Mailing List Archive

Zate,

The file content NASL should be able to scan files that are locally attached
to the system.

Couple of questions :

- Are there are files on P$ that contain sensitive content?
- Could you add verbose tag within the check and see what files are
returned?

for e.g. you could do :
<item>
type: FILE_CONTENT_CHECK
verbose
description: "The file contains an Arizona Drivers license number"
file_extension: "txt" |"doc" |"xls" |"pdf"
regex: "([^0-9]|^)(([A-Z][0-9]{8}))([^0-9\-]|$)"
expect: "License" | "Driver" | "ID" | "Arizona" | "AZ"
max_size : "50K"
</item>
Also, if you are professional feed customer, I had recommend opening a
ticket with Tenable support regarding this issue.

- Mehul


_____

From: nessus-bounces@list.nessus.org [mailto:nessus-bounces@list.nessus.org]
On Behalf Of Zate Berg
Sent: Thursday, February 05, 2009 3:06 PM
To: nessus
Subject: Windows File Contents Check Question.


Does this only check C$?

I have a box with a P$ and windows filecheck on this completes almost
immediately as everything [PASSED]

Credentials are fine, what else could cause the checks to complete almost
immediately.

I've run using both the client and the nasl from the command line.

Anyway to get more of an idea on what it happening here ? WMI issue perhaps
?

Zate