Validating the Installation Script

Once you have installed PureMessage, automatic certificate validation ensures the authenticity of subsequent software and data updates. As an added precaution, before installing PureMessage, you can verify the authenticity of the installation script itself.

To validate the installer:

  1. Run the installer. At the command-line, enter:
    sh puremessage-<VersionNumber>-<Platform>.sh

    The PureMessage installer program (pmx-setup) is retrieved from the Sophos website.

  2. Extract the validator. If PureMessage is installed in the default location (opt/pmx)At the command line, enter:
    /opt/pmx/bin/pmx-setup --check-validator

    The installer acknowledges that you have chosen to verify the authenticity of the validation tool itself before proceeding with the installation. The validation file is extracted.

  3. Obtain the sha1sum of the validation file. The sha1sum utility is used to calculate and verify SHA1 hashes. If you don't have sha1sum, you must obtain the appropriate version for your operating system. See the sha1sum documentation for specific command syntax.
  4. Contact Sophos Technical Support and have a representative confirm that the checksum you have obtained is correct. See “Contacting Sophos” for more information.
  5. Verify that your copy of pmx-setup is valid. At the command line, run the pmx-validator command as shown below:
    <PathToValidator>/pmx-validator <PathToRepository> <PathTo_pmx-setup>

    The exact file locations for this command are the pmx-validator, Repository, and pmx-setup entries displayed in the installer.

  6. Continue with the installation. Once verification is complete, enter: