This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Is there a way to validate a bootable USB stick made using the SBAV tool?

I am looking to verify that the virus definitions and bootable OS contained on the resulting USB stick match what is expected. Does any kind of checksum or hash value come down with the virus definitions to validate against? Alternatively, is there a listing somewhere on the Sophos site that can confirm the files that were supposed to be part of any given virus definitions update?

I have been following the instructions for bootable drive creation from this article KB-000033912.



This thread was automatically locked due to age.
Parents
  • Hello Eric Leknes,

    what exactly is your concern? sbavc.exe downloads SAV, the current definitions database, and individual IDEs and checks their integrity using hashes/manifests. If it doesn't complain you can be pretty sure that everything is as it should be. 

    Christian.

  • Hi Christian,

    It is less of a concern and more of a need to be able to positively prove and document that the resulting bootable "tool" was created as intended. While from a practical standpoint I believe that the sbavc.exe program correctly verifies the integrity of what it downloads I have no way of knowing what it actually is looking at or checking. The application I am using this in requires that all software on the PC is validated and that traceable records are maintained of the origin and integrity of that software. This question is an attempt to come up with a process that satisfies that requirement in the most complete way possible. 

    Do you know if there is a way to increase the verbosity of the program output to see the hashes it is checking? Alternatively does it save off the manifest file(s) somewhere that they could be manually reviewed?

    Thanks, Eric

Reply
  • Hi Christian,

    It is less of a concern and more of a need to be able to positively prove and document that the resulting bootable "tool" was created as intended. While from a practical standpoint I believe that the sbavc.exe program correctly verifies the integrity of what it downloads I have no way of knowing what it actually is looking at or checking. The application I am using this in requires that all software on the PC is validated and that traceable records are maintained of the origin and integrity of that software. This question is an attempt to come up with a process that satisfies that requirement in the most complete way possible. 

    Do you know if there is a way to increase the verbosity of the program output to see the hashes it is checking? Alternatively does it save off the manifest file(s) somewhere that they could be manually reviewed?

    Thanks, Eric

Children
  • Hello Eric,

    I must say that I have no really an idea what the application [you are] using this in is or why it requires that all software on the PC is validated. And is the PC the one on which you are running sbavc.exe or the one on which is eventually used?

    AFAIK it doesn't verify individual files, just the archives. Haven't found out how it determines that, say, the IDE archive is corrupt (or outdated) but it does.

    Christian