Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 3 replies
  • Subscribers 1 subscriber
  • Views 23048 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

How do I determine the antivirus definitions date?

bhami

Auditors don't care how often a client gets updates from a server. They care about how current that data is; i.e. when did sophos.com generate it?

I can't figure out any way to determine the actual virus definitions data date. On my Sophos Anti-virus version 9 (Windows XP SP3) client, "view product information/ software" shows a (US mm/dd/yyyy format) "Virus data date" of 7/5/2010 and a "Last updated" date of 8/2/2010, but I think those are software engine dates, not definitions dates

At the other extreme, in the same client windows the "Status/ Last updated" date is just a few minutes ago and simply reflects when this client last spoke to its local (non-Internet-connected) server.

Where can I find the most recent date that sophos.com supplied definitions which are currently running on this client?

--Bruce

:5071


This thread was automatically locked due to age.
  • 0

    Hello Bruce,

    Last Updated under Software does show the time of the last IDE update.

    They care about how current that data is.

    Auditors! :smileyhappy: I hope they also care that it is complete.

    Where can I find the most recent date that sophos.com supplied definitions which are currently running on this client?

    I think this is impossible because the IDEs don't contain their original date. Even though you can check the list of IDEs for the past three months for their dates it won't really help you. The Last Update is a rough approximation - data is definitely from before this time but how much you just can't tell.

    What do they do with this information anyway? Or is it auditing for auditing's sake? :smileywink: 

    Christian

    :5074
  • 0

    Hi,

    The output from:

    SAV32CLI -v

    Will give you the time stamps of the IDE files.

    E.g.

    Data file name         : C:\Program Files\Sophos\Sophos Anti-Virus\pingm-a.ide
    Data file type            : IDE
    Data file date           : 17 September 2010, 17:00:35
    So the date is encoded in the IDE.
    Hope this gives you something to work with.

    Thanks,
    Jak
    :5113
  • 0

    Thanks, Jak. "savcli32 -v" gives the answer I'm looking for.

    I would still like to know what is meaning of the date shown by "View Porduct information/ Software/ Virus data date". Right now it shows 4/4/2011, but what is weirder is that in late March it *also* showed 4/4/2011! Why is that date sometimes well into the future?

    --Bruce

    :12383
Unfiltered HTML