[TCLUG] nessus false positives?

Thu Jan 24 18:00:25 CST 2002

Been playing with the nessus security scanner. It seems to find lots of false
positives.

For instance, when I scan any IIS server I always get these errors:

Vulnerability found on port www (80/tcp)

The file /wwwboard/passwd.txt exists.

Vulnerability found on port www (80/tcp)

      The 'wrap' CGI is installed. This CGI allows
anyone to get a listing for any directory with mode +755.

Vulnerability found on port www (80/tcp)

The 'windmail.exe' cgi is installed.

Yet, doing a find for "*windmail*" on all drive comes up blank.

So, is this a false positive? hidden file? something inside IIS?

-- 
Minneapolis St. Paul Twin Cities MN        | Phone : (952)943-8700
http://www.mn-linux.org Minnesota Linux    | Fax   : (952)943-8500
Key fingerprint =  6C E9 51 4F D5 3E 4C 66 62 A9 10 E5 35 85 39 D9 