Report of OpenVAS: Some vulns reported twice


#1

When I do a scan using Openvas 9. I can see that some of the vuln is reported twice. For example OS end of life detection is reported twice which are exactly same. Why is that? Is it a bug? or Is it something to do with logic in nasl scripts?


#2

Hi,
please provide as much information as possible, e.g.:

  1. Which OS are you working on?
  2. Did you install via package manager or the github repo?
  3. Which VTs are duplicated?
  4. Which scan configuration did you use?

Please let us know, if maybe this already answers your question:


#3

You linked back to my post suggesting it may answer the question, but the same question remains unanswered in my post… I never found a way to find the de-duplicated results for a host. It always showed all findings across all scans, even if different scans found the same thing. After spending weeks trying to sort it out, my final solution was to use a different scanner.


#4

As I already wrote in your topic linked here. A result is always duplicated if you scan the same host without changes several times. You always will get a new result for every scan if the host didn’t change. So the same VT will create at least one result per host per scan.


#5

To avoid a misunderstanding here:

@manasa-ummadi could you please clarify where you see this vulnerabilities reported twice? Do you see them via the Scans -> Results View (as shown in the Screenshot in Duplicate Findings) or in the Results View of a specific Report?


#6

I can see it in the results view of a specific scan.


#7

Here, End of life vuln is reported twice. What can be the reason for that?


#8

As outlined previously it is expected that this view is showing multiple entries.

Based on this i’m moving this thread into the correct GSE category as this is unrelated to the Vulnerability Tests category.


#9

Hello, there is still no reply from anyone. Should I post this issue again in a different category?


#10

Please take a look at the result list at the report details if the “OS End of Life” is listed twice. As we outlined two different scans/reports of the same task may show the same results. If the result is listed twice on the same report please take a look at the results details for differences carefully.


#11

No, its not two different scans. What differences should i look for?


#12

Hello, I didnt get any response after changing to category too. Should I post the same problem again?


#13

Hi,
have you tried to check the same result querying the DB directly?
Just to check if is a visualization problem or the are two different records in the DB.

Other thing, try to find the NASL that check the EOL (maybe check_os.nasl) and debug it with some

display([SOME VARIABLE]);

once you have put the display, you should able to read the output in the /var/log/openvas/openvassd.dump file
This is a bit frustrating but maybe it will works :slight_smile:

Giovanni


#14

Can I know how to query DB directly?


#15

If you have SQLIte3 the command should be

sqlite3 /var/lib/openvas/mgr/tasks.db

for Postgres should be:

psql tasks
the psql should be launched with postgres user

Giovanni


#16

Hello, I still didn’t get any valid solution for this problem in this thread. There is no solution for this? or is it some bug in Openvas 9?


#17

Hello, Is there anyone who can answer this question or is this question is in the wrong category. Please let me know why the vulns are reported twice? The greenbone UI doesn’t look good with the same vulnerabilities reporting twice with no reason?


#18

As stated multiple times (please follow and read the links)…

…this is the inteded behaviour. If you want to see the results for one scan only, please click in Task view on Last Report. You can also have a look here.