Comments (11)
The engine version number is different from the definitions version (the latter could just be a data/signature update, but no changes to the code).
from loadlibrary.
I have a windows test machine , I opening Microsoft security essentials and updated it and it has the exact viruses definitions version number that's listed on https://www.microsoft.com/en-us/wdsi/definitions
My problem is I wrote a script to check for version updates and if they numbers were not the same it would download the new mpam-fe.exe and extract into /usr/lib/loadlibrary/engine before it scanned the file
it was working fine until now, when the update numbers were the same it would just scan the file ,when they were not the same it would download the definitions, but as this number are not matching now it keeps trying to download updates as it thinks the virus definitions are outdated
I was using lynx to get the version number
lynx -source https://www.microsoft.com/en-us/wdsi/definitions | sed -e 's/<[^>]*>//g' | grep -Po "Version: (\d+\.)+\d+" | grep -o '[0-9].*'
is it not a problem with mpengine.dll and extracting the correct version number ?
from loadlibrary.
The engine version number is different from the definitions version (the latter could just be a data/signature update, but no changes to the
does'nt make sense , why all of a sudden , these numbers were matching each other up until recently
There is definitely a problem somewhere in loadlibrary the last couple of days there has been new virus definitions on https://www.microsoft.com/en-us/wdsi/definitions , yet when I download them today and extract then into my home folder and check the version its the same as it was when I reported this bug
the version on webpage should match the version on the mpengine.dll
on the 17th the version on the Microsoft page was Version: 1.261.1314.0
today its 1.261.1393.0
yet when I download the latest version and extract to my home folder and do
exiftool mpengine.dll | grep 'Product Version Number'
Product Version : 1.1.14500.5
its the same version number as before if this was just a sig change this number would be different
looking at the number of sigs added the number should be
1.1.14579.0
can you confirm or deny ? is this the same on your machine
from loadlibrary.
Hmm, let me take a look.
from loadlibrary.
Everything looks correct to me, I don't see the problem.
The latest version on that page says 1.261.1398.0
for me, and the link points to
https://definitionupdates.microsoft.com/download/DefinitionUpdates/VersionedSignatures/AM/1.261.1398.0/x86/mpam-fe.exe
. If I examine that file:
Product Version : 1.261.1398.0
Engine Version : 1.1.14500.5
Those numbers seem correct, and if I extract it and examine the engine:
File Version : 1.1.14500.5 (5ed17a8d71195f7dd09ac85d18671d0876764dd1)
Product Version : 1.1.14500.5
This all seems correct to me, what am I missing?
from loadlibrary.
why isnt the file version changing ?? it should change i.e when updates are added
so if product version/file version doesnt change how can there be updates ?? the file has to increase
its at 1.1.14500.5 and still at that number since a couple of days ago , but yet there has been updates and the version number increases on the microsoft site as I showed on the last reply
As I said my script was working fine and never failed up until now , as it depends on matching the file version number but its not changing any more ? are you telling me from now on it will always be 1.1.14500.5 but its still get updates because this was never the case , if it was I wouldnt have bothered writing a script to check for updates as it would only see the same number
question so how come when I go into my windows machine I get the new number when theres updates but in linux its always the same number. something is up !! this has only happend recently
this number '1.1.14500.5' in mpengine.dll isnt showing the new updates when you download and extract the new release/definitions
from loadlibrary.
The version number on the mpam-fe.exe
file will change every version. The version on the mpengine.dll
only changes /sometimes/ (once every few months). The mpam-fe.exe
file contains the engine dll and vdm files, which contain data, new signatures, and so on.
An update might contain a new engine, but it might not, it might only need new signatures.
I don't think anything has changed, it's always worked like this.
from loadlibrary.
your wrong .. as I said I wrote a script for it !!! it was working now its not , I tested it throughly and have been using it for a while now
before when you did exiftool you got Product Version : 1.261.1xxx.0
now your just getting this same number all them time 1.1.14500.5
Im telling you there is something wrong and yet you think there is not ?? its as plain as day
again thats the reason I bothered to write a script becuase it was on the basis that the numbers matched and if they didnt i.e there was updates it would redownload the file and extract it and recheck the version and then scan the file wanted to scan in the first place
DO YOU WANT TO SEE THE SCRIPT !!!!!!!
from loadlibrary.
I downloaded several versions of mpengine.dll
from our archive to check, and they all work like this. What was the last version of mpengine.dll
you have where it worked like this? (It will have to be from 2015 at least, because I checked every version from 2017 and 2018, and one from 2016-05-26).
Are you sure you somehow didn't change your script to check mpengine.dll, but it used to check mpam-fe.exe? That would explain it, and that would have worked.
Note: checking mpam-fe.exe will still work, if you just want your script to work. I'm not sure there's anything I can do even if there was some change to how Microsoft write the resource data!
from loadlibrary.
Sure, show me the script.
from loadlibrary.
opps ... sorry I must have editied the script by mistake
checking with mpam-fe.exe gives you
exiftool mpam-fe.exe | grep 'Product Version Number'
Product Version Number : 1.261.1507.0
sorry my bad !!!
mpam-fe.exe will give you the definitions
mpengine.dll with give you the version
once again sorry about that, I fixed the script and its working again
from loadlibrary.
Related Issues (20)
- APIs patching fails with selinux enabled
- Unable to load multiple dll images HOT 5
- mpclient: failed to resolve function HOT 16
- __rsignal(RSIG_BOOTENGINE) returned failure, missing definitions? HOT 13
- scan(): __rsignal(RSIG_SCAN_STREAMBUFFER) returned failure, file unreadable HOT 2
- Engine version 1.349.149.0 (2021/09/04) breaks mpclient HOT 2
- Replacing a thiscall function HOT 1
- Trying to load library and link to module HOT 2
- Is there any way to load a dll depends on msvcrt*.dll
- About msvc##.dll solution
- mpclient fails with latest defender update. HOT 2
- Trace/breakpoint trap (core dumped) HOT 2
- lastest windows defender can't work
- Segmentation fault at fixup_reloc HOT 3
- mpclient: function at 0x5a741c8a attempted to call an unknown symbol HOT 6
- malware not detected, while it should HOT 4
- Possible to check the virus database version and timestamp?
- MPClient - No debugging symbols found HOT 1
- Engine version 1.339.932.0 (2021/05/18) breaks mpclient HOT 3
- Take care of floating point registers during calling convention switches
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from loadlibrary.