With the download links from the page
https://www.microsoft.com/en-us/wdsi/definitions , the downloads for msse are both
mpam-fe.exe, and the downloads for wddefs are both
mpas-fe.exe. But it is not necessarily a problem, that the filenames for 32-bit and 64-bit are the same, because the four virus definition files are downloaded to different directories:
- Code: Select all
wsusoffline/client/msse/x64-glb
wsusoffline/client/msse/x86-glb
wsusoffline/client/wddefs/x64-glb
wsusoffline/client/wddefs/x86-glb
This works well for the download, but the installation scripts would probably need to be changed to use the same filenames in different directories.
The script DownloadUpdates.cmd can automatically rename downloaded files, if the local filename is appended to the URL after a comma. This is already used in the static download files:
- Code: Select all
wsusoffline/static/StaticDownloadLinks-msse-x64-glb.txt
wsusoffline/static/StaticDownloadLinks-msse-x86-glb.txt
The server file nis_full.exe is renamed to either nis_full_x64.exe or nis_full_x86.exe, and the file MSEInstall.exe is renamed to MSEInstall-x64-enu.exe, MSEInstall-x64-deu.exe, MSEInstall-x86-enu.exe or MSEInstall-x86-deu.exe, or to any other language.
But this does not work for the download links in
https://www.microsoft.com/en-us/wdsi/definitions , because the remote filename can not be deduced from the URLs.
wget needs the option
--trust-server-names, to use the last filename after several redirects on the server:
- Code: Select all
~/Downloads$ wget --trust-server-names "https://go.microsoft.com/fwlink/?LinkID=121721&arch=x86"
--2019-04-07 08:08:26-- https://go.microsoft.com/fwlink/?LinkID=121721&arch=x86
Resolving go.microsoft.com (go.microsoft.com)... 2a02:26f0:d5:481::2c1a, 2a02:26f0:d5:4a5::2c1a, 104.81.43.109
Connecting to go.microsoft.com (go.microsoft.com)|2a02:26f0:d5:481::2c1a|:443... connected.
HTTP request sent, awaiting response... 302 Moved Temporarily
Location: https://www.microsoft.com/security/encyclopedia/adlpackages.aspx?arch=x86 [following]
--2019-04-07 08:08:26-- https://www.microsoft.com/security/encyclopedia/adlpackages.aspx?arch=x86
Resolving www.microsoft.com (www.microsoft.com)... 2a02:26f0:d5:28f::356e, 2a02:26f0:d5:282::356e, 23.52.13.90
Connecting to www.microsoft.com (www.microsoft.com)|2a02:26f0:d5:28f::356e|:443... connected.
HTTP request sent, awaiting response... 302 Moved Temporarily
Cookie coming from www.microsoft.com attempted to set domain to adl.sr.wd.microsoft.com
Location: https://definitionupdates.microsoft.com/download/DefinitionUpdates/VersionedSignatures/AM/1.291.1324.0/x86/mpam-fe.exe [following]
--2019-04-07 08:08:27-- https://definitionupdates.microsoft.com/download/DefinitionUpdates/VersionedSignatures/AM/1.291.1324.0/x86/mpam-fe.exe
Resolving definitionupdates.microsoft.com (definitionupdates.microsoft.com)... 23.52.14.91
Connecting to definitionupdates.microsoft.com (definitionupdates.microsoft.com)|23.52.14.91|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 118207152 (113M) [application/octet-stream]
Saving to: 'mpam-fe.exe'
mpam-fe.exe 100%[===================>] 112.73M 2.72MB/s in 41s
2019-04-07 08:09:08 (2.72 MB/s) - 'mpam-fe.exe' saved [118207152/118207152]
Earlier versions of wget would just use the resulting filename on the server anyway.
Aria2 doesn't need any additional options:
- Code: Select all
~/Downloads$ aria2c "https://go.microsoft.com/fwlink/?LinkID=121721&arch=x64"
04/07 08:27:06 [NOTICE] Downloading 1 item(s)
[#14272c 111MiB/113MiB(98%) CN:1 DL:2.7MiB]
04/07 08:27:49 [NOTICE] Download complete: /home/hb1/Downloads/mpam-fe.exe
Download Results:
gid |stat|avg speed |path/URI
======+====+===========+=======================================================
14272c|OK | 2.7MiB/s|/home/hb1/Downloads/mpam-fe.exe
Status Legend:
(OK):download completed.
So, if the URLs on the page
https://www.microsoft.com/en-us/wdsi/definitions stay the same, they can probably be used, but they require some changes to the download scripts and/or the installation scripts.
A standalone script to download the four virus definition files, with proper renaming of the files for timestamping and compatibility with the installation scripts, and with building the integrity database of hashdeep files, could look like:
- Code: Select all
#!/bin/bash
#
# filename: get-virus-definitions.bash
#
# Get the latest virus definition updates using the URLs on the page:
#
# - Definition updates for Windows Defender Antivirus and other Microsoft
# antimalware
#
# https://www.microsoft.com/en-us/wdsi/definitions
# ========== Shell options ================================================
set -o errexit
set -o nounset
set -o pipefail
shopt -s nocasematch
# ========== Functions ====================================================
function setup_working_directory ()
{
local kernel_name=""
local canonical_name=""
local home_directory=""
if type -P uname >/dev/null
then
kernel_name="$(uname -s)"
else
printf '%s\n' "Unknown operation system ${OSTYPE}"
exit 1
fi
# Reveal the normalized, absolute pathname of the running script
case "${kernel_name}" in
Linux | FreeBSD | CYGWIN*)
canonical_name="$(readlink -f "$0")"
;;
Darwin | NetBSD | OpenBSD)
# Use greadlink = GNU readlink, if available; otherwise use
# BSD readlink, which lacks the option -f
if type -P greadlink >/dev/null
then
canonical_name="$(greadlink -f "$0")"
else
canonical_name="$(readlink "$0")"
fi
;;
*)
printf '%s\n' "Unknown operating system ${kernel_name}, ${OSTYPE}"
exit 1
;;
esac
# Change to the home directory of the script
home_directory="$(dirname "${canonical_name}")"
cd "${home_directory}" || exit 1
return 0
}
function download_file ()
{
local download_dir="$1"
local download_link="$2"
local remote_filename="$3"
local local_filename="${4:-}" # optional parameter
# Rename local filename to remote filename, to allow timestamping
if [[ -n "${local_filename}" \
&& -f "${download_dir}/${local_filename}" ]]
then
printf '%s\n' "Rename local filename ${local_filename} to remote filename ${remote_filename}"
mv "${download_dir}/${local_filename}" \
"${download_dir}/${remote_filename}"
fi
wget --timestamping --trust-server-names \
--directory-prefix="${download_dir}" "${download_link}"
# Rename remote filename to local filename
if [[ -n "${local_filename}" \
&& -f "${download_dir}/${remote_filename}" ]]
then
printf '%s\n' "Rename remote filename ${remote_filename} to local filename ${local_filename}"
mv "${download_dir}/${remote_filename}" \
"${download_dir}/${local_filename}"
fi
return 0
}
function get_virus_definitions ()
{
local download_dir=""
local download_link=""
local remote_filename=""
local local_filename=""
# Virus definitions for Microsoft Security Essentials and the Defender
# of Windows 8, 8.1 and 10
# - 32-bit
printf '%s\n' "Get virus definitions for msse, 32-bit"
download_dir="../client/msse/x86-glb"
download_link="https://go.microsoft.com/fwlink/?LinkID=121721&arch=x86"
remote_filename="mpam-fe.exe"
local_filename=""
download_file "${download_dir}" "${download_link}" \
"${remote_filename}"
# - 64-bit
printf '%s\n' "Get virus definitions for msse, 64-bit"
download_dir="../client/msse/x64-glb"
download_link="https://go.microsoft.com/fwlink/?LinkID=121721&arch=x64"
remote_filename="mpam-fe.exe"
local_filename="mpam-fex64.exe"
download_file "${download_dir}" "${download_link}" \
"${remote_filename}" "${local_filename}"
# Virus definitions for the Defender of Windows Vista and 7
# - 32-bit
printf '%s\n' "Get virus definitions for wddefs, 32-bit"
download_dir="../client/wddefs/x86-glb"
download_link="https://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x86&eng=0.0.0.0&avdelta=0.0.0.0&asdelta=0.0.0.0&prod=925A3ACA-C353-458A-AC8D-A7E5EB378092"
remote_filename="mpas-fe.exe"
local_filename=""
download_file "${download_dir}" "${download_link}" \
"${remote_filename}"
# - 64-bit
printf '%s\n' "Get virus definitions for wddefs, 64-bit"
download_dir="../client/wddefs/x64-glb"
download_link="https://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x64&eng=0.0.0.0&avdelta=0.0.0.0&asdelta=0.0.0.0&prod=925A3ACA-C353-458A-AC8D-A7E5EB378092"
remote_filename="mpas-fe.exe"
local_filename="mpas-feX64.exe"
download_file "${download_dir}" "${download_link}" \
"${remote_filename}" "${local_filename}"
return 0
}
function todos_line_endings ()
{
local line=""
# IFS is set to an empty string, to read a complete line including
# leading and trailing spaces.
while IFS="" read -r line
do
printf '%s\r\n' "${line}"
done
return 0
}
function build_integrity_database ()
{
local download_dir=""
printf '%s\n' "Creating integrity database..."
pushd "../client/md" >/dev/null
for download_dir in msse wddefs
do
hashdeep -c md5,sha1,sha256 -l -r "../${download_dir}" \
| tr '/' '\\' | todos_line_endings > "hashes-${download_dir}.txt"
# Empty files should be deleted
if [[ -f "hashes_${download_dir}.txt" \
&& ! -s "hashes_${download_dir}.txt" ]]
then
printf '%s\n' "Deleting file hashes_${download_dir}.txt, because it is empty."
rm "hashes_${download_dir}.txt"
fi
done
popd >/dev/null
printf '%s\n' "Created integrity database."
return 0
}
# ========== Commands =====================================================
setup_working_directory
get_virus_definitions
build_integrity_database
exit 0