Home
/
McAfee
/
VCLCDE-AA-DA - VirusScan Command Line Scanner Standard
/
Product Manual

McAfee VCLCDE-AA-DA - VirusScan Command Line Scanner Standard, Product Manual, Page: 18 / 46

Share

Page: 18 / 46

McAfee VCLCDE-AA-DA - VirusScan Command Line Scanner Standard Product Manual Download Page 18

18

VirusScan

®

Command Line 5.20.0 Product Guide

Using the Command-Line Scanner

Scanning files in remote storage

3

Scanning files in remote storage

Under some Microsoft Windows systems, files that are not in frequent use can be
stored in a remote storage system, such as the Hierarchical Storage Management
(HSM) system. However, when the files are scanned using the

/DOHSM

option, those

files become

in use

again. To prevent this effect, you can include the

/NORECALL

option.

In combination, these options request the stored file for scanning, but the file
continues to reside in remote storage. The file is not transported back to local storage.

Scanning NTFS streams

Some known methods of file infection add the virus body at the beginning or the end
of a host file. However, a

stream

virus exploits the NTFS multiple data streams feature

in Windows NT and more recent Windows operating systems. For example, a
Windows 95 or Windows 98 FAT file has only one data stream — the program code or
data itself. In NTFS, users can create any number of data streams within the file —
independent executable program modules, as well as various service streams such as
file access rights, encryption data, and processing time.

Unfortunately, some streams might contain viruses. The scanner can detect a stream
virus in one of two ways; you can specify the full stream name, or you can include

/STREAMS

and specify either no stream name, or a part of a stream name using the

wildcard characters

?

and

*

.

The following table shows the effect of different commands on a stream called

FILE:STREAM

that contains a virus.

Scanning protected files

The scanner normally scans files such as other users’ profiles and recycle bins. To
prevent this type of scanning in Windows NT or later systems, use

/NOBKSEM

.

Table 3-1 Scanning streams

Command

Action

SCAN /ALL /STREAMS FILE

All streams were scanned.

The virus is detected.

SCAN /ALL FILE:STREAM

The exact stream name was specified.

The virus is detected.

SCAN /ALL /STREAMS FILE:STREAM

The exact stream name was specified.

The virus is detected.

SCAN /ALL FILE:STR*

An exact stream name was

not

specified.

The virus is not detected.

SCAN /ALL /STREAMS FILE:STR*

All streams beginning with “str” are
scanned.

The virus is detected.

SCAN /ALL FILE

No streams were named.

The virus is not detected.

«
...
16
17
18
19
20
...
»

Summary of Contents for VCLCDE-AA-DA - VirusScan Command Line Scanner Standard

Page 1: ...Product Guide VirusScan Command Line version 5 20 0 McAfee System Protection Industry leading intrusion prevention solutions...

Page 2: ...t 2001 Stellent Chicago Inc Software copyrighted by Thai Open Source Software Center Ltd and Clark Cooper 1998 1999 2000 Software copyrighted by Expat maintainers Software copyrighted by The Regents o...

Page 3: ...8 Scanning protected files 18 Using memory caches 19 Scanning processes in memory 20 Running an on demand scan 20 Command line conventions 21 General hints and tips 21 Configuring scans 22 Creating a...

Page 4: ...4 VirusScan Command Line 5 20 0 Product Guide Contents Updating your DAT files 43 Index 44...

Page 5: ...horse programs and other types of potentially unwanted software The command line scanner enables you to search for viruses in any directory or file in your computer on demand in other words at any ti...

Page 6: ...pgrade just replace your existing Engine with the new version and you re protected No worrying about compatibility Using this guide This guide provides information on installing configuring and using...

Page 7: ...emphasis or when introducing a new term for names of product documentation and topics headings within the material Example Refer to the VirusScan Enterprise Product Guide for more information Blue A...

Page 8: ...accessed from the software application Release Notes ReadMe Product information resolved issues any known issues and last minute additions or changes to the product or its documentation A text file is...

Page 9: ...h Releases For Security Vulnerabilities Available to the public For Products ServicePortal account and valid grant number required Product Evaluation McAfee Beta Program Technical Support http www mca...

Page 10: ...or equivalent processor 10 MB of free hard disk space for a full installation For Microsoft Windows 98 systems a minimum of 64 MB RAM is required 128 MB IS recommended For Microsoft Windows NT and lat...

Page 11: ...a workstation logs on to a Novell NetWare server To enable the scanner to run on a personal computer before it can logon to a Novell NetWare server use the following steps immediately after installati...

Page 12: ...LEVEL 20 GOTO ERR20 IF ERRORLEVEL 19 GOTO ERR19 IF ERRORLEVEL 15 GOTO ERR15 IF ERRORLEVEL 13 GOTO ERR13 IF ERRORLEVEL 10 GOTO ERR10 IF ERRORLEVEL 8 GOTO ERR8 IF ERRORLEVEL 6 GOTO ERR6 IF ERRORLEVEL 2...

Page 13: ...E EXE on all of its program files and DAT files To ensure that you have exactly the same files as the original software you need to compare the validation codes that VALIDATE EXE generates against the...

Page 14: ...pe the following character string as one line with no spaces or line breaks X5O P AP 4 PZX54 P 7CC 7 EICAR STANDARD ANTIVIRUS TEST FILE H H 2 Save the file with the name EICAR COM The file size will b...

Page 15: ...ontains the VirusScan Command Line files as set up in Step 1 under Installing the software on page 11 2 Delete all files in the directory Caution Removing the software leaves your computer unprotected...

Page 16: ...ing features offer optimum protection for your computer and network On demand scanning options let you start a scan immediately or schedule automatic scans Advanced heuristic analysis detects previous...

Page 17: ...orts these items enabling you to remove them if necessary Scanning diskettes Diskettes pose a threat because many viruses infect computers when a computer boots from an infected disk or when users cop...

Page 18: ...reams within the file independent executable program modules as well as various service streams such as file access rights encryption data and processing time Unfortunately some streams might contain...

Page 19: ...ile read instead The size of reads for this cache is determined by a value in the range 0 through 4 as follows OCRS 0 128KB OCRS 1 256KB OCRS 2 512KB OCRS 3 1MB OCRS 4 2MB OCMAX The OCMAX option chang...

Page 20: ...ile or directory on your file system from the command line by adding options to the basic command When executed without options the program simply displays a brief summary of its options When executed...

Page 21: ...e assumes that the scanner is available in your search path To have the program examine a specific file or list of files add the target directories or files to the command line after SCAN You can limi...

Page 22: ...CAN LOAD FILENAME TARGET Here FILENAME is the name of the text file you created in steps Step 2 and Step 3 and TARGET is the file or directory you want to scan If the scanner detects no virus infectio...

Page 23: ...the directory DIR1 and all its subdirectories and produces information on screen SCAN C DIR1 SUB To produce a simple list of infected files you can add the BADLIST option SCAN C DIR1 SUB BADLIST BAD1...

Page 24: ...ut the computer does not use all the possible numbers By searching for unexpected numbers inside a program file the scanner can detect an encrypted virus By using these techniques the scanner can dete...

Page 25: ...not scanned for macros Table 3 2 Scanning options Option Limitations Description AD None Same as ALLDRIVES ADL None Scan all local drives including compressed and PC drives in addition to any other dr...

Page 26: ...ime See also NORECALL and Scanning files in remote storage on page 18 DRIVER None Specify the location of the DAT files SCAN DAT NAMES DAT and CLEAN DAT If you do not specify this option in the comman...

Page 27: ...command This option is a subset of ANALYZE See Using heuristic analysis on page 24 for more information MANY None Scan multiple disks consecutively in a single drive The program prompts you for each...

Page 28: ...ote on page 29 Do not scan document files This includes Microsoft Office documents OLE2 PowerPoint CorelDraw WordPerfect RTF Visio Autodesk Autocad 2000 Adobe PDF 5 and Corel PhotoPaint 9 files NOEXPI...

Page 29: ...ontains not its subdirectories Use this option to scan all subdirectories within the specified directories This option is not necessary if you specify an entire drive as a target TIMEOUT SECONDS None...

Page 30: ...essage except a backslash Messages beginning with a slash or a hyphen must be placed in quotation marks DAM None Delete all macros in a file if an infected macro is found If you suspect you have an in...

Page 31: ...n about renaming see Table 4 1 on page 40 See If the scanner detects a virus on page 40 for more information PAUSE Do not use with report options Enable a screen pause When the screen is full of messa...

Page 32: ...information to the end of the file instead of overwriting it You can also use RPTALL RPTCOR and RPTERR to add more information to the report You can include the destination drive and directory such a...

Page 33: ...command line options each with a brief description You can add a list of scanning options to a report file To do this type at the command prompt SCAN REPORT FILENAME The report is appended with the fu...

Page 34: ...ile instead of overwriting it page 32 APPENDBAD Append names of infected files to an existing file as specified by BADLIST page 26 BADLIST FILENAME Create a list of infected files page 26 BEEP Issue a...

Page 35: ...Microsoft Office compound documents that are password protected page 28 NODOC Do not scan document files page 28 NOEXPIRE Disable the expiration date message if the scanner s DAT files are out of date...

Page 36: ...nACE CAB and CHM formats page 29 WINMEM Scan inside running processes page 29 VIRLIST Display the name of each virus that the scanner can detect page 32 Table 3 6 Alphabetic list of options continued...

Page 37: ...Where an option has a parameter insert only one space between them For example the following commands are intended to scan all directories on the C disk and list any infected files in the file named B...

Page 38: ...inate one potential cause of your computer problems To clean your computer If your computer has a virus or you suspect it has and you have not yet installed the on demand scanner follow these steps 1...

Page 39: ...nect to the network and begin the installation procedure described on page 10 To find and remove the possible source of infection scan your diskettes immediately after installation For information see...

Page 40: ...r BAD V02 and so on For file extensions with more than three letters the name is usually not truncated For example NOTEPAD CLASS becomes NOTEPAD VLASS However an infected file called WATER VAPOR becom...

Page 41: ...hard disks To clean the Master Boot Record MBR on a hard disk formatted with the Microsoft Windows NT file system NTFS 1 Start the computer that has the NTFS file system partition from a virus free M...

Page 42: ...ble we continually update the definition DAT files that the VirusScan Command Line software uses to detect potentially unwanted software For maximum protection you should regularly retrieve these file...

Page 43: ...iles When you are selecting the latest version of DAT file ignore any reference to SuperDAT a self installing DAT file You cannot use this type of file with the command line scanner To use the new DAT...

Page 44: ...ess disabling with scanner 28 directories scanning 29 diskettes 27 disks scanning 17 scanning multiple 27 DLL scanning 20 DOS 11 download website 9 drives scanning local 25 scanning network 25 E EICAR...

Page 45: ...ral 25 report 32 response and notification 30 P password protected files 41 pattern files See DAT files PAUSE do not use with report options 31 not with REPORT 32 pausing when displaying scanner messa...

Page 46: ...ormation Library See Avert Labs Threat Library virus scanning displaying message when virus is found 30 preventing users from halting 27 viruses detected error level for 36 displaying list of detected...

Reviews:

No comments