Compatibility Questionnaire: GFI LANguard Network Security Scanner — Archive
Important: The OVAL Compatibility Program was moved to "archive" status in December 2009, and replaced with the "OVAL Adoption Program." Under the OVAL Adoption Program product validation is performed by an external organization, allowing the OVAL Team to focus on educating vendors on best practices regarding the use and implementation OVAL and on how OVAL can continue to evolve as needed by the community.
Refer to the OVAL Adoption Program section for addition information and to review all products and services listed.
Organizational Information
Name of Your Organization:
Web Site:
Product Information
Product/Service Name:
Compatible Categories:
OVAL Definition Consumer (Beta)
OVAL Results Producer (Planned)
OVAL Results Consumer (Planned)
Product/Service Home Page:
Product Accessibility
Product can be downloaded from our web site at http://www.gfi.com/lanss
Language Version Indication
This point is not applicable to this product. The content is downloaded, processed, and outputted in proprietry formats by the GFI Labs. The processed content is packaged together with other updates for the product and made available on the GFI servers for downloading by clients.
This was done purposely to avoid inconsistencies when OVAL decides to update its definition file schemas. To this effect what was important to end users is to understand the source of the vulnerability check (OVAL ID), description and any other information which is relevant to this reported vulnerability by OVAL or other sources (including GFI).
Approach for Correction of Errors
Errors, updates and inconsistencies are reported through our support email address support@gfi.com who will escalate the issue to our GFI Security Labs for review.
Once the submitted content/update details are reported, GFI Security Labs will process the report and were applicable issue an immediate update. Were applicable the reported content will be sent to the OVAL authority for updating of main source of data.
Compatibility Documentation
NOTE: Product is still in BETA. Documentation is presently being updated to contain necessary content and explanations by release of product.
Language Support
----------------------------------------------
Windows
accesstoken_test
activedirectory_test Supported
auditeventpolicy_test Not Supported
file_test Supported
fileauditedpermissions_test Not Supported
fileeffectiverights_test Not Supported
group_test Supported
interface_test Not Supported
lockoutpolicy_test Not Supported
metabase_test Supported
passwordpolicy_test Not Supported
port_test Not Supported
process_test Not Supported
registry_test Supported
regkeyauditedpermissions_test Not Supported
regkeyeffectiverights_test Not Supported
sid_test Not Supported
user_test Supported
volume_test Not Supported
wmi_test Not Supported
------------------------------------------
Unix
file_test Supported
inetd_test Supported
interface_test Not Supported
password_test Not Supported
process_test Supported
runlevel_test Not Supported
sccs_test Not Supported
shadow_test Not Supported
uname_test Supported
xinetd_test Not Supported
----------------------------------------------
Independent
family_test Supported
filemd5_test Supported
environmentvariable_test Not Supported
textfilecontent_test Supported
unknown_test Not Supported
xmlfilecontent_test Not Supported
filesha1_test Not Supported
variable_test Not Supported
----------------------------------------------
IOS
global_test Not Supported
interface_test Not Supported
line_test Not Supported
snmp_test Not Supported
tclsh_test Not Supported
version_test Not Supported
----------------------------------------------
MACOS
accountinfo_test Not Supported
inetlisteningservers_test Not Supported
nvram_test Not Supported
pwpolicy_test Not Supported
----------------------------------------------
Linux
dpkginfo_test Supported
inetlisteningservers_test Supported
rpminfo_test Supported
slackwarepkginfo_test Not Supported
----------------------------------------------
HPUX
getconf_test Not Supported
patch_test Not Supported
swlist_test Not Supported
trusted_test Not Supported
----------------------------------------------
SOLARIS
isainfo_test Supported
package_test Supported
patch_test Supported
----------------------------------------------
APACHE
version_test Not Supported
httpd_test Not Supported
Finding Elements Using OVAL
The product has integrated within it a browser which allows users to analyze, browse, search as well as maintain the vulnerability checks which are created based on the OVAL content. Each check is clearly identified through the related OVAL ID. Additional information sources such as CVE ID, Security Focus ID and MS Bulletin ID (were applicable) is also provided. Direct URL links to further information from any of the above sources (were applicable) are also provided.
Such information is also avaialble within the vulnerability reports and tools provided by the product.
OVAL Content Importation Process Explanation
GFI Labs have in place a system which constantly monitors for new updates released by the OVAL authority. Once a new update is detected, GFI Labs will download, process and upload the new definitions to its update servers for downloading by the users of the product. Update frequency will depend on nature of reported content as well as update schedule of GFI.
Users wanting to submit OVAL content for inclusion in the definition files distributed, are able to report content through our support and feedback lines on either support@gfi.com or feedbacklnss@gfi.com. These emails will be forwarded to the GFI Security Labs who will verify and update accordingly.
Were applicable reported updates will also be forwarded to the OVAL authority for review.
Statement of Compatibility
Have an authorized individual sign and date the following Compatibility Statement (required):
"As an authorized representative of my organization I agree that we will abide by all of the mandatory compatibility requirements as well as all of the additional mandatory compatibility requirements that are appropriate for our specific type of capability."
Name: | Andre' Muscat | |
Title: | Director, Network Security Products |
Statement of Accuracy
Have an authorized individual sign and date the following accuracy Statement (recommended):
"As an authorized representative of my organization and to the best of my knowledge, there are no errors in the correctness of our capability's use of the OVAL Language and the interpretation of the logic."
Name: | Andre' Muscat | |
Title: | Director, Network Security Products |
Statement on Follow-on Correctness Testing Support
Have an authorized individual sign and date the following statement about your organizations willingness to support correctness testing of other capabilities, which will be managed by the Reviewing Authority and kept to reasonable levels of effort for all involved. (required):
"As an authorized representative of my organization, we agree to support the Review Authority in follow-on correctness testing activities, where appropriate types of OVAL documents might need to be exchanged with other organizations attempting to prove the correctness of their capabilities."
Name: | Andre' Muscat | |
Title: | Director, Network Security Products |
Page Last Updated: December 17, 2009