Community feed unusable

We’ve noticed an issue with the feed since August 15th. Scans now take much longer to perform as many scripts hang until they time-out. Benchmark scans show a change from approximately 3 minutes to 3 hours.

The announcement for GCE 4.2.19 seems to indicate that the issue requires a software update. However, no releases have been performed on openvas-manager and openvas-scanner.

I attempted to build openvas-manager’s 7.0 branch which appears to contain a fix 3 days ago matching the announcement date, but the issue persists. Processes keep waiting for a stream indefinitely (strace reports "recvfrom(X, ")

I’ve also looked at a related commit in the scanner, which has not been backported to the stable branch. The code has moved a lot so it’s not as easy as cherry-picking the commit. Is a backport already on the way?

Would it be possible to have more details on the issue to help with a resolution?

Indeed there was an issue which we solved with Greenbone GOS 4.2.19.
We are now preparing the patch for the git repository. The issue was in the
scanner scheduler, not in the manager code.

The feedback we received about the GCF is inconsistent, some setups are reported to have no
problems, some are reported to have. A pure and up-to-date GCF is recommended in general.

Please consider the mentioned work-around via task settings. And stay tuned for the commit to
the respective branch at github.

And yes, the scanner code changed a lot between 5-1 branch and master.

The patch just landed in the openvas-scanner repository https://github.com/greenbone/openvas-scanner/pull/155

1 Like

Thanks for the quick update.

I have tested the patch and we are back to normal timings. Perhaps even faster, although there are quite a few other factors at play on this scale.

The 5.1 branch would not build as-is however as it seems to rely on some unreleased changes in the libraries. However, the patch works just fine by itself. Leaving this out here in case anyone wants a functioning scanner without rebuilding the entire stack:

git clone https://github.com/greenbone/openvas-scanner.git
cd openvas-scanner
git checkout v5.1.2
git cherry-pick -n eff5794e3e4b8bfa8819782d7f4183dcecb33169
mkdir build
cd build
cmake -DCMAKE_INSTALL_PREFIX="" -DDATADIR=/usr/share -DEXEC_PREFIX=/usr -DLOCALSTATEDIR=/var ..
make; make install

The above works with the ubuntu ppa.

2 Likes

Good to hear there is a patch, I thought I had broken something and tried multiple rebuilds to fix the recent slowness.

Is this patch going to automatically update the install shortly or does the patch need to be manually applied.

This depends on where you did get OpenVAS from. If you did build from sources you have to include the patch and build it on your own. If you did get it from distribution packages you should open an issue at the maintainers bug tracker.

The patch itself is currently only available at the git repo but will be included in the next openvas-scanner release of course.

1 Like

I downloaded from the KALI distro point.

I don’t have the experience (yet) to do my own build, maybe it is time to learn. My VA systems are totally unusable at the moment!

G

Kali is a third-party integration. So best is to contact them about an update. They just need to pick our code and build new packages.

Thanks Jan

Do you just rebuild the openvas-scanner and install the rest from:
openvas vulnerability scanner : Mohammad Razavi ?


Regards Falk

I installed everything from the PPA and simply use the newly built binary file from /usr/sbin/openvassd. The build process happens in a separate environment. As long as you install the dev libraries from the PPA in the build environment, everything should be fine.

Hopefully the PPA will get updated to the new releases soon and the workaround will no longer be required.

2 Likes

Besides the patch we also released new versions of openvas-libraries, openvas-smb and openvas-scanner.

For scanner see https://github.com/greenbone/openvas-scanner/releases/tag/v5.1.3

2 Likes

Hi,

I’m using Parrot OS and experiencing the same issue with any task in OpenVAS.

I checked for the version installed and found the openvas scanner version 5.1.3-2.

Any way to figure out why this is still happening and how to resolve the 1% error?

Thanks

Hi lphuberdeau,
Could you explain the code below?

cmake -DCMAKE_INSTALL_PREFIX="" -DDATADIR=/usr/share -DEXEC_PREFIX=/usr -DLOCALSTATEDIR=/var …

Im an amateur to Openvas. Im using Kali Linux to run Openvas but i cannot run the code above

@sp0re The Kali repositories should already have the new packages fixing this issue according to the following post below and there is no need to build from source.

If you still have issues with the latest packages of openvas-scanner 5.1.3 and libopenvas9 9.0.3 then its very likely that you’re not facing the issue discussed (and already solved) here and i would suggest to open a new thread explaining your issue in much more detail.

Just to mention that this had a different source was discussed and solved in the thread below:

This is mostly derived from the install from source documentation. You most likely need to install additional packages for these commands to work. I’m not certain about Kali, but documentation was available for the mainstream distros.

But as @cfi mentionned, Kali has should have been updated for this issue.

1 Like