DAT File Validation

DAT updates are validated by Powertech Antivirus before endpoints can use them, whether downloaded from McAfee or copied from the air-gapped "datimport" folder.

The validation method is triggered automatically once the download process has completed. A message is logged to indicate the validation routine is running.

If any errors are discovered:

  • The folder in the datrepo that contains the invalid DAT files will be deleted.
  • An error will be written into the datinfo file, which will then appear on the home page.
  • The datinfo file will not be updated to reflect the download (i.e. the current, valid version will remain the "current" version in the file and will be used by endpoints).
  • Information on the files that must be validated can be found in the "oem.ini" file as follows:
    • The "[AVV-ZIP]" section contains the name and md5 hash of the DAT update zip file (i.e. "avvdat-nnnn.zip").
    • The "[AVV-Incremental]" section contains the name and md5 hash of the file that contains information required for incremental updates (the file is generally called "gdeltaavv.ini" but we check for the filename here in case it changes).
    • The "[GEM-MD5]" section contains the name and md5 hash for every gem file that needs to be downloaded.
  • The validation method reports an error under the following conditions:
    • The "oem.ini" file is missing.
    • The "avvdat.ini" file is missing.
    • The "avvdat-nnnn.zip" file is missing.
    • The md5 hash of the "avvdat-nnnn.zip" file is incorrect.
    • The incremental file ("gdeltaavv.ini" or whatever filename is specified in oem.ini) is missing.
    • The md5 hash of the incremental file is incorrect.
    • One or more gem files is missing.
    • The md5 hash of one or more gem files is incorrect.
  • The validation method returns an error for the first error that it finds. It does not process further if an error has been found.
  • If any unexpected files are found in the download folder, they are ignored.

More details:

  • The validation routine is called both following an update from McAfee, or from the air-gapped "datimport" folder. A message appears in the log to indicate that the validation routine is running.
  • If any errors are discovered when validating the download:
    • The downloaded folder is deleted.
    • An error is written into the datinfo file which then appears on the home page.
    • The datinfo file remains otherwise unchanged (i.e. the current and previous versions are unchanged; the only update is an error in the error field).
  • The validation method reports an error under the following conditions:
    • The "oem.ini" file is missing.
    • The "avvdat.ini" file is missing.
    • The "avvdat-nnnn.zip" file is missing.
    • The md5 hash of the "avvdat-nnnn.zip" file is incorrect.
    • The incremental file ("gdeltaavv.ini" or whatever filename is specified in oem.ini) is missing.
    • The md5 hash of the incremental file is incorrect.
    • One or more gem file is missing.
    • The md5 hash of one or more gem files is incorrect.
  • If any unexpected files are found in the download folder, they are ignored.

 

Related Topics