Report outdated / end-of-life Scan Engine / Environment (local)

Please contact the Kali Team to update the packaging, there is nothing WE can do here. If you are going with unsupported version they need to provide help to their users.

We only support only GCE and this version is actual and supported by this community.

1 Like

Thank you.

I’m getting the same messages on both a Debian VM that only has OpenVas installed as well as a ParretOS Security Edition. I have ran updated them all to the latest using apt and am still getting this when I run scans. Any thoughts?

Goodmorning.

I have already posted to KALI LINUX and OpenVAS community looking for answer.
We’ll see.
Have a nice day.
Panos

This scan result always means you are using an outdated version of our software which will likely contain issues already fixed in newer versions and the community feed may not be compatible anymore with this version. Greenbone is not in charge for your version of our software. Therefore you should contact the provider of your packages (most likely your distribution) and create a request for updated packages. How this request should be made really depends on the provider of the packages. If you don’t know how to do that you are always welcome to use our Greenbone Community Edition Virtual Machine.

2 Likes

A post was split to a new topic: Overrides not applied for PDF exports / reports

Hi @Panos did you ever get to the bottom of this? Suddenly experiencing the same thing this morning?

Hi there.

Just waiting for an update on openvas scanner from Kali…

P.

1 Like

A bug has been logged with the distribution - https://bugs.kali.org/view.php?id=6423

1 Like

Hi guys,
I have the same problem but i have OpenVAS older version (another machine)

I´m thinking that exist a work around and it will be using openVAS older version, not this.

¿Anyone know has other work around?

Hi everyone,

does anyone have an answer about when the Kali Team is going to update repos?

Thanks a lot :slight_smile:

https://bugs.kali.org/view.php?id=5797 includes the following comment:

OpenVAS is packaged in the pkg-security team in Debian (we are involved in that team). Some OpenVAS components changed a lot and are hard to package properly. We don’t have any ETA currently.

If you need more information you might need to contact the Kali Team and/or Debian team.

1 Like

You can edit the following script to turn off the message:

/var/lib/openvas/plugins/gcf/gb_outdated_scan_engine.nasl

Insert the versions for your scanner and libs, mine is 5.1.3 and 9.0.3:

#expected_gce_ver = “6.0.7”;
expected_gce_ver = “5.1.3”;
#expected_libs_ver1 = “10.0.2”;
expected_libs_ver1 = “9.0.3”;
#expected_libs_ver2 = “11.0.1”;
expected_libs_ver2 = “9.0.3”;

Now it won’t report the scanner.

An alternative is to set an override for the script.

There is a reason why this warning is given. A outdated scan engine brings the risk of false negative and important security and bug fixes are missing.

4 Likes

After posting this, I think a better approach is to enter an exception rather than change the script. The exceptions will hold for all new scans.

The most sane approach is to update the GVM installation to the most recent and supported versions as already pointed out previously:

1 Like

Hi everyone,
To all those interested in the initial problem (Kali users):
https://bugs.kali.org/view.php?id=5797 is now solved with the following comment:
“new package gvm version 11.0.1~kali6 is in kali-rolling.
it replaces openvas”
It appears that we are well on the way to solving the problem!

3 Likes

I did these changes as mentioned abouve.
#expected_gce_ver = “6.0.7”;
expected_gce_ver = “5.1.3”;
#expected_libs_ver1 = “10.0.2”;
expected_libs_ver1 = “9.0.3”;
#expected_libs_ver2 = “11.0.1”;
expected_libs_ver2 = “9.0.3”;

I observed that the important announcement vulnerability is not coming for some of the reports (scanned machine) but in another report (scanned machine), I can still see the
“important announcement vulnerability”. Any workaround for these.

Hi I try the same as I use the APT packets from Mohammad Razavi in Launchpad.
Unfortunately, he has not built a new version yet.

But the change of the file does not bring the desired success when you use the Updater Cronjob greenbone-feed-sync --type GVMD_DATA run every day:
So I just attached to the Cronjob an SED and now that’s just a score of 2.0
sed -e 's/value:"10.0"/value:"2.0"/g' /var/lib/openvas/plugins/gb_outdated_scan_engine.nasl

That does not solve the update problem, but it does not let the reports do not look like the hell on earth

You can also set an override directly in GVM / GSA for this specific VT to a lower severity (e.g. low) by following the instructions below. Doing so doesn’t require any changes on files or similar workarounds.

https://docs.greenbone.net/GSM-Manual/gos-21.04/en/reports.html#creating-an-override