Signature check in GVM 10

Hello, I am trying to enable signature verification in the configuration of my installation in the new version GMV 10-beta2.

Initially I configured my installation without verifying the signatures and synchronized the NVT correctly. Later I did different device evaluations and it worked fine.

Next, I tried to enter the signature verification in the configuration following this topic:

But it did not work correctly since I did several tests and sometimes the signatures worked and others did not.

These were the tests I did:

  • First I launched an evaluation with a vulnerability to a device and verified that it detected that vulnerability.
  • Then I elminated the signature of that NVT and started the evaluation again. I checked that I was still detecting the vulnerability. It shouldn’t have detected that vulnerability since It didn’t have the signature.
  • I also modified the NVT and verified that sometimes it had been modified in the GSA and sometimes not. When launching the evaluation, sometimes a vulnerability is detected and others are not.

Thank you.

This is not supported for GSE, so we can´t help you here. You need to do the QM of the Feed, sign it on your own and then you can use the signature features.

Within the GSF the signatures are the proof of Quality Management, on the GCE signatures just useful for transfer integrity on the GCE. If your signature check on your self compiled GSE does not work it is not a place of your concern the GCF is not quality check like the GSF.