False positives resulting from package names not matching for ubuntu fips

Hi there,

I’m getting a lot of false positives from vulnerability scans because openvas does not understand the ‘fips’ versions of ubuntu packages.

Is there a workaround that doesn’t involve overrides?
I’m running the latest community edition


Mark Guz

The remote host is missing an update for the 'strongswan' package(s) announced via the USN-5250-1 advisory.
Detection Result
Vulnerable package:   libstrongswan
Installed version:    libstrongswan-5.8.2-1ubuntu3.fips.3.5
Fixed version:      >=libstrongswan-5.8.2-1ubuntu3.4

Vulnerable package:   strongswan
Installed version:    strongswan-5.8.2-1ubuntu3.fips.3.5
Fixed version:      >=strongswan-5.8.2-1ubuntu3.4

I guess you could duplicate the NVT’s .nasl file, give it a new NVT OID, and customize the detection to include .fips packages then import it to the scan configuration.

Hello and welcome to this community forums.

The version comparison of package based checks are done on (notus-)scanner side. Could you please create a new issue over at GitHub - greenbone/notus-scanner: Notus is a vulnerability scanner for creating results from local security checks so that the team working on this component could add something similar to e.g. the below for Debian based systems?


For tracking purposes / references the newly created issue, thanks a lot.