Here is a guide we have put together for installing OpenVAS 5
Due to the large amount of functionality and the resources required to keep the vulnerability checks up to date, it can sometimes be a challenge to get up and running. If you are starting out I would suggest using Debian (as this what the dev team commonly tests on), or perhaps Back-Track as this has a strong community who may be able to assist for make a step by step guide available.
An even easier option is to try our on-line OpenVAS vulnerability scanner. No install necessary. Immediate access.
A couple of new features that we are looking forward to testing is the delta reporting. This allows you to receive reports that highlight the difference been two consecutive vulnerability scans. Great for setting up scheduled scanning and using it as a network vulnerability monitoring solution.
The second feature that stands out; is the integration of SCAP data (CVE, CPE), with updates via a feed service.
What is SCAP? SCAP is the Security Content Automation Protocol; a method for using standarized reporting of vulnerabilities in order to be able score systems based on discovered vulnerabilities. An important step forward when it comes to security metrics and developing a vulnerability management solution. What is CVE? Common Vulnerabilities and Exposures (CVE), this is system for referencing publicly known vulnerabilities. It is maintained by MITRE corporation with backing from the US government; including Department of Homeland Security. What is CPE? Common Platform Enumeration (CPE), a standard for describing and identifying classess of software and applications on a system. Not designed to go into detail about a specific instance of an install such as a serial number, but what version or software is installed or what group of software is on the system. What is CVSS? Common Vulnerability Scoring System (CVSS), is a system for scoring the vulnerabilties from CVE, enabling better security metrics. What is OVAL? Open Vulnerability and Assessment Language (OVAL), is a security community initiative to create a standardized language for communicating security related information between software and services. Configuration information, system state (such as vulnerabilities and patch levels) and reporting of that information make up the information that can be communicated with OVAL.
Getting back to the new release of OpenVAS 5, as mentioned we are currently testing the latest version. Once we are satisfied that it is stable and production we will migrate it into our on-line OpenVAS security scanning service.
Congratulations to the development team and guys at Greenbone. Looking forward to seeing version 6.0!