When the scanning engine searches through files looking for threats, it compares the contents of the scanned files to known threat information stored in the detection definition (DAT) files. The known threat information, called signatures, is information McAfee Labs has found and added to the DAT files.
VirusScan Enterprise also uses heuristics, called Artemis, to check for suspicious files along with the DAT files. Refer to How Artemis works for more information.
The various DAT files are stored at the following path:
\Program Files\Common Files\McAfee\Engine