Scanner - Could not get a bpf

[karnamonkster]

Hi,

I am using the OpenVAS scanner - 21.4.0-v5 (latest image)in a remote deployment
The scanner registration is completed.
Scanner gets the tasks and starts the scan on the Target.
However there are logs which state the tests are failing and hence the final report does not include expected findings as well.
Sample loglines within /var/log/gvm/openvas.log

lib  misc:MESSAGE:2022-03-10 20h24.32 utc:3858: [gb_log4j_CVE-2021-44228_tcp_active.nasl] pcap_compile: Filter "tcp and dst port 15497 and src host **targetIP** and (dst host 172.17.0.2 or dst host 8bc750eb7f2b)" : ethernet address used in non-ether expression
lib  nasl:MESSAGE:2022-03-10 20h24.32 utc:3858: [3858](/var/lib/openvas/plugins/2021/apache/gb_log4j_CVE-2021-44228_tcp_active.nasl:141) pcap_next: Could not get a bpf

Appreciate if there is anything we could do to fix this.

[karnamonkster]

I tried to build it again with the tag > 21.4.0-v5
Along with the above some more lines in the log file

 There was a problem trying to load gb_clamav_smb_login_detect.nasl, a dependency of ClamAV < 0.95.1 Multiple DoS Vulnerabilities - Windows. This may be due to a parse error, or it failed to find the dependency. Please check the path to the file.
sd   main:WARNING:2022-03-11 10h17.09 utc:167: There was a problem trying to load gb_clamav_detect_lin.nasl, a dependency of ClamAV Multiple Vulnerabilities (Linux). This may be due to a parse error, or it failed to find the dependency. Please check the path to the file.
sd   main:WARNING:2022-03-11 10h17.09 utc:167: There was a problem trying to load gb_clamav_detect_lin.nasl, a dependency of ClamAV Remote Denial of Service Vulnerability. This may be due to a parse error, or it failed to find the dependency. Please check the path to the file.
sd   main:WARNING:2022-03-11 10h17.09 utc:167: There was a problem trying to load gb_clamav_detect_lin.nasl, a dependency of ClamAV get_unicode_name() Off-By-One Heap based BOF Vulnerability. This may be due to a parse error, or it failed to find the dependency. Please check the path to the file.
sd   main:WARNING:2022-03-11 10h17.09 utc:167: There was a problem trying to load gb_clamav_detect_lin.nasl, a dependency of ClamAV LZH File Unpacking Denial of Service Vulnerability (Linux). This may be due to a parse error, or it failed to find the dependency. Please check the path to the file.
sd   main:WARNING:2022-03-11 10h17.09 utc:167: There was a problem trying to load gb_clamav_detect_lin.nasl, a dependency of ClamAV Invalid Memory Access Denial Of Service Vulnerability. This may be due to a parse error, or it failed to find the dependency. Please check the path to the file.
sd   main:WARNING:2022-03-11 10h17.09 utc:167: There was a problem trying to load zabbix_web_detect.nasl, a dependency of Zabbix Default Guest Account. This may be due to a parse error, or it failed to find the dependency. Please check the path to the file.
sd   main:WARNING:2022-03-11 10h17.09 utc:167: There was a problem trying to load gb_zoom_client_ssh_login_macosx_detect.nasl, a dependency of Zoom Client Heap Based Buffer Overflow (ZSB-22003). This may be due to a parse error, or it failed to find the dependency. Please check the path to the file.
sd   main:WARNING:2022-03-11 10h17.09 utc:167: There was a problem trying to load gb_zoom_client_smb_login_detect.nasl, a dependency of Zoom Client Heap Based Buffer Overflow (ZSB-22003). This may be due to a parse error, or it failed to find the dependency. Please check the path to the file.

[Dexus]

This looks like you have to run the docker image in privileged mode. or even more rights.

[karnamonkster]

Hi @Dexus
I have tried to run with

1. privileged : true
2. cap_add : net_admin

There has been no change, still getting the same behavior. Do we change permission on the somewhere else as well ?

[Dexus]

@karnamonkster please contact greenbone via community. I think the problem is that openvas is not up2date and I will create a new version.

Other thing: which network mode you use for the container?

[karnamonkster]

Hi @Dexus ,
Would be great to have the openvas up2date. Awaiting a new version.
I have tried with network mode 'host' as well as 'bridged'.

[Dexus]

@karnamonkster will give you a notice when its done, need some more tasks first to be done.

[Dexus]

For further support, use https://github.com/DeineAgenturUG/greenbone-gvm-openvas-for-docker

[Dexus]

@karnamonkster I think I found the problem and will check this over the weekend. When I'm right with what I think, it will be available via https://github.com/DeineAgenturUG/greenbone-gvm-openvas-for-docker in the next week

[Dexus]

@karnamonkster please try to set a hostname and domainname

example:
docker run -h gvm --domainname fritz.box ....

maybe also add --cap-add NET_ADMIN

I used it together with a custom ipvlan to match my LAN network.