Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 1 reply
  • Subscribers 3 subscribers
  • Views 2407 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Comparing latest_IDE.xml to the latest IDE listed in the database

Jason Costello

I'm in a situation where I only have access the the database and the xml file and need to determine two things:

1.  Does an endpoint have the latest IDE as listed in the database?

2.  Does an endpoint have the latest IDE as listed in latest_IDE.xml?

Other questions:
1.  Are the timestamp and published dates referenced anywhere in the database?  I've been unable to locate them if so.

2.  From an endpoint perspective, what does the Data file Date correspond to?  I would think it would be one of the timestamps listed in the latest_IDE.xml file.

3.  What timezone are the timestamps in the latest_IDE.xml file. (using RFC 3339 would be great help).

 

 

 

latest_IDE.xml

 

<latest>
<ide>
<name>pdfu-ezk.ide</name>
<md5>f2dec9315316bc2334fe486b787d80f9</md5>
<size>30623</size>
<timestamp>2018-05-01T09:29:47</timestamp>
<published>2018-05-01T11:34:17</published>
</ide>
</latest>
 
 
The query below returns zero rows when searching for the checksum given by the latest_IDE.xml file even though I have a endpoint server listed to have the ide installed (access to an endpoint server for development purposes)
 
Select
 c.ComputerName
,c.PackageId
,c.ProductID
,c.SAVVersion
,c.EngineVersion
,c.virusDataVersion
,c.IDEChecksum
,c.PackageExpiryTime
,c.PackageNotificationTime
,i.IDEList
,i.IDENumber
,i.md5
,i.Id
from ComputerListData2 as c
Left Join IDELists as i
on c.IDEListID = i.ID
where i.Id = 'f2dec9315316bc2334fe486b787d80f9'
  or IDEChecksum = 'f2dec9315316bc2334fe486b787d80f9'
order by PackageId desc;
 
 
 
 
From a Centos 7 server:
Data file name : /opt/sophos-av/lib/sav/pdfu-ezk.ide
Data file type : IDE
Data file date : 01 May 2018, 08:19:00
Data file status : Loaded


This thread was automatically locked due to age.
  • 0

    Hello Jason Costello,

    I'm not sure I understand what you are really trying to find out.
    A few remarks first:

    • Other 3.: Timestamps are UTC
    • Other 2.: the Data file date is an internally recorded date (used to determine the "age" of the IDE)
    • Other 1.: AFAIK - no
    • the checksum in latest_IDE.xml is the individual checksum for the specific IDE, the IDEChecksum in the database is (again AFAIK) the checksum of checksums or some other aggregate value.

    Upon "installing" the updates an endpoint sends its (alphabetically sorted) list of IDEs which is recorded in the database in column IDEList so a WHERE i.IDEList LIKE '%NameOfLatest.IDE%' should return the information you're interested in.

    Christian

Unfiltered HTML