We’ve noticed an issue with the feed since August 15th. Scans now take much longer to perform as many scripts hang until they time-out. Benchmark scans show a change from approximately 3 minutes to 3 hours.
The announcement for GCE 4.2.19 seems to indicate that the issue requires a software update. However, no releases have been performed on openvas-manager and openvas-scanner.
I attempted to build openvas-manager’s 7.0 branch which appears to contain a fix 3 days ago matching the announcement date, but the issue persists. Processes keep waiting for a stream indefinitely (strace reports "recvfrom(X, ")
I’ve also looked at a related commit in the scanner, which has not been backported to the stable branch. The code has moved a lot so it’s not as easy as cherry-picking the commit. Is a backport already on the way?
Would it be possible to have more details on the issue to help with a resolution?
I have tested the patch and we are back to normal timings. Perhaps even faster, although there are quite a few other factors at play on this scale.
The 5.1 branch would not build as-is however as it seems to rely on some unreleased changes in the libraries. However, the patch works just fine by itself. Leaving this out here in case anyone wants a functioning scanner without rebuilding the entire stack:
git clone https://github.com/greenbone/openvas-scanner.git
git checkout v5.1.2
git cherry-pick -n eff5794e3e4b8bfa8819782d7f4183dcecb33169
cmake -DCMAKE_INSTALL_PREFIX="" -DDATADIR=/usr/share -DEXEC_PREFIX=/usr -DLOCALSTATEDIR=/var ..
make; make install
This depends on where you did get OpenVAS from. If you did build from sources you have to include the patch and build it on your own. If you did get it from distribution packages you should open an issue at the maintainers bug tracker.
The patch itself is currently only available at the git repo but will be included in the next openvas-scanner release of course.
I installed everything from the PPA and simply use the newly built binary file from /usr/sbin/openvassd. The build process happens in a separate environment. As long as you install the dev libraries from the PPA in the build environment, everything should be fine.
Hopefully the PPA will get updated to the new releases soon and the workaround will no longer be required.
@sp0re The Kali repositories should already have the new packages fixing this issue according to the following post below and there is no need to build from source.
If you still have issues with the latest packages of openvas-scanner 5.1.3 and libopenvas9 9.0.3 then its very likely that you’re not facing the issue discussed (and already solved) here and i would suggest to open a new thread explaining your issue in much more detail.
This is mostly derived from the install from source documentation. You most likely need to install additional packages for these commands to work. I’m not certain about Kali, but documentation was available for the mainstream distros.
But as @cfi mentionned, Kali has should have been updated for this issue.