How to manually update the security feeds in GVM (Greenbone Vulnerability Management), formerly known as OpenVAS

Written by - 4 comments

Published on - Listed in Security Linux


The Greenbone Vulnerability Management - in short GVM and previously known as OpenVAS - is an open source vulnerability scanner and uses vulnerability information from several sources, called "feeds".

In the GVM user interface (Greenbone Security Assistant, short GSA) these feeds and their status can be seen under Administration -> Feed Status:

Here we can see all the local feeds are 4 days old. It's not too bad yet they are 4 days behind of the public feeds.

Manually update vulnerability feeds

To manually update the locally stored vulnerability information, the local feeds need to be synced from the public feeds. In order to do that, you first need to access the GVM server (or appliance) on a SSH terminal. Then use the command greenbone-feed-sync, but make sure you run this command as gvm user.

If you've followed the official GVM setup documentation, you can run the following command to sync the GVMD_DATA feed:

root@openvas:~# sudo -u gvm greenbone-feed-sync --type GVMD_DATA
Greenbone community feed server - http://feed.community.greenbone.net/
This service is hosted by Greenbone Networks - http://www.greenbone.net/
[...]
sent 102,474 bytes  received 74,826 bytes  354,600.00 bytes/sec
total size is 12,704,064  speedup is 71.65

This should be fairly quick and the GSA user interface should show a few seconds later that the GVMD_DATA is now synced (Status: Current):

Greenbone Vulnerability Manager GVMD_DATA feed is synced

To update the CERT and SCAP feeds, run the same command with a different feed type:

root@openvas:~# sudo -u gvm greenbone-feed-sync --type CERT
root@openvas:~# sudo -u gvm greenbone-feed-sync --type SCAP

This will cause some load on the GVM server as feeds and the database in the background are updated:

During the update the user interface might show "Update in progress..." on all feeds:

GVM feeds update in process

After a couple of minutes the local feed should be in sync and the feeds show "Current" as status.

All feeds? Almost... The NVT feed is still 4 days old.

Update the NVT feed

The command used for syncing the feeds, greenbone-feed-sync, only supports "GVMD_DATA", "CERT" and "SCAP" as feed type (--type parameter). An error will show the currently valid types:

root@openvas:~# sudo -u gvm greenbone-feed-sync --type NVT
Invalid feed type NVT given to --type parameter. Currently supported: CERT, SCAP or GVMD_DATA

To manually update the NVT feed, another command, greenbone-nvt-sync, needs to be used:

root@openvas:~# sudo -u gvm greenbone-nvt-sync

This feed sync can take quite some time. Once this is finished, the NVT feed should show as "Current" and therefore up to date, too:

Looking for a security review of your network?

Outdated or un-patched systems are beloved targets by hackers and automated hacking scripts and malware. A well written malware can detect vulnerabilities (e.g. an unpatched Windows Domain Controller), exploit vulnerabilities, encrypt files on local disks or network shares and infect additional machines.

It's therefore very important to discover the vulnerabilities on public and internal networks before a malware does. Infiniroot can help with an a security review of your public or internal servers and give you recommendations how to increase security in your networks.


Add a comment

Show form to leave a comment

Comments (newest first)

ck from Switzerland wrote on Jan 10th, 2023:

Lewis, nope, no idea. I ran into a lot of issues trying to run GVM in a Docker setup (e.g. wrong socket path used in one of the start scripts in the Docker image) so I did not bother and installed GVM in a full VM instead.


Lewis from wrote on Jan 9th, 2023:

Any idea on how to do this for a GVM docker image?


ck from Switzerland wrote on Dec 12th, 2022:

darkfader, no, I do not know that. Indeed, the UI does not look very modern. But to me the vulnerability list and plugins are more important, and they still seem to be updated frequently. Maybe ask the Greenbone CE community if there are plans for an updated UI. I myself am not very involved in their community, just a basic user of GVM CE.


darkfader from wrote on Dec 10th, 2022:

I've run into Greenbone due to the integration with Verinice.
Do you know if there will be some refresh of Greenbone at some point?

I honestly was shocked that seemingly no work has been put into the UI for a decade, the scan jobs are a bit inefficient to configure and Windows scanning requires so many permissions that some agent would be safer by a margin. I simply don't understand where the software is aiming to go.
It feels as if they are letting it die, but I don't think it's the case.