version numbers about loadlibrary HOT 11 CLOSED

The engine version number is different from the definitions version (the latter could just be a data/signature update, but no changes to the code).

from loadlibrary.

I have a windows test machine , I opening Microsoft security essentials and updated it and it has the exact viruses definitions version number that's listed on https://www.microsoft.com/en-us/wdsi/definitions

My problem is I wrote a script to check for version updates and if they numbers were not the same it would download the new mpam-fe.exe and extract into /usr/lib/loadlibrary/engine before it scanned the file

it was working fine until now, when the update numbers were the same it would just scan the file ,when they were not the same it would download the definitions, but as this number are not matching now it keeps trying to download updates as it thinks the virus definitions are outdated

I was using lynx to get the version number
lynx -source https://www.microsoft.com/en-us/wdsi/definitions | sed -e 's/<[^>]*>//g' | grep -Po "Version: (\d+\.)+\d+" | grep -o '[0-9].*'

is it not a problem with mpengine.dll and extracting the correct version number ?

from loadlibrary.

The engine version number is different from the definitions version (the latter could just be a data/signature update, but no changes to the

does'nt make sense , why all of a sudden , these numbers were matching each other up until recently

There is definitely a problem somewhere in loadlibrary the last couple of days there has been new virus definitions on https://www.microsoft.com/en-us/wdsi/definitions , yet when I download them today and extract then into my home folder and check the version its the same as it was when I reported this bug

the version on webpage should match the version on the mpengine.dll

on the 17th the version on the Microsoft page was Version: 1.261.1314.0
today its 1.261.1393.0

yet when I download the latest version and extract to my home folder and do
exiftool mpengine.dll | grep 'Product Version Number'

Product Version : 1.1.14500.5

its the same version number as before if this was just a sig change this number would be different
looking at the number of sigs added the number should be

1.1.14579.0

can you confirm or deny ? is this the same on your machine

from loadlibrary.

Hmm, let me take a look.

from loadlibrary.

Everything looks correct to me, I don't see the problem.

The latest version on that page says 1.261.1398.0 for me, and the link points to
https://definitionupdates.microsoft.com/download/DefinitionUpdates/VersionedSignatures/AM/1.261.1398.0/x86/mpam-fe.exe. If I examine that file:

Product Version                 : 1.261.1398.0
Engine Version                  : 1.1.14500.5

Those numbers seem correct, and if I extract it and examine the engine:

File Version                    : 1.1.14500.5 (5ed17a8d71195f7dd09ac85d18671d0876764dd1)
Product Version                 : 1.1.14500.5

This all seems correct to me, what am I missing?

from loadlibrary.

why isnt the file version changing ?? it should change i.e when updates are added
so if product version/file version doesnt change how can there be updates ?? the file has to increase

its at 1.1.14500.5 and still at that number since a couple of days ago , but yet there has been updates and the version number increases on the microsoft site as I showed on the last reply

As I said my script was working fine and never failed up until now , as it depends on matching the file version number but its not changing any more ? are you telling me from now on it will always be 1.1.14500.5 but its still get updates because this was never the case , if it was I wouldnt have bothered writing a script to check for updates as it would only see the same number

question so how come when I go into my windows machine I get the new number when theres updates but in linux its always the same number. something is up !! this has only happend recently

this number '1.1.14500.5' in mpengine.dll isnt showing the new updates when you download and extract the new release/definitions

from loadlibrary.

The version number on the mpam-fe.exe file will change every version. The version on the mpengine.dll only changes /sometimes/ (once every few months). The mpam-fe.exe file contains the engine dll and vdm files, which contain data, new signatures, and so on.

An update might contain a new engine, but it might not, it might only need new signatures.

I don't think anything has changed, it's always worked like this.

from loadlibrary.

your wrong .. as I said I wrote a script for it !!! it was working now its not , I tested it throughly and have been using it for a while now

before when you did exiftool you got Product Version : 1.261.1xxx.0
now your just getting this same number all them time 1.1.14500.5

Im telling you there is something wrong and yet you think there is not ?? its as plain as day

again thats the reason I bothered to write a script becuase it was on the basis that the numbers matched and if they didnt i.e there was updates it would redownload the file and extract it and recheck the version and then scan the file wanted to scan in the first place

DO YOU WANT TO SEE THE SCRIPT !!!!!!!

from loadlibrary.

I downloaded several versions of mpengine.dll from our archive to check, and they all work like this. What was the last version of mpengine.dll you have where it worked like this? (It will have to be from 2015 at least, because I checked every version from 2017 and 2018, and one from 2016-05-26).

Are you sure you somehow didn't change your script to check mpengine.dll, but it used to check mpam-fe.exe? That would explain it, and that would have worked.

Note: checking mpam-fe.exe will still work, if you just want your script to work. I'm not sure there's anything I can do even if there was some change to how Microsoft write the resource data!

from loadlibrary.

Sure, show me the script.

from loadlibrary.

opps ... sorry I must have editied the script by mistake
checking with mpam-fe.exe gives you

exiftool mpam-fe.exe | grep 'Product Version Number'
Product Version Number : 1.261.1507.0

sorry my bad !!!

mpam-fe.exe will give you the definitions
mpengine.dll with give you the version

once again sorry about that, I fixed the script and its working again

from loadlibrary.