^([^ ]{1,512}) SMTP NAVIEG ([^ ]+\.[^ ]+\.[^ ]+); (.+)* http">
799
800
  <description>Norton Antivirus for Internet Email Gateways (becomes NAVGW in 2.1)</description>
800
- <example host.name="foo.bar" service.version="2.0.1">foo.bar SMTP NAVIEG 2.0.1; Sun, 29 Jul 2001 22:02:16 -0500 http://www.symantec.com</example>
801
+ <example host.name="foo.bar" service.version="2.0.1" system.time="Sun, 29 Jul 2001 22:02:16 -0500">foo.bar SMTP NAVIEG 2.0.1; Sun, 29 Jul 2001 22:02:16 -0500 http://www.symantec.com</example>
801
802
  <param pos="0" name="service.vendor" value="Norton"/>
802
803
  <param pos="0" name="service.family" value="Antivirus for Gateways"/>
803
804
  <param pos="0" name="service.product" value="Antivirus for Gateways"/>
@@ -850,15 +851,15 @@
850
851
 
851
852
  <fingerprint pattern=" ?(?:([^ ]{1,512}))? {0,8}ESMTP Service \(Lotus Domino Release (\d+\.[\w.]+(?: FP\d+)?(?: HF\d+)?)(?: \(Intl\))?\) ready at (.+) *$">
852
853
  <description>Lotus Domino SMTP MTA</description>
853
- <example service.version="8.5">foo.bar ESMTP Service (Lotus Domino Release 8.5) ready at Thu, 30 Nov 2017 17:01:45 +0800</example>
854
- <example service.version="8.5.3FP6 HF1944">foo.bar ESMTP Service (Lotus Domino Release 8.5.3FP6 HF1944) ready at Thu, 30 Nov 2017 17:17:43 +0800</example>
855
- <example service.version="8.0.2 FP1 HF82">foo.bar ESMTP Service (Lotus Domino Release 8.0.2 FP1 HF82) ready at Thu, 5 Apr 2018 22:03:28 +0200</example>
856
- <example service.version="5.0.13a"> foo.bar ESMTP Service (Lotus Domino Release 5.0.13a) ready at Thu, 16 Nov 2017 17:47:42 +0800</example>
857
- <example service.version="7.0.4">foo.bar ESMTP Service (Lotus Domino Release 7.0.4) ready at Thu, 16 Nov 2017 18:28:36 +0900</example>
858
- <example service.version="8.0.2FP2">foo.bar ESMTP Service (Lotus Domino Release 8.0.2FP2) ready at Thu, 16 Nov 2017 02:17:33 -0700</example>
859
- <example service.version="8.5.3">foo.bar ESMTP Service (Lotus Domino Release 8.5.3) ready at Thu, 16 Nov 2017 17:52:21 +0800</example>
860
- <example service.version="7.0"> ESMTP Service (Lotus Domino Release 7.0) ready at Thu, 30 Nov 2017 17:00:41 +0800</example>
861
- <example host.name="foo.bar" service.version="5.0.1">foo.bar ESMTP Service (Lotus Domino Release 5.0.1 (Intl)) ready at Thu, 30 Nov 2017 12:38:43 +0300</example>
854
+ <example service.version="8.5" host.name="foo.bar" system.time="Thu, 30 Nov 2017 17:01:45 +0800">foo.bar ESMTP Service (Lotus Domino Release 8.5) ready at Thu, 30 Nov 2017 17:01:45 +0800</example>
855
+ <example service.version="8.5.3FP6 HF1944" host.name="foo.bar" system.time="Thu, 30 Nov 2017 17:17:43 +0800">foo.bar ESMTP Service (Lotus Domino Release 8.5.3FP6 HF1944) ready at Thu, 30 Nov 2017 17:17:43 +0800</example>
856
+ <example service.version="8.0.2 FP1 HF82" host.name="foo.bar" system.time="Thu, 5 Apr 2018 22:03:28 +0200">foo.bar ESMTP Service (Lotus Domino Release 8.0.2 FP1 HF82) ready at Thu, 5 Apr 2018 22:03:28 +0200</example>
857
+ <example service.version="5.0.13a" host.name="foo.bar" system.time="Thu, 16 Nov 2017 17:47:42 +0800"> foo.bar ESMTP Service (Lotus Domino Release 5.0.13a) ready at Thu, 16 Nov 2017 17:47:42 +0800</example>
858
+ <example service.version="7.0.4" host.name="foo.bar" system.time="Thu, 16 Nov 2017 18:28:36 +0900">foo.bar ESMTP Service (Lotus Domino Release 7.0.4) ready at Thu, 16 Nov 2017 18:28:36 +0900</example>
859
+ <example service.version="8.0.2FP2" host.name="foo.bar" system.time="Thu, 16 Nov 2017 02:17:33 -0700">foo.bar ESMTP Service (Lotus Domino Release 8.0.2FP2) ready at Thu, 16 Nov 2017 02:17:33 -0700</example>
860
+ <example service.version="8.5.3" host.name="foo.bar" system.time="Thu, 16 Nov 2017 17:52:21 +0800">foo.bar ESMTP Service (Lotus Domino Release 8.5.3) ready at Thu, 16 Nov 2017 17:52:21 +0800</example>
861
+ <example service.version="7.0" system.time="Thu, 30 Nov 2017 17:00:41 +0800"> ESMTP Service (Lotus Domino Release 7.0) ready at Thu, 30 Nov 2017 17:00:41 +0800</example>
862
+ <example host.name="foo.bar" service.version="5.0.1" system.time="Thu, 30 Nov 2017 12:38:43 +0300">foo.bar ESMTP Service (Lotus Domino Release 5.0.1 (Intl)) ready at Thu, 30 Nov 2017 12:38:43 +0300</example>
862
863
  <param pos="0" name="service.vendor" value="IBM"/>
863
864
  <param pos="0" name="service.family" value="Lotus Domino"/>
864
865
  <param pos="0" name="service.product" value="Lotus Domino"/>
@@ -871,9 +872,9 @@
871
872
 
872
873
  <fingerprint pattern="^ ?(?:([^ ]{1,512}))? {0,8}ESMTP Service \(IBM Domino Release (\d+\.[\w.]+(?: HF\d+)?)\) ready at (.+) *$">
873
874
  <description>IBM Domino SMTP MTA</description>
874
- <example host.name="foo.bar" service.version="9.0.1FP8 HF475">foo.bar ESMTP Service (IBM Domino Release 9.0.1FP8 HF475) ready at Thu, 30 Nov 2017 17:55:48 +0900</example>
875
- <example host.name="foo.bar" service.version="9.0.1"> foo.bar ESMTP Service (IBM Domino Release 9.0.1) ready at Thu, 30 Nov 2017 10:12:26 +0100</example>
876
- <example service.version="9.0.1FP8"> ESMTP Service (IBM Domino Release 9.0.1FP8) ready at Thu, 30 Nov 2017 13:51:59 -0800</example>
875
+ <example host.name="foo.bar" service.version="9.0.1FP8 HF475" system.time="Thu, 30 Nov 2017 17:55:48 +0900">foo.bar ESMTP Service (IBM Domino Release 9.0.1FP8 HF475) ready at Thu, 30 Nov 2017 17:55:48 +0900</example>
876
+ <example host.name="foo.bar" service.version="9.0.1" system.time="Thu, 30 Nov 2017 10:12:26 +0100"> foo.bar ESMTP Service (IBM Domino Release 9.0.1) ready at Thu, 30 Nov 2017 10:12:26 +0100</example>
877
+ <example service.version="9.0.1FP8" system.time="Thu, 30 Nov 2017 13:51:59 -0800"> ESMTP Service (IBM Domino Release 9.0.1FP8) ready at Thu, 30 Nov 2017 13:51:59 -0800</example>
877
878
  <param pos="0" name="service.vendor" value="IBM"/>
878
879
  <param pos="0" name="service.family" value="IBM Domino"/>
879
880
  <param pos="0" name="service.product" value="IBM Domino"/>
@@ -886,8 +887,8 @@
886
887
 
887
888
  <fingerprint pattern="^([^ ]{1,512}) ESMTP Service \(Lotus Domino Build (V?[\w.]+)\) ready at (.+) *$">
888
889
  <description>Lotus Domino (some early build)</description>
889
- <example notes.build.version="166.1">foo.bar ESMTP Service (Lotus Domino Build 166.1) ready at Thu, 16 Nov 2017 10:39:22 +0200</example>
890
- <example notes.build.version="V85_M2_08202008">foo.bar ESMTP Service (Lotus Domino Build V85_M2_08202008) ready at Thu, 16 Nov 2017 03:57:40 -0500</example>
890
+ <example notes.build.version="166.1" host.name="foo.bar" system.time="Thu, 16 Nov 2017 10:39:22 +0200">foo.bar ESMTP Service (Lotus Domino Build 166.1) ready at Thu, 16 Nov 2017 10:39:22 +0200</example>
891
+ <example notes.build.version="V85_M2_08202008" host.name="foo.bar" system.time="Thu, 16 Nov 2017 03:57:40 -0500">foo.bar ESMTP Service (Lotus Domino Build V85_M2_08202008) ready at Thu, 16 Nov 2017 03:57:40 -0500</example>
891
892
  <param pos="0" name="service.vendor" value="Lotus"/>
892
893
  <param pos="0" name="service.family" value="Lotus Domino"/>
893
894
  <param pos="0" name="service.product" value="Lotus Domino"/>
@@ -922,7 +923,7 @@
922
923
 
923
924
  <fingerprint pattern="^([^ ]{1,512}) WindowsNT SMTP Server v([^ ]+\.[^ ]+\.[^ ]+)/([^ ]+)/SP ESMTP ready at (.+) *$">
924
925
  <description>NTMail - versions 3.x and earlier (it was called Internet Shopper's something or other)</description>
925
- <example host.name="foo.bar" service.version="3.03.0018" ntmail.id="7.aavn">foo.bar WindowsNT SMTP Server v3.03.0018/7.aavn/SP ESMTP ready at Thu, 30 Nov 2017 10:15:31 +0100</example>
926
+ <example host.name="foo.bar" service.version="3.03.0018" ntmail.id="7.aavn" system.time="Thu, 30 Nov 2017 10:15:31 +0100">foo.bar WindowsNT SMTP Server v3.03.0018/7.aavn/SP ESMTP ready at Thu, 30 Nov 2017 10:15:31 +0100</example>
926
927
  <param pos="0" name="service.vendor" value="Gordano"/>
927
928
  <param pos="0" name="service.family" value="NTMail"/>
928
929
  <param pos="0" name="service.product" value="NTMail"/>
@@ -950,8 +951,8 @@
950
951
 
951
952
  <fingerprint pattern="^([^ ]{1,512}) E?SMTP PMailServer(?: \[Free Edition\])? ([\d\.]+); (\w\w\w, +\d+ \w\w\w \d\d\d\d [\d:]+)$">
952
953
  <description>A.K.I PMail</description>
953
- <example host.name="foo.bar" service.version="1.91">foo.bar ESMTP PMailServer [Free Edition] 1.91; Fri, 22 May 2015 02:04:56</example>
954
- <example host.name="foo.bar" service.version="1.78">foo.bar ESMTP PMailServer 1.78; Fri, 6 Apr 2018 04:34:11</example>
954
+ <example host.name="foo.bar" service.version="1.91" system.time="Fri, 22 May 2015 02:04:56">foo.bar ESMTP PMailServer [Free Edition] 1.91; Fri, 22 May 2015 02:04:56</example>
955
+ <example host.name="foo.bar" service.version="1.78" system.time="Fri, 6 Apr 2018 04:34:11">foo.bar ESMTP PMailServer 1.78; Fri, 6 Apr 2018 04:34:11</example>
955
956
  <param pos="0" name="service.vendor" value="A.K.I Software"/>
956
957
  <param pos="0" name="service.product" value="PMail Server"/>
957
958
  <param pos="0" name="system.time.format" value="EEE, d MMM yyyy HH:mm:ss"/>
@@ -974,8 +975,8 @@
974
975
 
975
976
  <fingerprint pattern="^([^ ]{1,512}) ESMTP Postfix \(?([\d.]+)\)?$">
976
977
  <description>Postfix - Std semantic versioning, w/ optional parens</description>
977
- <example service.version="3.1.4">foo.bar ESMTP Postfix (3.1.4)</example>
978
- <example service.version="2.7.1">foo.bar ESMTP Postfix 2.7.1</example>
978
+ <example service.version="3.1.4" host.name="foo.bar">foo.bar ESMTP Postfix (3.1.4)</example>
979
+ <example service.version="2.7.1" host.name="foo.bar">foo.bar ESMTP Postfix 2.7.1</example>
979
980
  <param pos="0" name="service.vendor" value="Postfix"/>
980
981
  <param pos="0" name="service.family" value="Postfix"/>
981
982
  <param pos="0" name="service.product" value="Postfix"/>
@@ -986,7 +987,7 @@
986
987
 
987
988
  <fingerprint pattern="^([^ ]{1,512}) ESMTP Postfix \((?:Postfix-)?([\d.]+)-([^ ]+)\)$">
988
989
  <description>Postfix - version + build</description>
989
- <example service.version="2.8" service.version.version="20100306">foo.bar ESMTP Postfix (2.8-20100306)</example>
990
+ <example service.version="2.8" service.version.version="20100306" host.name="foo.bar">foo.bar ESMTP Postfix (2.8-20100306)</example>
990
991
  <param pos="0" name="service.vendor" value="Postfix"/>
991
992
  <param pos="0" name="service.family" value="Postfix"/>
992
993
  <param pos="0" name="service.product" value="Postfix"/>
@@ -998,7 +999,7 @@
998
999
 
999
1000
  <fingerprint pattern="^([^ ]{1,512}) +E?SMTP Postfix \(Ubuntu\)$">
1000
1001
  <description>Postfix - Ubuntu</description>
1001
- <example>foo.bar ESMTP Postfix (Ubuntu)</example>
1002
+ <example host.name="foo.bar">foo.bar ESMTP Postfix (Ubuntu)</example>
1002
1003
  <param pos="0" name="service.vendor" value="Postfix"/>
1003
1004
  <param pos="0" name="service.family" value="Postfix"/>
1004
1005
  <param pos="0" name="service.product" value="Postfix"/>
@@ -1013,7 +1014,7 @@
1013
1014
  <fingerprint pattern="^([^ ]{1,512})(?: ESMTP)? Hi, I'm a Mail-in-a-Box \(Ubuntu/Postfix; see https://mailinabox.email/\)$">
1014
1015
  <description>Postfix - Ubuntu, Mail-in-a-Box package</description>
1015
1016
  <example host.name="foo.bar">foo.bar ESMTP Hi, I'm a Mail-in-a-Box (Ubuntu/Postfix; see https://mailinabox.email/)</example>
1016
- <example>foo.bar Hi, I'm a Mail-in-a-Box (Ubuntu/Postfix; see https://mailinabox.email/)</example>
1017
+ <example host.name="foo.bar">foo.bar Hi, I'm a Mail-in-a-Box (Ubuntu/Postfix; see https://mailinabox.email/)</example>
1017
1018
  <param pos="0" name="service.vendor" value="Postfix"/>
1018
1019
  <param pos="0" name="service.family" value="Postfix"/>
1019
1020
  <param pos="0" name="service.product" value="Postfix"/>
@@ -1027,7 +1028,7 @@
1027
1028
 
1028
1029
  <fingerprint pattern="^([^ ]{1,512}) +E?SMTP Postfix \(Debian/GNU\)$">
1029
1030
  <description>Postfix - Debian</description>
1030
- <example>foo.bar ESMTP Postfix (Debian/GNU)</example>
1031
+ <example host.name="foo.bar">foo.bar ESMTP Postfix (Debian/GNU)</example>
1031
1032
  <param pos="0" name="service.vendor" value="Postfix"/>
1032
1033
  <param pos="0" name="service.family" value="Postfix"/>
1033
1034
  <param pos="0" name="service.product" value="Postfix"/>
@@ -1041,7 +1042,7 @@
1041
1042
 
1042
1043
  <fingerprint pattern="^([^ ]{1,512}) ESMTP.* Postfix *\(.+\) *$">
1043
1044
  <description>Postfix - generic banner with amusing comments in parentheses</description>
1044
- <example>foo.bar ESMTP Postfix (lol)</example>
1045
+ <example host.name="foo.bar">foo.bar ESMTP Postfix (lol)</example>
1045
1046
  <param pos="0" name="service.vendor" value="Postfix"/>
1046
1047
  <param pos="0" name="service.family" value="Postfix"/>
1047
1048
  <param pos="0" name="service.product" value="Postfix"/>
@@ -1051,8 +1052,8 @@
1051
1052
 
1052
1053
  <fingerprint pattern="(?i)^([^ ]{1,512}) {1,8}E?SMTP.* Postfix *$">
1053
1054
  <description>Postfix - generic banner</description>
1054
- <example>foo.bar ESMTP Postfix</example>
1055
- <example>foo.bar SMTP Postfix</example>
1055
+ <example host.name="foo.bar">foo.bar ESMTP Postfix</example>
1056
+ <example host.name="foo.bar">foo.bar SMTP Postfix</example>
1056
1057
  <param pos="0" name="service.vendor" value="Postfix"/>
1057
1058
  <param pos="0" name="service.family" value="Postfix"/>
1058
1059
  <param pos="0" name="service.product" value="Postfix"/>
@@ -1120,7 +1121,7 @@
1120
1121
 
1121
1122
  <fingerprint pattern="^([^ ]{1,512}) +ESMTP +Sendmail +([^ ]+) \(PHNE_([^ ]+)\) */ *(.+); *(.+) \(.+\)$">
1122
1123
  <description>Sendmail - HP-UX with a PHNE (HP Networking patch) installed</description>
1123
- <example host.name="foo.bar" service.version="8.8.6" sendmail.config.version="8.7.1">foo.bar ESMTP Sendmail 8.8.6 (PHNE_14041)/8.7.1; Tue, 6 Feb 2001 10:04:32 -0300 (SAT)</example>
1124
+ <example host.name="foo.bar" service.version="8.8.6" sendmail.config.version="8.7.1" sendmail.hpux.phne.version="14041" system.time="Tue, 6 Feb 2001 10:04:32 -0300">foo.bar ESMTP Sendmail 8.8.6 (PHNE_14041)/8.7.1; Tue, 6 Feb 2001 10:04:32 -0300 (SAT)</example>
1124
1125
  <param pos="0" name="service.vendor" value="Sendmail"/>
1125
1126
  <param pos="0" name="service.family" value="Sendmail"/>
1126
1127
  <param pos="0" name="service.product" value="Sendmail"/>
@@ -1139,7 +1140,7 @@
1139
1140
 
1140
1141
  <fingerprint pattern="^(\S{1,512}) ESMTP Sendmail \S+ version ([\d\.]+) - Revision \S+ HP-UX([\d\.]+).*(\w\w\w, \d+ \w\w\w \d\d\d\d [\d:]+ \w\w\w)$">
1141
1142
  <description>Sendmail - HP-UX</description>
1142
- <example host.name="foo.bar" os.version="11.31" service.version="8.13.3">foo.bar ESMTP Sendmail @(#)Sendmail version 8.13.3 - Revision 1.004:: HP-UX11.31 - 03rd February,2010/8.11.1; Wed, 20 May 2015 23:35:38 GMT</example>
1143
+ <example host.name="foo.bar" os.version="11.31" service.version="8.13.3" system.time="Wed, 20 May 2015 23:35:38 GMT">foo.bar ESMTP Sendmail @(#)Sendmail version 8.13.3 - Revision 1.004:: HP-UX11.31 - 03rd February,2010/8.11.1; Wed, 20 May 2015 23:35:38 GMT</example>
1143
1144
  <param pos="0" name="service.vendor" value="Sendmail"/>
1144
1145
  <param pos="0" name="service.family" value="Sendmail"/>
1145
1146
  <param pos="0" name="service.product" value="Sendmail"/>
@@ -1157,7 +1158,7 @@
1157
1158
 
1158
1159
  <fingerprint pattern="^([^ ]{1,512}) {1,8}ESMTP +Sendmail +([^ ]+)/UW([^ ]+) ready at *(.+) \(.+\) *$">
1159
1160
  <description>Sendmail - Unixware</description>
1160
- <example service.version="8.8.7">foo.bar ESMTP Sendmail 8.8.7/UW7.1.0 ready at Tue, 6 Feb 2001 16:39:30 -0300 (GMT-0300)</example>
1161
+ <example service.version="8.8.7" host.name="foo.bar" os.version="7.1.0" system.time="Tue, 6 Feb 2001 16:39:30 -0300">foo.bar ESMTP Sendmail 8.8.7/UW7.1.0 ready at Tue, 6 Feb 2001 16:39:30 -0300 (GMT-0300)</example>
1161
1162
  <param pos="0" name="service.vendor" value="Sendmail"/>
1162
1163
  <param pos="0" name="service.family" value="Sendmail"/>
1163
1164
  <param pos="0" name="service.product" value="Sendmail"/>
@@ -1174,7 +1175,7 @@
1174
1175
 
1175
1176
  <fingerprint pattern="^([^ ]{1,512}) ESMTP Sendmail AIX([^/]+)/UCB ([^;]+); (.+) \(.+\)$">
1176
1177
  <description>Sendmail - AIX (UCB variant)</description>
1177
- <example os.version="4.2" service.version="8.7">foo.bar ESMTP Sendmail AIX4.2/UCB 8.7; Sun, 29 Jul 2001 22:34:37 -0400 (EDT)</example>
1178
+ <example os.version="4.2" service.version="8.7" host.name="foo.bar" system.time="Sun, 29 Jul 2001 22:34:37 -0400">foo.bar ESMTP Sendmail AIX4.2/UCB 8.7; Sun, 29 Jul 2001 22:34:37 -0400 (EDT)</example>
1178
1179
  <param pos="0" name="service.vendor" value="Sendmail"/>
1179
1180
  <param pos="0" name="service.family" value="Sendmail"/>
1180
1181
  <param pos="0" name="service.product" value="Sendmail"/>
@@ -1192,7 +1193,7 @@
1192
1193
 
1193
1194
  <fingerprint pattern="^([^ ]{1,512}) Sendmail AIX([^/]+)/UCB ([^/]+)/([^ ]+) ready at (.+)$">
1194
1195
  <description>Sendmail - AIX (UCB/ready at variant)</description>
1195
- <example>foo.bar Sendmail AIX 4.1/UCB 5.64/4.03 ready at Mon, 30 Jul 2001 00:42:21 -0500</example>
1196
+ <example host.name="foo.bar" os.version=" 4.1" service.version="5.64" sendmail.config.version="4.03" system.time="Mon, 30 Jul 2001 00:42:21 -0500">foo.bar Sendmail AIX 4.1/UCB 5.64/4.03 ready at Mon, 30 Jul 2001 00:42:21 -0500</example>
1196
1197
  <param pos="0" name="service.vendor" value="Sendmail"/>
1197
1198
  <param pos="0" name="service.family" value="Sendmail"/>
1198
1199
  <param pos="0" name="service.product" value="Sendmail"/>
@@ -1211,8 +1212,8 @@
1211
1212
 
1212
1213
  <fingerprint pattern="^([^ ]{1,512}) ESMTP Sendmail AIX([^/]+)/([^/]+)/([^;]+); (.+)(?: \(.+\))?$">
1213
1214
  <description>Sendmail - AIX</description>
1214
- <example host.name="foo.bar" os.version="4.2" service.version="8.7" sendmail.config.version="8.8">foo.bar ESMTP Sendmail AIX4.2/8.7/8.8; Sun, 29 Jul 2001 22:34:37 -0400 (EDT)</example>
1215
- <example host.name="foo.bar" os.version="5.1" service.version="8.11.6p2" sendmail.config.version="8.11.0">foo.bar ESMTP Sendmail AIX5.1/8.11.6p2/8.11.0; Fri, 28 Aug 1970 19:42:05 -0800</example>
1215
+ <example host.name="foo.bar" os.version="4.2" service.version="8.7" sendmail.config.version="8.8" system.time="Sun, 29 Jul 2001 22:34:37 -0400 (EDT)">foo.bar ESMTP Sendmail AIX4.2/8.7/8.8; Sun, 29 Jul 2001 22:34:37 -0400 (EDT)</example>
1216
+ <example host.name="foo.bar" os.version="5.1" service.version="8.11.6p2" sendmail.config.version="8.11.0" system.time="Fri, 28 Aug 1970 19:42:05 -0800">foo.bar ESMTP Sendmail AIX5.1/8.11.6p2/8.11.0; Fri, 28 Aug 1970 19:42:05 -0800</example>
1216
1217
  <param pos="0" name="service.vendor" value="Sendmail"/>
1217
1218
  <param pos="0" name="service.family" value="Sendmail"/>
1218
1219
  <param pos="0" name="service.product" value="Sendmail"/>
@@ -1231,7 +1232,7 @@
1231
1232
 
1232
1233
  <fingerprint pattern="^([^ ]{1,512}) ESMTP Sendmail ([^/]+)/([^/]+)/SuSE Linux ([^;]+); (.+)$">
1233
1234
  <description>Sendmail - SuSE Linux</description>
1234
- <example>foo.bar ESMTP Sendmail 8.9.3/8.9.3/SuSE Linux 8.9.3-0.1; Mon, 30 Jul 2001 04:48:54 +0200</example>
1235
+ <example host.name="foo.bar" service.version="8.9.3" sendmail.config.version="8.9.3" sendmail.vendor.version="8.9.3-0.1" system.time="Mon, 30 Jul 2001 04:48:54 +0200">foo.bar ESMTP Sendmail 8.9.3/8.9.3/SuSE Linux 8.9.3-0.1; Mon, 30 Jul 2001 04:48:54 +0200</example>
1235
1236
  <param pos="0" name="service.vendor" value="Sendmail"/>
1236
1237
  <param pos="0" name="service.family" value="Sendmail"/>
1237
1238
  <param pos="0" name="service.product" value="Sendmail"/>
@@ -1250,7 +1251,7 @@
1250
1251
 
1251
1252
  <fingerprint pattern="^([^ ]{1,512}) ESMTP Sendmail ([^ ]+)\+Sun/([^ ]+); (.+)$">
1252
1253
  <description>Sendmail - Solaris with date (no time offeset variant)</description>
1253
- <example>foo.bar ESMTP Sendmail 8.9.3+Sun/8.9.1; Mon, 30 Jul 2001 02:50:22 GMT</example>
1254
+ <example host.name="foo.bar" service.version="8.9.3" sendmail.config.version="8.9.1" system.time="Mon, 30 Jul 2001 02:50:22 GMT">foo.bar ESMTP Sendmail 8.9.3+Sun/8.9.1; Mon, 30 Jul 2001 02:50:22 GMT</example>
1254
1255
  <param pos="0" name="service.vendor" value="Sendmail"/>
1255
1256
  <param pos="0" name="service.family" value="Sendmail"/>
1256
1257
  <param pos="0" name="service.product" value="Sendmail"/>
@@ -1268,7 +1269,7 @@
1268
1269
 
1269
1270
  <fingerprint pattern="^([^ ]{1,512}) ESMTP Sendmail ([^ ]+)\+Sun/([^ ]+) ready at (.+) \(.+\)$">
1270
1271
  <description>Sendmail - Solaris with date (ready variant)</description>
1271
- <example>foo.bar ESMTP Sendmail 8.8.8+Sun/8.6.4 ready at Thu, 15 Nov 2000 11:40:32 -0800 (PST)</example>
1272
+ <example host.name="foo.bar" service.version="8.8.8" sendmail.config.version="8.6.4" system.time="Thu, 15 Nov 2000 11:40:32 -0800">foo.bar ESMTP Sendmail 8.8.8+Sun/8.6.4 ready at Thu, 15 Nov 2000 11:40:32 -0800 (PST)</example>
1272
1273
  <param pos="0" name="service.vendor" value="Sendmail"/>
1273
1274
  <param pos="0" name="service.family" value="Sendmail"/>
1274
1275
  <param pos="0" name="service.product" value="Sendmail"/>
@@ -1286,8 +1287,8 @@
1286
1287
 
1287
1288
  <fingerprint pattern="^([^ ]{1,512}) ESMTP (?:Debian )?Sendmail ([^/]+)/([^/]+)/Debian ([^/]+); (.+) *$">
1288
1289
  <description>Sendmail - Debian</description>
1289
- <example service.version="8.12.0.Beta7" sendmail.config.version="8.12.0.Beta7" sendmail.vendor.version="8.12.0.Beta7-1">foo.bar ESMTP Debian Sendmail 8.12.0.Beta7/8.12.0.Beta7/Debian 8.12.0.Beta7-1; Sun, 29 Jul 2001 18:52:20 -0800</example>
1290
- <example service.version="8.11.0" sendmail.config.version="8.9.3" sendmail.vendor.version="8.9.3-21">foo.bar ESMTP Sendmail 8.11.0/8.9.3/Debian 8.9.3-21; Sun, 29 Jul 2001 19:51:00 -0700</example>
1290
+ <example service.version="8.12.0.Beta7" sendmail.config.version="8.12.0.Beta7" sendmail.vendor.version="8.12.0.Beta7-1" host.name="foo.bar" system.time="Sun, 29 Jul 2001 18:52:20 -0800">foo.bar ESMTP Debian Sendmail 8.12.0.Beta7/8.12.0.Beta7/Debian 8.12.0.Beta7-1; Sun, 29 Jul 2001 18:52:20 -0800</example>
1291
+ <example service.version="8.11.0" sendmail.config.version="8.9.3" sendmail.vendor.version="8.9.3-21" host.name="foo.bar" system.time="Sun, 29 Jul 2001 19:51:00 -0700">foo.bar ESMTP Sendmail 8.11.0/8.9.3/Debian 8.9.3-21; Sun, 29 Jul 2001 19:51:00 -0700</example>
1291
1292
  <param pos="0" name="service.vendor" value="Sendmail"/>
1292
1293
  <param pos="0" name="service.family" value="Sendmail"/>
1293
1294
  <param pos="0" name="service.product" value="Sendmail"/>
@@ -1306,8 +1307,8 @@
1306
1307
 
1307
1308
  <fingerprint pattern="^([^ ]{1,512}) ESMTP Sendmail ([^/]+)/([^/]+)/Debian-\d\+(?:wheezy|deb7u)\d; (.+);">
1308
1309
  <description>Sendmail - Debian 7.x (wheezy)</description>
1309
- <example host.name="foo.bar" service.version="8.14.4">foo.bar ESMTP Sendmail 8.14.4/8.14.4/Debian-4+wheezy1; Thu, 30 Nov 2017 10:33:05 +0100; (No UCE/UBE) logging access from: xyz.foo.bar(OK)-xyz.foo.bar [10.0.0.1]</example>
1310
- <example service.version="8.14.4">foo.bar ESMTP Sendmail 8.14.4/8.14.4/Debian-4+deb7u1; Thu, 30 Nov 2017 11:00:33 +0100; (No UCE/UBE) logging access from: xyz.foo.bar(OK)-xyz.foo.bar [10.0.0.1]</example>
1310
+ <example host.name="foo.bar" service.version="8.14.4" sendmail.config.version="8.14.4" system.time="Thu, 30 Nov 2017 10:33:05 +0100">foo.bar ESMTP Sendmail 8.14.4/8.14.4/Debian-4+wheezy1; Thu, 30 Nov 2017 10:33:05 +0100; (No UCE/UBE) logging access from: xyz.foo.bar(OK)-xyz.foo.bar [10.0.0.1]</example>
1311
+ <example service.version="8.14.4" host.name="foo.bar" sendmail.config.version="8.14.4" system.time="Thu, 30 Nov 2017 11:00:33 +0100">foo.bar ESMTP Sendmail 8.14.4/8.14.4/Debian-4+deb7u1; Thu, 30 Nov 2017 11:00:33 +0100; (No UCE/UBE) logging access from: xyz.foo.bar(OK)-xyz.foo.bar [10.0.0.1]</example>
1311
1312
  <param pos="0" name="service.vendor" value="Sendmail"/>
1312
1313
  <param pos="0" name="service.family" value="Sendmail"/>
1313
1314
  <param pos="0" name="service.product" value="Sendmail"/>
@@ -1326,7 +1327,7 @@
1326
1327
 
1327
1328
  <fingerprint pattern="^([^ ]{1,512}) ESMTP Sendmail ([^/]+)/([^/]+)/Debian-\d\+deb8u\d; (.+);">
1328
1329
  <description>Sendmail - Debian 8.x (jessie)</description>
1329
- <example service.version="8.14.4">foo.bar ESMTP Sendmail 8.14.4/8.14.4/Debian-8+deb8u2; Thu, 30 Nov 2017 10:25:48 +0100; (No UCE/UBE) logging access from: xyz.foo.bar(OK)-xyz.foo.bar [10.0.0.1]</example>
1330
+ <example service.version="8.14.4" host.name="foo.bar" sendmail.config.version="8.14.4" system.time="Thu, 30 Nov 2017 10:25:48 +0100">foo.bar ESMTP Sendmail 8.14.4/8.14.4/Debian-8+deb8u2; Thu, 30 Nov 2017 10:25:48 +0100; (No UCE/UBE) logging access from: xyz.foo.bar(OK)-xyz.foo.bar [10.0.0.1]</example>
1330
1331
  <param pos="0" name="service.vendor" value="Sendmail"/>
1331
1332
  <param pos="0" name="service.family" value="Sendmail"/>
1332
1333
  <param pos="0" name="service.product" value="Sendmail"/>
@@ -1345,7 +1346,7 @@
1345
1346
 
1346
1347
  <fingerprint pattern="^([^ ]{1,512}) ESMTP Sendmail ([^/]+)/([^/]+)/Debian-\d\+deb9u1; (.+);">
1347
1348
  <description>Sendmail - Debian 9.1 (stretch)</description>
1348
- <example host.name="foo.bar" service.version="8.15.2">foo.bar ESMTP Sendmail 8.15.2/8.15.2/Debian-8+deb9u1; Thu, 29 Apr 2021 06:45:02 +0200; (No UCE/UBE) logging access from: xyz.foo.bar(OK)-xyz.foo.bar [10.0.0.1]</example>
1349
+ <example host.name="foo.bar" service.version="8.15.2" sendmail.config.version="8.15.2" system.time="Thu, 29 Apr 2021 06:45:02 +0200">foo.bar ESMTP Sendmail 8.15.2/8.15.2/Debian-8+deb9u1; Thu, 29 Apr 2021 06:45:02 +0200; (No UCE/UBE) logging access from: xyz.foo.bar(OK)-xyz.foo.bar [10.0.0.1]</example>
1349
1350
  <param pos="0" name="service.vendor" value="Sendmail"/>
1350
1351
  <param pos="0" name="service.family" value="Sendmail"/>
1351
1352
  <param pos="0" name="service.product" value="Sendmail"/>
@@ -1364,7 +1365,7 @@
1364
1365
 
1365
1366
  <fingerprint pattern="^([^ ]{1,512}) ESMTP Sendmail ([^/]+)/([^/]+)/Debian-\d\+lenny\d; (.+);">
1366
1367
  <description>Sendmail - Debian 5.x (lenny)</description>
1367
- <example service.version="8.14.3">foo.bar ESMTP Sendmail 8.14.3/8.14.3/Debian-5+lenny1; Thu, 30 Nov 2017 12:29:40 +0300; (No UCE/UBE) logging access from: xyz.foo.bar(OK)-xyz.foo.bar [10.0.0.1]</example>
1368
+ <example service.version="8.14.3" host.name="foo.bar" sendmail.config.version="8.14.3" system.time="Thu, 30 Nov 2017 12:29:40 +0300">foo.bar ESMTP Sendmail 8.14.3/8.14.3/Debian-5+lenny1; Thu, 30 Nov 2017 12:29:40 +0300; (No UCE/UBE) logging access from: xyz.foo.bar(OK)-xyz.foo.bar [10.0.0.1]</example>
1368
1369
  <param pos="0" name="service.vendor" value="Sendmail"/>
1369
1370
  <param pos="0" name="service.family" value="Sendmail"/>
1370
1371
  <param pos="0" name="service.product" value="Sendmail"/>
@@ -1383,7 +1384,7 @@
1383
1384
 
1384
1385
  <fingerprint pattern="^([^ ]{1,512}) ESMTP Sendmail ([^/]+)/([^/]+)/Debian-\d\+etch\d; (.+);">
1385
1386
  <description>Sendmail - Debian 4.x (etch)</description>
1386
- <example service.version="8.13.8" sendmail.config.version="8.13.8">foo.bar ESMTP Sendmail 8.13.8/8.13.8/Debian-3+etch1; Thu, 30 Nov 2017 10:28:23 +0100; (No UCE/UBE) logging access from: xyz.foo.bar(OK)-xyz.foo.bar [10.0.0.1]</example>
1387
+ <example service.version="8.13.8" sendmail.config.version="8.13.8" host.name="foo.bar" system.time="Thu, 30 Nov 2017 10:28:23 +0100">foo.bar ESMTP Sendmail 8.13.8/8.13.8/Debian-3+etch1; Thu, 30 Nov 2017 10:28:23 +0100; (No UCE/UBE) logging access from: xyz.foo.bar(OK)-xyz.foo.bar [10.0.0.1]</example>
1387
1388
  <param pos="0" name="service.vendor" value="Sendmail"/>
1388
1389
  <param pos="0" name="service.family" value="Sendmail"/>
1389
1390
  <param pos="0" name="service.product" value="Sendmail"/>
@@ -1402,7 +1403,7 @@
1402
1403
 
1403
1404
  <fingerprint pattern="^([^ ]{1,512}) ESMTP Sendmail ([^/]+)/([^/]+)/Debian-\dsarge\d; (.+);">
1404
1405
  <description>Sendmail - Debian 3.1 (sarge)</description>
1405
- <example service.version="8.13.4">foo.bar ESMTP Sendmail 8.13.4/8.13.4/Debian-3sarge1; Thu, 30 Nov 2017 10:55:47 +0100; (No UCE/UBE) logging access from: xyz.foo.bar(OK)-xyz.foo.bar [10.0.0.1]</example>
1406
+ <example service.version="8.13.4" host.name="foo.bar" sendmail.config.version="8.13.4" system.time="Thu, 30 Nov 2017 10:55:47 +0100">foo.bar ESMTP Sendmail 8.13.4/8.13.4/Debian-3sarge1; Thu, 30 Nov 2017 10:55:47 +0100; (No UCE/UBE) logging access from: xyz.foo.bar(OK)-xyz.foo.bar [10.0.0.1]</example>
1406
1407
  <param pos="0" name="service.vendor" value="Sendmail"/>
1407
1408
  <param pos="0" name="service.family" value="Sendmail"/>
1408
1409
  <param pos="0" name="service.product" value="Sendmail"/>
@@ -1421,9 +1422,9 @@
1421
1422
 
1422
1423
  <fingerprint pattern="^([^ ]{1,512}) ESMTP Sendmail ([^/]+)/([^/]+)/Debian-\d(?:\.\d)?(?:build\d)?;+ (.+);">
1423
1424
  <description>Sendmail - Debian patch only</description>
1424
- <example service.version="8.15.2">foo.bar ESMTP Sendmail 8.15.2/8.15.2/Debian-3; Thu, 30 Nov 2017 10:55:50 +0200; (No UCE/UBE) logging access from: xyz.foo.bar(OK)-xyz.foo.bar [10.0.0.1]</example>
1425
- <example service.version="8.14.3">foo.bar ESMTP Sendmail 8.14.3/8.14.3/Debian-9.4; Thu, 30 Nov 2017 10:11:54 +0100; (No UCE/UBE) logging access from: xyz.foo.bar(OK)-xyz.foo.bar [10.0.0.1]</example>
1426
- <example service.version="8.14.2">foo.bar ESMTP Sendmail 8.14.2/8.14.2/Debian-2build1; Thu, 30 Nov 2017 04:09:50 -0600; (No UCE/UBE) logging access from: xyz.foo.bar(OK)-xyz.foo.bar [10.0.0.1]</example>
1425
+ <example service.version="8.15.2" host.name="foo.bar" sendmail.config.version="8.15.2" system.time="Thu, 30 Nov 2017 10:55:50 +0200">foo.bar ESMTP Sendmail 8.15.2/8.15.2/Debian-3; Thu, 30 Nov 2017 10:55:50 +0200; (No UCE/UBE) logging access from: xyz.foo.bar(OK)-xyz.foo.bar [10.0.0.1]</example>
1426
+ <example service.version="8.14.3" host.name="foo.bar" sendmail.config.version="8.14.3" system.time="Thu, 30 Nov 2017 10:11:54 +0100">foo.bar ESMTP Sendmail 8.14.3/8.14.3/Debian-9.4; Thu, 30 Nov 2017 10:11:54 +0100; (No UCE/UBE) logging access from: xyz.foo.bar(OK)-xyz.foo.bar [10.0.0.1]</example>
1427
+ <example service.version="8.14.2" host.name="foo.bar" sendmail.config.version="8.14.2" system.time="Thu, 30 Nov 2017 04:09:50 -0600">foo.bar ESMTP Sendmail 8.14.2/8.14.2/Debian-2build1; Thu, 30 Nov 2017 04:09:50 -0600; (No UCE/UBE) logging access from: xyz.foo.bar(OK)-xyz.foo.bar [10.0.0.1]</example>
1427
1428
  <param pos="0" name="service.vendor" value="Sendmail"/>
1428
1429
  <param pos="0" name="service.family" value="Sendmail"/>
1429
1430
  <param pos="0" name="service.product" value="Sendmail"/>
@@ -1441,8 +1442,8 @@
1441
1442
 
1442
1443
  <fingerprint pattern="^([^ ]{1,512}) ESMTP Sendmail ([^/]+)/[^/]+/Debian-[\d.]+ubuntu[^ ]*; (.+);">
1443
1444
  <description>Sendmail - Ubuntu</description>
1444
- <example service.version="8.13.5.20060308">foo.bar ESMTP Sendmail 8.13.5.20060308/8.13.5/Debian-3ubuntu1.1; Fri, 24 Jul 2009 01:41:21 -0700; (No UCE/UBE) logging access from: xyz.foo.bar(OK)-xyz.foo.bar [10.0.0.1]</example>
1445
- <example service.version="8.14.4">foo.bar ESMTP Sendmail 8.14.4/8.14.4/Debian-4.1ubuntu1; Thu, 30 Nov 2017 11:00:30 +0100; (No UCE/UBE) logging access from: xyz.foo.bar(OK)-xyz.foo.bar [10.0.0.1]</example>
1445
+ <example service.version="8.13.5.20060308" host.name="foo.bar" system.time="Fri, 24 Jul 2009 01:41:21 -0700">foo.bar ESMTP Sendmail 8.13.5.20060308/8.13.5/Debian-3ubuntu1.1; Fri, 24 Jul 2009 01:41:21 -0700; (No UCE/UBE) logging access from: xyz.foo.bar(OK)-xyz.foo.bar [10.0.0.1]</example>
1446
+ <example service.version="8.14.4" host.name="foo.bar" system.time="Thu, 30 Nov 2017 11:00:30 +0100">foo.bar ESMTP Sendmail 8.14.4/8.14.4/Debian-4.1ubuntu1; Thu, 30 Nov 2017 11:00:30 +0100; (No UCE/UBE) logging access from: xyz.foo.bar(OK)-xyz.foo.bar [10.0.0.1]</example>
1446
1447
  <param pos="0" name="service.vendor" value="Sendmail"/>
1447
1448
  <param pos="0" name="service.family" value="Sendmail"/>
1448
1449
  <param pos="0" name="service.product" value="Sendmail"/>
@@ -1459,7 +1460,7 @@
1459
1460
 
1460
1461
  <fingerprint pattern="^([^ ]{1,512}) (?:E?SMTP )?Sendmail SMI-([^/]+)/(SMI-SVR4) ready at (.+)$">
1461
1462
  <description>Sendmail - Solaris (SMI variant)</description>
1462
- <example>foo.bar Sendmail SMI-8.6/SMI-SVR4 ready at Sun, 29 Jul 2001 22:58:46 -0400</example>
1463
+ <example host.name="foo.bar" service.version="8.6" sendmail.config.version="SMI-SVR4" system.time="Sun, 29 Jul 2001 22:58:46 -0400">foo.bar Sendmail SMI-8.6/SMI-SVR4 ready at Sun, 29 Jul 2001 22:58:46 -0400</example>
1463
1464
  <param pos="0" name="service.vendor" value="Sendmail"/>
1464
1465
  <param pos="0" name="service.family" value="Sendmail"/>
1465
1466
  <param pos="0" name="service.product" value="Sendmail"/>
@@ -1477,7 +1478,7 @@
1477
1478
 
1478
1479
  <fingerprint pattern="^([^ ]{1,512}) ESMTP Sendmail ([^ ]+)/(linuxconf); (.+)$">
1479
1480
  <description>Sendmail - unknown platform (linuxconf variant)</description>
1480
- <example>foo.bar ESMTP Sendmail 8.9.3/linuxconf; Sun, 29 Jul 2001 22:48:28 -0400</example>
1481
+ <example host.name="foo.bar" service.version="8.9.3" sendmail.config.version="linuxconf" system.time="Sun, 29 Jul 2001 22:48:28 -0400">foo.bar ESMTP Sendmail 8.9.3/linuxconf; Sun, 29 Jul 2001 22:48:28 -0400</example>
1481
1482
  <param pos="0" name="service.vendor" value="Sendmail"/>
1482
1483
  <param pos="0" name="service.family" value="Sendmail"/>
1483
1484
  <param pos="0" name="service.product" value="Sendmail"/>
@@ -1493,7 +1494,7 @@
1493
1494
 
1494
1495
  <fingerprint pattern="^([^ ]{1,512}) ESMTP MetaInfo Sendmail ([^ ]+) Build ([^ ]+) \(Berkeley ([^ ]+)\)/([^;]+); (.+)$">
1495
1496
  <description>Sendmail - MetaInfo</description>
1496
- <example host.name="foo.bar" service.version="8.8.6">foo.bar ESMTP MetaInfo Sendmail 2.5 Build 2630 (Berkeley 8.8.6)/8.8.4; Mon, 30 Jul</example>
1497
+ <example host.name="foo.bar" service.version="8.8.6" metainfo.version="2.5" metainfo.version.version="2630" sendmail.config.version="8.8.4" system.time="Mon, 30 Jul">foo.bar ESMTP MetaInfo Sendmail 2.5 Build 2630 (Berkeley 8.8.6)/8.8.4; Mon, 30 Jul</example>
1497
1498
  <param pos="0" name="service.vendor" value="MetaInfo"/>
1498
1499
  <param pos="0" name="service.family" value="Sendmail"/>
1499
1500
  <param pos="0" name="service.product" value="Sendmail"/>
@@ -1514,10 +1515,10 @@
1514
1515
  <description>Sendmail - optional timezone and timestamp, w/o OS</description>
1515
1516
  <example host.name="foo.bar" service.version="8.9.3+3.4W" sendmail.config.version="8.9.3+3.4W" system.time="Tue, 30 Jan 2001 20:40:09 -0500">foo.bar ESMTP Sendmail 8.9.3+3.4W/8.9.3+3.4W; Tue, 30 Jan 2001 20:40:09 -0500 (EST)</example>
1516
1517
  <example host.name="foo.bar" service.version="8.12.10" sendmail.config.version="8.12.10">foo.bar ESMTP Sendmail 8.12.10/8.12.10;</example>
1517
- <example host.name="foo.bar" service.version="8.8.8" sendmail.config.version="8.8.9">foo.bar ESMTP Sendmail 8.8.8/8.8.9; Wed, 21 Nov 2001 23:39:07 +0100 (CET)</example>
1518
- <example host.name="foo.bar" service.version="8.8.8" sendmail.config.version="8.8.9">foo.bar ESMTP blah Sendmail 8.8.8/8.8.9; Wed, 21 Nov 2001 23:39:07 +0100 (CET)</example>
1519
- <example host.name="foo.bar" service.version="8.10.2" sendmail.config.version="8.10.3">foo.bar ESMTP Sendmail 8.10.2/8.10.3; Mon, 10 Sep 2001 08:37:14 -0400</example>
1520
- <example host.name="foo.bar" service.version="8.13.8" sendmail.config.version="8.13.9">foo.bar ESMTP foo-MTA Sendmail 8.13.8/8.13.9; Mon, 18 Apr 2011 08:52:38 -0700</example>
1518
+ <example host.name="foo.bar" service.version="8.8.8" sendmail.config.version="8.8.9" system.time="Wed, 21 Nov 2001 23:39:07 +0100">foo.bar ESMTP Sendmail 8.8.8/8.8.9; Wed, 21 Nov 2001 23:39:07 +0100 (CET)</example>
1519
+ <example host.name="foo.bar" service.version="8.8.8" sendmail.config.version="8.8.9" system.time="Wed, 21 Nov 2001 23:39:07 +0100">foo.bar ESMTP blah Sendmail 8.8.8/8.8.9; Wed, 21 Nov 2001 23:39:07 +0100 (CET)</example>
1520
+ <example host.name="foo.bar" service.version="8.10.2" sendmail.config.version="8.10.3" system.time="Mon, 10 Sep 2001 08:37:14 -0400">foo.bar ESMTP Sendmail 8.10.2/8.10.3; Mon, 10 Sep 2001 08:37:14 -0400</example>
1521
+ <example host.name="foo.bar" service.version="8.13.8" sendmail.config.version="8.13.9" system.time="Mon, 18 Apr 2011 08:52:38 -0700">foo.bar ESMTP foo-MTA Sendmail 8.13.8/8.13.9; Mon, 18 Apr 2011 08:52:38 -0700</example>
1521
1522
  <param pos="0" name="service.vendor" value="Sendmail"/>
1522
1523
  <param pos="0" name="service.product" value="Sendmail"/>
1523
1524
  <param pos="0" name="system.time.format" value="EEE, d MMM yyyy HH:mm:ss Z"/>
@@ -1556,7 +1557,7 @@
1556
1557
 
1557
1558
  <fingerprint pattern="^([^ ]{1,512}) +ESMTP +Sendmail ([^ /]+) - \([^\)]+\)/[^ ]+;? *(\w\w\w, \d+ \w\w\w \d\d\d\d [\d:]+ [-+]\d\d\d\d)(?: \(.+\)) *$">
1558
1559
  <description>Sendmail - revision variant 1</description>
1559
- <example>foo.foo.bar ESMTP Sendmail 8.11.1 - (Revision 1.010)/8.9.3; Sat, 22 Jan 2011 10:08:35 -0500 (EST)</example>
1560
+ <example host.name="foo.foo.bar" service.version="8.11.1" system.time="Sat, 22 Jan 2011 10:08:35 -0500">foo.foo.bar ESMTP Sendmail 8.11.1 - (Revision 1.010)/8.9.3; Sat, 22 Jan 2011 10:08:35 -0500 (EST)</example>
1560
1561
  <param pos="0" name="service.vendor" value="Sendmail"/>
1561
1562
  <param pos="0" name="service.family" value="Sendmail"/>
1562
1563
  <param pos="0" name="service.product" value="Sendmail"/>
@@ -1569,7 +1570,7 @@
1569
1570
 
1570
1571
  <fingerprint pattern="^([^ ]{1,512}) +ESMTP +Sendmail +(?:[^ ]+) +version +([^ ]+) +- +(?:[^;]+); *(\w\w\w, \d+ \w\w\w \d\d\d\d [\d:]+ [-+]\d\d\d\d)(?: \(.+\)) *$">
1571
1572
  <description>Sendmail - revision variant 2</description>
1572
- <example>foo.foo.bar ESMTP Sendmail @(#)Sendmail version 8.13.3 - Revision 2.007 - 8 December 2008/8.8.6; Wed, 21 Jul 2010 11:17:01 -0400 (EDT)</example>
1573
+ <example host.name="foo.foo.bar" service.version="8.13.3" system.time="Wed, 21 Jul 2010 11:17:01 -0400">foo.foo.bar ESMTP Sendmail @(#)Sendmail version 8.13.3 - Revision 2.007 - 8 December 2008/8.8.6; Wed, 21 Jul 2010 11:17:01 -0400 (EDT)</example>
1573
1574
  <param pos="0" name="service.vendor" value="Sendmail"/>
1574
1575
  <param pos="0" name="service.family" value="Sendmail"/>
1575
1576
  <param pos="0" name="service.product" value="Sendmail"/>
@@ -1582,11 +1583,11 @@
1582
1583
 
1583
1584
  <fingerprint pattern="(?i)^([^ ]{1,512}) {1,8}(?:ESMTP +)?Sendmail *(?: Ready.? ?)?(?:;|at)? ?((?:\w\w\w, \d+ \w\w\w \d\d\d\d [\d:]+ [-+]\d\d\d\d)?)(?: \(.+\))?$">
1584
1585
  <description>Sendmail - with date, w/o version or platform, optional status string.</description>
1585
- <example host.name="foo.bar">foo.bar ESMTP Sendmail ; Thu, 30 Nov 2017 17:50:14 +0900</example>
1586
- <example host.name="foo.bar">foo.bar ESMTP Sendmail; Thu, 30 Nov 2017 17:50:14 +0900</example>
1586
+ <example host.name="foo.bar" system.time="Thu, 30 Nov 2017 17:50:14 +0900">foo.bar ESMTP Sendmail ; Thu, 30 Nov 2017 17:50:14 +0900</example>
1587
+ <example host.name="foo.bar" system.time="Thu, 30 Nov 2017 17:50:14 +0900">foo.bar ESMTP Sendmail; Thu, 30 Nov 2017 17:50:14 +0900</example>
1587
1588
  <example host.name="foo.bar" system.time="Wed, 20 May 2015 17:17:56 -0600">foo.bar ESMTP Sendmail Wed, 20 May 2015 17:17:56 -0600</example>
1588
1589
  <example host.name="foo.bar" system.time="Thu, 30 Nov 2017 10:24:14 +0100">foo.bar ESMTP Sendmail Ready; Thu, 30 Nov 2017 10:24:14 +0100</example>
1589
- <example host.name="foo.bar">foo.bar ESMTP Sendmail ready at Fri, 6 Apr 2018 04:57:01 +0900</example>
1590
+ <example host.name="foo.bar" system.time="Fri, 6 Apr 2018 04:57:01 +0900">foo.bar ESMTP Sendmail ready at Fri, 6 Apr 2018 04:57:01 +0900</example>
1590
1591
  <example host.name="foo.bar">foo.bar ESMTP Sendmail ready</example>
1591
1592
  <example host.name="foo.bar">foo.bar ESMTP Sendmail ready. </example>
1592
1593
  <example host.name="foo.bar">foo.bar ESMTP Sendmail</example>
@@ -1616,7 +1617,7 @@
1616
1617
 
1617
1618
  <fingerprint pattern="^([^ ]{1,512}) +ESMTP +Sendmail ([^ /]+) \([^\)]+\) *(.+) \(.+\)$">
1618
1619
  <description>Sendmail - unknown (date in version string variant)</description>
1619
- <example>mail.foo.bar ESMTP Sendmail 8.11.1 (1.1.2.11/12Jul01-1016AM) Wed, 8 Jan 2003 11:21:22 +0100 (MET)</example>
1620
+ <example host.name="mail.foo.bar" service.version="8.11.1" system.time="Wed, 8 Jan 2003 11:21:22 +0100">mail.foo.bar ESMTP Sendmail 8.11.1 (1.1.2.11/12Jul01-1016AM) Wed, 8 Jan 2003 11:21:22 +0100 (MET)</example>
1620
1621
  <param pos="0" name="service.vendor" value="Sendmail"/>
1621
1622
  <param pos="0" name="service.family" value="Sendmail"/>
1622
1623
  <param pos="0" name="service.product" value="Sendmail"/>
@@ -1668,10 +1669,10 @@
1668
1669
 
1669
1670
  <fingerprint pattern="^(?:2.0.0 )?([^ ]{1,512}) ESMTP ecelerity (\d\.[\d.]+) r\(([^)]+)\) (\w\w\w, \d+ \w\w\w \d\d\d\d [\d:]+ [-+]\d\d\d\d) *$">
1670
1671
  <description>Ecelerity</description>
1671
- <example host.name="foo.bar" system.time="Thu, 30 Nov 2017 05:11:00 -0500">2.0.0 foo.bar ESMTP ecelerity 4.0.0.43760 r(Platform:4.0.0.1) Thu, 30 Nov 2017 05:11:00 -0500</example>
1672
- <example>foo.bar ESMTP ecelerity 3.3.1.44388 r(44388) Thu, 30 Nov 2017 03:10:11 -0700</example>
1673
- <example>foo.bar ESMTP ecelerity 3.6.25.56547 r(Core:3.6.25.0) Thu, 30 Nov 2017 03:17:07 -0600</example>
1674
- <example service.version="4.2.37.61980" service.component.version=":">foo.bar ESMTP ecelerity 4.2.37.61980 r(:) Thu, 30 Nov 2017 09:58:54 +0000</example>
1672
+ <example host.name="foo.bar" system.time="Thu, 30 Nov 2017 05:11:00 -0500" service.version="4.0.0.43760" service.component.version="Platform:4.0.0.1">2.0.0 foo.bar ESMTP ecelerity 4.0.0.43760 r(Platform:4.0.0.1) Thu, 30 Nov 2017 05:11:00 -0500</example>
1673
+ <example host.name="foo.bar" service.version="3.3.1.44388" service.component.version="44388" system.time="Thu, 30 Nov 2017 03:10:11 -0700">foo.bar ESMTP ecelerity 3.3.1.44388 r(44388) Thu, 30 Nov 2017 03:10:11 -0700</example>
1674
+ <example host.name="foo.bar" service.version="3.6.25.56547" service.component.version="Core:3.6.25.0" system.time="Thu, 30 Nov 2017 03:17:07 -0600">foo.bar ESMTP ecelerity 3.6.25.56547 r(Core:3.6.25.0) Thu, 30 Nov 2017 03:17:07 -0600</example>
1675
+ <example service.version="4.2.37.61980" service.component.version=":" host.name="foo.bar" system.time="Thu, 30 Nov 2017 09:58:54 +0000">foo.bar ESMTP ecelerity 4.2.37.61980 r(:) Thu, 30 Nov 2017 09:58:54 +0000</example>
1675
1676
  <param pos="0" name="service.vendor" value="Ecelerity"/>
1676
1677
  <param pos="0" name="service.family" value="Ecelerity Mail Server"/>
1677
1678
  <param pos="0" name="service.product" value="Ecelerity Mail Server"/>
@@ -1684,9 +1685,9 @@
1684
1685
 
1685
1686
  <fingerprint pattern="(?i)^([^ ]{1,512}) SMTP Server SLMail v?(\d\.[\d.]+) Ready ESMTP spoken here *$">
1686
1687
  <description>Seattle Labs SLMail server for Windows NT/2k (v2.7 runs on Win9x)</description>
1687
- <example service.version="2.7">foo.bar Smtp Server SLMail v2.7 Ready ESMTP spoken here</example>
1688
- <example service.version="3.2.3113">foo.bar SMTP Server SLmail 3.2.3113 Ready ESMTP spoken here</example>
1689
- <example service.version="5.5.0.4433">foo.bar SMTP Server SLmail 5.5.0.4433 Ready ESMTP spoken here</example>
1688
+ <example service.version="2.7" host.name="foo.bar">foo.bar Smtp Server SLMail v2.7 Ready ESMTP spoken here</example>
1689
+ <example service.version="3.2.3113" host.name="foo.bar">foo.bar SMTP Server SLmail 3.2.3113 Ready ESMTP spoken here</example>
1690
+ <example service.version="5.5.0.4433" host.name="foo.bar">foo.bar SMTP Server SLmail 5.5.0.4433 Ready ESMTP spoken here</example>
1690
1691
  <param pos="0" name="service.vendor" value="Seattle Labs"/>
1691
1692
  <param pos="0" name="service.family" value="SLMail"/>
1692
1693
  <param pos="0" name="service.product" value="SLMail"/>
@@ -1748,9 +1749,9 @@
1748
1749
 
1749
1750
  <fingerprint pattern="^([^ ]{1,512}) VPOP3 E?SMTP Server (?:Ready|access not allowed!)$">
1750
1751
  <description>VPOP3 Email server: http://www.pscs.co.uk/products/vpop3/index.html</description>
1751
- <example>foo.bar VPOP3 ESMTP Server Ready</example>
1752
- <example>foo.bar VPOP3 SMTP Server Ready</example>
1753
- <example>foo.bar VPOP3 SMTP Server access not allowed!</example>
1752
+ <example host.name="foo.bar">foo.bar VPOP3 ESMTP Server Ready</example>
1753
+ <example host.name="foo.bar">foo.bar VPOP3 SMTP Server Ready</example>
1754
+ <example host.name="foo.bar">foo.bar VPOP3 SMTP Server access not allowed!</example>
1754
1755
  <param pos="0" name="service.vendor" value="Paul Smith Computer Services"/>
1755
1756
  <param pos="0" name="service.family" value="VPOP3"/>
1756
1757
  <param pos="0" name="service.product" value="VPOP3"/>
@@ -1759,7 +1760,7 @@
1759
1760
 
1760
1761
  <fingerprint pattern="^([^ ]{1,512}) WebShield SMTP V([^ ]+\.[^ ]+) ([^ ]+)? ?Network Associates.*Ready at (.+) *$">
1761
1762
  <description>McAfee WebShield</description>
1762
- <example host.name="foo.bar" service.version="4.5" service.version.version="MR1a">foo.bar WebShield SMTP V4.5 MR1a Network Associates, Inc. Ready at Thu Nov 30 09:15:32 2017</example>
1763
+ <example host.name="foo.bar" service.version="4.5" service.version.version="MR1a" system.time="Thu Nov 30 09:15:32 2017">foo.bar WebShield SMTP V4.5 MR1a Network Associates, Inc. Ready at Thu Nov 30 09:15:32 2017</example>
1763
1764
  <example host.name="foo.bar" service.version="4.5" system.time="Thu Nov 30 09:15:32 2017">foo.bar WebShield SMTP V4.5 Network Associates, Inc. Ready at Thu Nov 30 09:15:32 2017</example>
1764
1765
  <param pos="0" name="service.vendor" value="McAfee"/>
1765
1766
  <param pos="0" name="service.family" value="WebShield"/>
@@ -1824,7 +1825,7 @@
1824
1825
 
1825
1826
  <fingerprint pattern="^ESMTP - WinRoute Pro ([^ ]+\.[^ ]+) *(?: #\d)? ?.?((?:\w\w\w, \d+ \w\w\w \d\d\d\d [\d:]+ [-+]\d\d\d\d)?)$">
1826
1827
  <description>WinRoute Pro w/o hostname</description>
1827
- <example service.version="4.2.1">ESMTP - WinRoute Pro 4.2.1 Thu, 16 Nov 2017 11:48:15 +0300</example>
1828
+ <example service.version="4.2.1" system.time="Thu, 16 Nov 2017 11:48:15 +0300">ESMTP - WinRoute Pro 4.2.1 Thu, 16 Nov 2017 11:48:15 +0300</example>
1828
1829
  <param pos="0" name="service.family" value="WinRoute"/>
1829
1830
  <param pos="0" name="service.product" value="WinRoute"/>
1830
1831
  <param pos="0" name="system.time.format" value="EEE, dd MMM yyyy HH:mm:ss Z"/>
@@ -1834,7 +1835,7 @@
1834
1835
 
1835
1836
  <fingerprint pattern="^([^ ]{1,512}) ZMailer Server (\d\.[\d.]+) #([^ ]+) ESMTP ready at (.+) *$">
1836
1837
  <description>ZMailer http://www.zmailer.org/technical.html</description>
1837
- <example service.version="2.99.57" service.version.version="1">foo.bar ZMailer Server 2.99.57 #1 ESMTP ready at Thu, 16 Nov 2017 12:00:12 +0300</example>
1838
+ <example service.version="2.99.57" service.version.version="1" host.name="foo.bar" system.time="Thu, 16 Nov 2017 12:00:12 +0300">foo.bar ZMailer Server 2.99.57 #1 ESMTP ready at Thu, 16 Nov 2017 12:00:12 +0300</example>
1838
1839
  <param pos="0" name="service.vendor" value="ZMailer"/>
1839
1840
  <param pos="0" name="service.family" value="ZMailer"/>
1840
1841
  <param pos="0" name="service.product" value="ZMailer"/>
@@ -1847,7 +1848,7 @@
1847
1848
 
1848
1849
  <fingerprint pattern="^([^ ]{1,512}) ZMailer Server (\d\.[\d.]+) #([^ ]+) ESMTP\+IDENT ready at (.+) *$">
1849
1850
  <description>ZMailer server that supports IDENT</description>
1850
- <example service.version="2.99.55" service.version.version="16">foo.bar ZMailer Server 2.99.55 #16 ESMTP+IDENT ready at Thu, 16 Nov 2017 06:51:42 -0300</example>
1851
+ <example service.version="2.99.55" service.version.version="16" host.name="foo.bar" system.time="Thu, 16 Nov 2017 06:51:42 -0300">foo.bar ZMailer Server 2.99.55 #16 ESMTP+IDENT ready at Thu, 16 Nov 2017 06:51:42 -0300</example>
1851
1852
  <param pos="0" name="service.vendor" value="ZMailer"/>
1852
1853
  <param pos="0" name="service.family" value="ZMailer"/>
1853
1854
  <param pos="0" name="service.product" value="ZMailer"/>
@@ -1862,7 +1863,7 @@
1862
1863
  <fingerprint pattern="^([^ ]{1,512}) Kerio Connect (\d\.[\d.]+) (?:patch (\d) )?ESMTP ready$">
1863
1864
  <description>Kerio Connect ESMTP</description>
1864
1865
  <example host.name="foo.bar" service.version="8.0.2">foo.bar Kerio Connect 8.0.2 ESMTP ready</example>
1865
- <example service.version="9.2.5" service.version.version="3">foo.bar Kerio Connect 9.2.5 patch 3 ESMTP ready</example>
1866
+ <example service.version="9.2.5" service.version.version="3" host.name="foo.bar">foo.bar Kerio Connect 9.2.5 patch 3 ESMTP ready</example>
1866
1867
  <param pos="0" name="service.vendor" value="Kerio"/>
1867
1868
  <param pos="0" name="service.family" value="Connect"/>
1868
1869
  <param pos="0" name="service.product" value="ESMTP"/>
@@ -1914,7 +1915,7 @@
1914
1915
 
1915
1916
  <fingerprint pattern="^([^ ]{1,512}) Service ready by David.fx \((\d+)\) ESMTP Server \(Tobit.Software, Germany\)$">
1916
1917
  <description>Tobit Software David</description>
1917
- <example service.version="0486">foo.bar Service ready by David.fx (0486) ESMTP Server (Tobit.Software, Germany)</example>
1918
+ <example service.version="0486" host.name="foo.bar">foo.bar Service ready by David.fx (0486) ESMTP Server (Tobit.Software, Germany)</example>
1918
1919
  <param pos="0" name="service.vendor" value="Tobit Software"/>
1919
1920
  <param pos="0" name="service.family" value="David"/>
1920
1921
  <param pos="0" name="service.product" value="ESMTP"/>