advertisement
VirusScan
®
Command Line
version 6.00.1
Product Guide
McAfee
®
System Protection
Industry-leading intrusion prevention solutions
COPYRIGHT
Copyright © 2009 McAfee, Inc. All Rights Reserved.
No part of this publication may be reproduced, transmitted, transcribed, stored in a retrieval system, or translated into any language in any form or by any means without the written permission of McAfee, Inc., or its suppliers or affiliate companies.
TRADEMARK ATTRIBUTIONS
ACTIVE FIREWALL, ACTIVE SECURITY, ACTIVESECURITY (AND IN KATAKANA), ACTIVESHIELD, CLEAN-UP, DESIGN (STYLIZED E), DESIGN
(STYLIZED N), ENTERCEPT, EPOLICY ORCHESTRATOR, FIRST AID, FOUNDSTONE, GROUPSHIELD, GROUPSHIELD (AND IN KATAKANA),
INTRUSHIELD, INTRUSION PREVENTION THROUGH INNOVATION, MCAFEE, MCAFEE (AND IN KATAKANA), MCAFEE AND DESIGN,
MCAFEE.COM, MCAFEE VIRUSSCAN, NET TOOLS, NET TOOLS (AND IN KATAKANA), NETSCAN, NETSHIELD, NUTS & BOLTS, OIL CHANGE,
PRIMESUPPORT, SPAMKILLER, THREATSCAN, TOTAL VIRUS DEFENSE, VIREX, VIRUS FORUM, VIRUSCAN, VIRUSSCAN, VIRUSSCAN (AND IN
KATAKANA), WEBSCAN, WEBSHIELD, WEBSHIELD (AND IN KATAKANA) are registered trademarks or trademarks of McAfee, Inc. and/or its affiliates in the US and/or other countries. The color red in connection with security is distinctive of McAfee brand products. All other registered and unregistered trademarks herein are the sole property of their respective owners.
LICENSE INFORMATION
License Agreement
NOTICE TO ALL USERS: CAREFULLY READ THE APPROPRIATE LEGAL AGREEMENT CORRESPONDING TO THE LICENSE YOU PURCHASED, WHICH SETS FORTH THE
GENERAL TERMS AND CONDITIONS FOR THE USE OF THE LICENSED SOFTWARE. IF YOU DO NOT KNOW WHICH TYPE OF LICENSE YOU HAVE ACQUIRED, PLEASE
CONSULT THE SALES AND OTHER RELATED LICENSE GRANT OR PURCHASE ORDER DOCUMENTS THAT ACCOMPANIES YOUR SOFTWARE PACKAGING OR THAT YOU
HAVE RECEIVED SEPARATELY AS PART OF THE PURCHASE (AS A BOOKLET, A FILE ON THE PRODUCT CD, OR A FILE AVAILABLE ON THE website FROM WHICH YOU
DOWNLOADED THE SOFTWARE PACKAGE). IF YOU DO NOT AGREE TO ALL OF THE TERMS SET FORTH IN THE AGREEMENT, DO NOT INSTALL THE SOFTWARE. IF
APPLICABLE, YOU MAY RETURN THE PRODUCT TO MCAFEE OR THE PLACE OF PURCHASE FOR A FULL REFUND.
Attributions
This product includes or may include:
• Software originally written by Philip Hazel, Copyright (c) 1997-2008 University of Cambridge. A copy of the license agreement for this software can be found at www.pcre.org/license.txt. • Software developed by the OpenSSL Project for use in the OpenSSL Toolkit
(http://www.openssl.org/). • Cryptographic software written by Eric A. Young and software written by Tim J. Hudson. • Some software programs that are licensed (or sublicensed) to the user under the GNU General Public License (GPL) or other similar Free Software licenses which, among other rights, permit the user to copy, modify and redistribute certain programs, or portions thereof, and have access to the source code. The
GPL requires that for any software covered under the GPL which is distributed to someone in an executable binary format, that the source code also be made available to those users. For any such software covered under the GPL, the source code is made available on this CD. If any Free
Software licenses require that McAfee provide rights to use, copy or modify a software program that are broader than the rights granted in this agreement, then such rights shall take precedence over the rights and restrictions herein. • Software originally written by Henry Spencer,
Copyright 1992, 1993, 1994, 1997 Henry Spencer. • Software originally written by Robert Nordier, Copyright © 1996-7 Robert Nordier. • Software written by Douglas W. Sauder. • Software developed by the Apache Software Foundation (http://www.apache.org/). A copy of the license agreement for this software can be found at www.apache.org/licenses/LICENSE-2.0.txt. • International Components for Unicode ("ICU")
Copyright ©1995-2002 International Business Machines Corporation and others. • Software developed by CrystalClear Software, Inc., Copyright
©2000 CrystalClear Software, Inc. • FEAD
®
Optimizer
®
technology, Copyright Netopsystems AG, Berlin, Germany. • Outside In
®
Viewer
Technology ©1992-2001 Stellent Chicago, Inc. and/or Outside In
®
HTML Export, © 2001 Stellent Chicago, Inc. • Software copyrighted by Thai
Open Source Software Center Ltd. and Clark Cooper, © 1998, 1999, 2000. • Software copyrighted by Expat maintainers. • Software copyrighted by The Regents of the University of California, © 1996, 1989, 1998-2000. • Software copyrighted by Gunnar Ritter. • Software copyrighted by
Sun Microsystems, Inc., 4150 Network Circle, Santa Clara, California 95054, U.S.A., © 2003. • Software copyrighted by Gisle Aas. © 1995-2003.
• Software copyrighted by Michael A. Chase, © 1999-2000. • Software copyrighted by Neil Winton, ©1995-1996. • Software copyrighted by RSA
Data Security, Inc., © 1990-1992. • Software copyrighted by Sean M. Burke, © 1999, 2000. • Software copyrighted by Martijn Koster, © 1995.
• Software copyrighted by Brad Appleton, © 1996-1999. • Software copyrighted by Michael G. Schwern, ©2001. • Software copyrighted by
Graham Barr, © 1998. • Software copyrighted by Larry Wall and Clark Cooper, © 1998-2000. • Software copyrighted by Frodo Looijaard, © 1997.
• Software copyrighted by the Python Software Foundation, Copyright © 2001, 2002, 2003. A copy of the license agreement for this software can be found at www.python.org. • Software copyrighted by Beman Dawes, © 1994-1999, 2002. • Software written by Andrew Lumsdaine, Lie-Quan
Lee, Jeremy G. Siek © 1997-2000 University of Notre Dame. • Software copyrighted by Simone Bordet & Marco Cravero, © 2002. • Software copyrighted by Stephen Purcell, © 2001. • Software developed by the Indiana University Extreme! Lab (http://www.extreme.indiana.edu/).
• Software copyrighted by International Business Machines Corporation and others, © 1995-2003. • Software developed by the University of
California, Berkeley and its contributors. • Software developed by Ralf S. Engelschall <[email protected]> for use in the mod_ssl project
(http:// www.modssl.org/). • Software copyrighted by Kevlin Henney, © 2000-2002. • Software copyrighted by Peter Dimov and Multi Media Ltd.
© 2001, 2002. • Software copyrighted by David Abrahams, © 2001, 2002. See http://www.boost.org/libs/bind/bind.html for documentation.
• Software copyrighted by Steve Cleary, Beman Dawes, Howard Hinnant & John Maddock, © 2000. • Software copyrighted by Boost.org,
© 1999-2002. • Software copyrighted by Nicolai M. Josuttis, © 1999. • Software copyrighted by Jeremy Siek, © 1999-2001. • Software copyrighted by Daryle Walker, © 2001. • Software copyrighted by Chuck Allison and Jeremy Siek, © 2001, 2002. • Software copyrighted by
Samuel Krempp, © 2001. See http://www.boost.org for updates, documentation, and revision history. • Software copyrighted by Doug Gregor
([email protected]), © 2001, 2002. • Software copyrighted by Cadenza New Zealand Ltd., © 2000. • Software copyrighted by Jens Maurer,
©2000, 2001. • Software copyrighted by Jaakko Järvi ([email protected]), ©1999, 2000. • Software copyrighted by Ronald Garcia, © 2002.
• Software copyrighted by David Abrahams, Jeremy Siek, and Daryle Walker, ©1999-2001. • Software copyrighted by Stephen Cleary
([email protected]), ©2000. • Software copyrighted by Housemarque Oy <http://www.housemarque.com>, © 2001. • Software copyrighted by Paul Moore, © 1999. • Software copyrighted by Dr. John Maddock, © 1998-2002. • Software copyrighted by Greg Colvin and
Beman Dawes, © 1998, 1999. • Software copyrighted by Peter Dimov, © 2001, 2002. • Software copyrighted by Jeremy Siek and John R.
Bandela, © 2001. • Software copyrighted by Joerg Walter and Mathias Koch, © 2000-2002. • Software copyrighted by Carnegie Mellon
University © 1989, 1991, 1992. • Software copyrighted by Cambridge Broadband Ltd., © 2001-2003. • Software copyrighted by Sparta, Inc., ©
2003-2004. • Software copyrighted by Cisco, Inc. and Information Network Center of Beijing University of Posts and Telecommunications,
© 2004. • Software copyrighted by Simon Josefsson, © 2003. • Software copyrighted by Thomas Jacob, © 2003-2004. • Software copyrighted by Advanced Software Engineering Limited, © 2004. • Software copyrighted by Todd C. Miller, © 1998. • Software copyrighted by The Regents of the University of California, © 1990, 1993, with code derived from software contributed to Berkeley by Chris Torek.
Issued November 2009 / VirusScan
®
Command Line software version 6.00.1
DBN-004-EN
Contents
1
2
3
4
5
Introducing VirusScan
Command Line 5
Installing VirusScan
®
Command Line 10
Using VirusScan Command Line 15
Removing Infections 37
Running additional virus-cleaning tasks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 40
Preventing Infections 41
3
VirusScan
®
Command Line 6.00.1 Product Guide
A Schema for the XML reports 43
Index 47
Contents
4
1
Introducing VirusScan
®
Command Line
VirusScan Command Line is a program that you can run from a command-line prompt.
It provides an alternative to scanners that use a graphical user interface (GUI). Both the scanners use the same scanning engine. This section describes:
Product features
When installed on your Microsoft Windows system, VirusScan
®
Command Line becomes an effective solution against viruses, Trojan-horse programs, and other types of potentially unwanted software.
VirusScan Command Line enables you to search for viruses in any directory or file in your computer on demand — in other words, at any time. VirusScan Command Line also features options that can alert you when the scanner detects a virus or that enable the scanner to take a variety of automatic actions.
When kept up-to-date with the latest virus definition (DAT) files, the scanner is an important part of your network security. We recommend that you set up a security policy for your network that incorporates as many protective measures as possible. The scanner acts as an interface to the powerful scanning engine — the engine common to all our security products.
5
VirusScan
®
Command Line 6.00.1 Product Guide Introducing VirusScan
®
Command Line
What’s new in this release
1
What’s new in this release
This release of VirusScan
®
Command Line includes the following new features or enhancements:
V2 DATs support — Supports the latest version of the anti-malware DAT files providing improved detection rates, smaller file downloads, and support for Engine component updates.
Multi-threaded scanning support — Supports scanning in multiple threads using the
/THREADS switch. This results in improved performance; particularly on multi-core systems.
XML reports — Supports the generation of XML reports using the /XMLPATH switch. This facilitates easier automatic processing of scan results.
Using this guide
This guide provides information on installing, configuring, and using your product. For system requirements, refer to the Release Notes. The following topics are included:
Introducing VirusScan® Command Line
.
An overview of the product, including a description of new or changed features; an overview of this guide; McAfee contact information.
Installing VirusScan® Command Line
.
The command options organized as functions and in alphabetic order.
.
Audience
This information is intended primarily for two audiences:
Network administrators who are responsible for their company’s anti-virus and security program.
Users who are responsible for updating virus definition (
DAT
) files on their workstations, or configuring the software’s detection options.
6
VirusScan
®
Command Line 6.00.1 Product Guide Introducing VirusScan
®
Command Line
Using this guide
1
Conventions
This guide uses the following conventions:
Bold
Condensed
All words from the interface, including options, menus, buttons, and dialog box names.
Example:
Type the
User
name and
Password
of the appropriate account.
Courier
The path of a folder or program; text that represents something the user types exactly (for example, a command at the system prompt).
Examples:
The default location for the program is:
C:\Program Files\McAfee\EPO\3.5.0
Run this command on the client computer: scan /help
Italic
Blue
For emphasis or when introducing a new term; for names of product documentation and topics (headings) within the material.
Example:
Refer to the VirusScan Enterprise Product Guide for more information.
A web address (
URL
) and/or a live link.
Example:
Visit the McAfee website at: http://www.mcafee.com
Note
Tip
Caution
Example:
In the console tree, right-click <
SERVER
>.
Note:
Supplemental information; for example, another method of executing the same command.
Tip:
Suggestions for best practices and recommendations from McAfee for threat prevention, performance and efficiency.
Caution:
Important advice to protect your computer system, enterprise, software installation, or data.
Warning
Warning:
Important advice to protect a user from bodily harm when using a hardware product.
7
VirusScan
®
Command Line 6.00.1 Product Guide Introducing VirusScan
®
Command Line
Getting product information
1
Getting product information
Unless otherwise noted, product documentation comes as Adobe Acrobat .PDF files, available on the product CD or from the McAfee download site.
Product Guide
— Product introduction and features, detailed instructions for installing and configuring the software, information on deployment, recurring tasks, and operating procedures.
Help
— Brief descriptions of the most common options, accessed from the software application.
Release Notes
— ReadMe. Product information, resolved issues, any known issues, and last-minute additions or changes to the product or its documentation. A text file is
included with the software application and on the product CD.
License Agreement
— The McAfee License Agreement booklet that includes all of the license types you can purchase for your product. The License Agreement presents general terms and conditions for use of the licensed product..
Contacts
— Contact information for McAfee services and resources: technical support, customer service, Security Headquarters (McAfee Labs), beta program, and training.
See
.
8
VirusScan
®
Command Line 6.00.1 Product Guide Introducing VirusScan
®
Command Line
Contact information
1
Contact information
Threat Center: McAfee Labs http://www.mcafee.com/us/threat_center/default.asp
McAfee Labs Threat Library http://vil.nai.com
McAfee Labs WebImmune & Submit a Sample (Logon credentials required) https://www.webimmune.net/default.asp
McAfee Labs DAT Notification Service http://vil.nai.com/vil/signup_DAT_notification.aspx
Download Site
http://www.mcafee.com/us/downloads/
Product Upgrades (Valid grant number required)
Security Updates (DATs, engine)
HotFix and Patch Releases
For Security Vulnerabilities (Available to the public)
For Products (ServicePortal account and valid grant number required)
Product Evaluation
McAfee Beta Program
Technical Support http://www.mcafee.com/us/support/
KnowledgeBase Search
https://kc.mcafee.com/
McAfee Technical Support ServicePortal (Logon credentials required) https://mysupport.mcafee.com/eservice_enu/start.swe
Customer Service
Web http://service.mcafee.com/ https://secure.nai.com/apps/support/customer_service/request_form.asp
Phone — US, Canada, and Latin America toll-free:
+1-888-VIRUS NO
or +1-888-847-8766 Monday – Friday, 8 a.m. – 8 p.m., Central Time
Professional Services
Enterprise: http://www.mcafee.com/us/enterprise/services/index.html
Small and Medium Business: http://www.mcafee.com/us/small/index.html
http://www.mcafee.com/us/medium/index.html
9
2
Installing VirusScan
®
Command Line
We distribute the VirusScan
®
Command Line software in two ways — on a CD, and as an archived file that you can download from our website or from other electronic services.
Review the
to verify that the software will run on your
system, then follow the installation steps.
Installation requirements
To install and run the software, you need the following:
An IBM-compatible personal computer with a Pentium or compatible processor.
100 M
B
of free hard disk space for a full installation.
For Microsoft Windows Vista, Windows 7, Windows 2008, and Windows 2008 R2 systems, a minimum of 512 M
B
RAM is required, 1024 M
B
is recommended.
For all other supported Microsoft Windows systems, a minimum of 128 M
B
RAM is required, 256 M
B
is recommended.
A CD drive, if you are not downloading the software from a website.
Other recommendations
To take full advantage of the regular updates to DAT files from our website, you need an Internet connection, either through your local area network, or via a high-speed modem and an Internet Service Provider.
10
VirusScan
®
Command Line 6.00.1 Product Guide Installing VirusScan
®
Command Line
Installing the software
2
Installing the software
If you suspect your computer is already infected, see
before you install the scanner.
1 Create a directory for the software on your hard disk. If you are using the command-line, you can use
MKDIR
.
2 Depending on the source of your command-line program files, do one of the following:
CD
Insert the CD into your CD drive, then copy the files from the CD to the directory that you created in
Files downloaded from a website
Download the file to the directory that you created in Step 1
, and decompress the zipped files into that directory.
Tip
We recommend that you use the -d option to extract command-line files and preserve their directory structure. Type CD to change to the directory to which you extracted the program files.
3 Add the directory you created in
PATH
environment variable.
11
VirusScan
®
Command Line 6.00.1 Product Guide Installing VirusScan
®
Command Line
Installing the software
2
Sample batch file
The following code is provided only as a suggestion, for you to use and modify to suit your own purposes. It has not been thoroughly tested. This sample batch file assumes that
SCAN and the DAT files are in the current directory. It enables the login to the
Netware server only if the scan finds no viruses on the workstation. All local drives are scanned, and the user cannot press
CTRL BREAK
to quit the scan.
@ECHO OFF
SCAN /ADL /SECURE /NOBREAK
IF ERRORLEVEL 102 GOTO ERR102
IF ERRORLEVEL 21 GOTO ERR21
IF ERRORLEVEL 20 GOTO ERR20
IF ERRORLEVEL 19 GOTO ERR19
IF ERRORLEVEL 15 GOTO ERR15
IF ERRORLEVEL 13 GOTO ERR13
IF ERRORLEVEL 10 GOTO ERR10
IF ERRORLEVEL 8 GOTO ERR8
IF ERRORLEVEL 6 GOTO ERR6
IF ERRORLEVEL 2 GOTO ERR2
IF ERRORLEVEL 0 GOTO ERR0
:ERR102
ECHO User exited.
GOTO EXIT
:ERR21
ECHO Clean on reboot. Please restart this PC to complete cleaning.
GOTO EXIT
:ERR20
ECHO Frequency error (Don't scan N hours after the previous scan).
GOTO EXIT
:ERR19
ECHO All cleaned.
GOTO EXIT
:ERR15
ECHO Self-integrity check failed
GOTO EXIT
:ERR13
ECHO Virus found!
GOTO EXIT
:ERR10
ECHO A virus was found in memory!
GOTO EXIT
:ERR8
ECHO DAT file not found.
GOTO EXIT
:ERR6
ECHO There has been a problem [not a virus] with scan.
GOTO EXIT
:ERR2
ECHO DAT file integrity check failed.
GOTO EXIT
:ERR0
ECHO Scan completed successfully. No viruses found.
LOGIN1.EXE %1 %2 %3
:EXIT
12
VirusScan
®
Command Line 6.00.1 Product Guide Installing VirusScan
®
Command Line
Testing your installation
2
Testing your installation
After it is installed, the program is ready to scan your computer for infected files. You can run a test to determine that the program is installed correctly and can properly scan for viruses. The test was developed by the European Institute of Computer Anti-virus
Research (EICAR), a coalition of anti-virus vendors, as a method of testing any anti-virus software installation.
Note
The program performs a standard digital signing check of the engine binary prior to execution. If the computer is not connected to the internet, this check might fail unexpectedly and display a warning.
To test your installation:
1 Open a standard MS-DOS or Windows text editor, then type the following character string as one line, with no spaces or line breaks:
X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*
Caution
The line shown above should appear as one line in your text editor window, so be sure to maximize your text editor window and delete any line breaks. Also, ensure to type the letter O, not the number 0, in the “X5O...” that begins the test message.
If you are reading this manual on your computer, you can copy the line directly from the
Acrobat PDF file and paste it into Notepad. You can also copy this text string directly from the “Testing your installation” section of the README.TXT file, which is in your scanner’s program directory. If you copy the line from either of these sources, be sure to delete any carriage returns or spaces.
2 Save the file with the name EICAR.COM. The file size will be 68 or 70 bytes.
3 Start your scanning software and allow it to scan the directory that contains
EICAR.COM. When the software examines this file, it reports Found EICAR test file NOT a virus.
Caution
This file is not a virus — it cannot spread or infect other files, or otherwise harm your computer. Delete the file when you have finished testing your installation to avoid alarming other users. Please note that products that operate through a graphical user interface do not return this same EICAR identification message.
Troubleshooting when scanning
The following table lists the most common error messages returned if the scan program fails when scanning. The table also suggests a likely reason for the error and recommends possible solutions.
Table 2-1 Program messages
Program message
Missing or invalid DAT files
The program has been altered; please replace with a good copy
Remedy
Re-install the DAT files.
Re-install from the original media; the program might be infected.
13
VirusScan
®
Command Line 6.00.1 Product Guide Installing VirusScan
®
Command Line
Removing the program
2
Removing the program
To remove the product from your system:
1 Change your command prompt to point to the directory that contains the VirusScan
®
Command Line files (as set up in Step 1 under
2 Delete all files in the directory.
Caution
Removing the software leaves your computer unprotected against virus attack.
Remove the product only when you are sure that you can upgrade quickly to a new version.
If you are an administrator, ensure that your users cannot accidentally remove their
VirusScan
®
Command Line software.
14
3
Using VirusScan Command Line
VirusScan Command Line is a program that you can run from a command prompt. If the scanner installation directory has been added to the
PATH
environment variable or is in the current directory, you can run a scan by typing
SCAN
at the command prompt
with the options you want. For a complete list of options, see page 24
.
You should scan any file that is new to your computer, especially any newly downloaded or installed files. If your computers are susceptible to infection, you should scan as often as once a day. The scanner operates with minimal use of system resources.
The following features offer optimum protection for your computer and network:
On-demand scanning options let you start a scan immediately or schedule automatic scans.
Advanced heuristic analysis detects previously unknown macro viruses and program viruses.
Updates to virus definition files and upgrades to program components ensure that the program has the most current scanning technology to deal with threats as they emerge.
Later sections in this guide describe each of these features in detail.
VirusScan Command Line also includes options for administrators that help to ensure that the scanner is being used most efficiently. For example, the
/FREQUENCY
option (on
page 26 ) sets a mandatory period between scans, which helps to minimize resources
when the network is most busy.
15
VirusScan
®
Command Line 6.00.1 Product Guide Using VirusScan Command Line
What can you scan?
3
What can you scan?
File types scanned by default.
The following file types and many other common file types that are susceptible to infection are scanned by default: .BIN, .COM, .DLL, .DOC, .DOT, .EXE, .HTM, .INI,
.OVL, .RTF, .SYS, .VBS, .VXD, .XLA, .XLS, and .XLT.
Archived and compressed files recognized by the scanner.
You can scan compressed and archive file formats which include .ARC, .ARJ, .CAB,
Diet, .GZIP, LZEXE, .LZH, PKLite, .RAR, .TAR, and .ZIP files.
The scanner detects and reports any infections found in any compressed or archive file. The scanner can also clean files in .ZIP archive format. If you have access to
Windows, you can clean certain infections from compressed files using VirusScan for Windows software.
to configure the scanner to handle
compressed files. These and other scanning options are described in the tables
to
Scanning diskettes
Diskettes pose a threat because many viruses infect computers when a computer
‘boots’ from an infected disk, or when users copy, run, or install programs or files that are infected. If you scan all new disks before first use, you can prevent new viruses entering any computer system.
Always scan all disks you use. Do not assume that disks received from friends, co-workers, and others are virus-free. Disks can also pose a threat even if they are not bootable. Therefore, we recommend that you check that your disk drives are empty before you turn on your computer. Then your computer will not pick up a boot-sector virus from an infected disk that was inadvertently left in a disk drive.
1 Using the
CD
command, change to the directory where the scanner was installed.
2 Type:
SCAN A: /MANY
3 Insert a disk into the A drive, and press E
NTER
.
The program scans the disk and displays the names of any infected files.
If the scanner detects a virus on this disk, it runs the command-line option that you chose for dealing with the virus. See
page 39 for details on removing viruses.
Note
4 Remove the scanned disk from the A drive.
for all disks that you need to scan.
16
VirusScan
®
Command Line 6.00.1 Product Guide Using VirusScan Command Line
Scanning files in remote storage
3
Scanning files in remote storage
Under some Microsoft Windows systems, files that are not in frequent use can be stored in a remote storage system, such as the Hierarchical Storage Management
(HSM) system. However, when the files are scanned using the
/DOHSM
option, those files become in use again. To prevent this effect, you can include the
/NORECALL
option.
In combination, these options request the stored file for scanning, but the file continues to reside in remote storage. The file is not transported back to local storage.
Scanning NTFS streams
Some known methods of file infection add the virus body at the beginning or the end of a host file. However, a stream virus exploits the NTFS multiple data streams feature in Windows NT and more recent Windows operating systems. In NTFS, users can create any number of data streams within the file — independent executable program modules, as well as various service streams such as file access rights, encryption data, and processing time.
Unfortunately, some streams might contain viruses. The scanner can detect a stream virus in one of two ways; you can specify the full stream name, or you can include
/STREAMS
and specify either no stream name, or a part of a stream name using the wildcard characters
?
and
*
.
The following table shows the effect of different commands on a stream called
FILE:STREAM
that contains a virus.
Table 3-1 Scanning streams
Command
SCAN /ALL /STREAMS FILE
SCAN /ALL FILE:STREAM
SCAN /ALL /STREAMS FILE:STREAM
SCAN /ALL FILE:STR*
SCAN /ALL /STREAMS FILE:STR*
SCAN /ALL FILE
Action
All streams were scanned.
The virus is detected.
The exact stream name was specified.
The virus is detected.
The exact stream name was specified.
The virus is detected.
An exact stream name was not specified.
The virus is not detected.
All streams beginning with “str” are scanned.
The virus is detected.
No streams were named.
The virus is not detected.
Scanning protected files
The scanner normally scans files such as other users’ profiles and recycle bins. To
prevent this type of scanning in Windows NT or later systems, use /NOBKSEM.
17
VirusScan
®
Command Line 6.00.1 Product Guide Using VirusScan Command Line
Using memory caches
3
Using memory caches
To increase the scanning speed, the scanner uses local memory caches. The behaviour of these caches can be controlled by the following switches:
/MEMSIZE
/AFC
MEMSIZE
Each file less than a specific size is completely loaded into memory before scanning.
Default maximum size is 1
MB
. This size can be adjusted using the /MEMSIZE switch that defines a maximum size in Kb.
For example, /MEMSIZE=2000 causes all files under 2
MB
to be loaded into memory for scanning.
AFC
When scanning files, the scanner places the contents into computer memory (or file
cache) before scanning them. This option allows you to vary the amount of cache that the scanner uses.
The cache is allocated “per file”, so the scanner uses a large amount of cache if there are many nested files. A larger cache size normally improves scanning speeds unless the computer has very low memory.
A range of cache sizes — 8
MB
to 512
MB
— is permitted. If you specify a value outside this range, the minimum or maximum value is assumed as appropriate. If you do not use this option, the scanner uses the default value of 12
MB
.
Scanning processes in memory
Viruses such as CodeRed do not exist as files on disk but rather as executable code in the memory space of an infected process. To protect against this threat, you can
option. The process is scanned in memory together with any files or DLLs associated with it.
When using the /WINMEM option, specify at least one file for scanning as well.
Note
Examples
SCAN EXAMPLE.EXE /WINMEM
Scans the file
EXAMPLE.EXE
and all processes running on the computer.
SCAN *.EXE /WINMEM
Scans all files with a “
.EXE
” file name extension in the current directory, and all processes running on the computer.
18
VirusScan
®
Command Line 6.00.1 Product Guide
SCAN *.* /WINMEM
Using VirusScan Command Line
Running an on-demand scan
3
Scans all files in the current directory and all processes running on the computer.
SCAN AA.EXE /WINMEM=1234
Scans the file,
AA.EXE
in the current directory and the specified process, 1234. The parameter is the process identifier or PID. If the process is not running, the scanner issues a message.
Running an on-demand scan
You can scan any file or directory on your file system from the command line by adding options to the basic command. When executed without options, the program simply displays a brief summary of its options. When executed with only a directory name specified, the program scans every file in that directory only, and issues a message if any infected files are found. The options fall into the following main groups:
Scanning options — determine how and where the scanner looks for infected
.
Response and notification options — determine how the scanner responds to infected files. See
Report options — determine how the scanner displays the results of the scan. See
.
General options — for such things as user help. See
Each group of options appears in its own table with a description of its function. See
Command-line conventions
Use the following conventions to add options to the command line:
Separate each option with spaces.
Do not use any option more than once on the command line.
Follow the syntax correctly.
To start the program, at the command prompt, type:
SCAN
(This example assumes that the scanner is available in your search path.)
To have the program examine a specific file or list of files, add the target directories or files to the command line after
SCAN
. You can limit your scan by excluding certain files from scans with the
/EXCLUDE
for details.
General hints and tips
The following examples assume that the scanner is available in your search path.
19
VirusScan
®
Command Line 6.00.1 Product Guide Using VirusScan Command Line
Configuring scans
3
To display a list of all the options, each with a short description of their features, type the command:
SCAN /HELP
To display a list of all the viruses that the program detects, type the command:
SCAN /VIRLIST
To display information about the version of the program, type the command:
SCAN /VERSION
To run a full scan on all drives, type the command:
SCAN /AD
To run a full scan on the network drives, type the command:
SCAN /ADN
To ensure maximum protection from virus attack, you must regularly update your DAT
Configuring scans
Instead of running each scan with all its options directly from the command line, you can keep the options in a separate text file, known as a task file. In the file, you can specify the actions that the scanner must take when a virus is detected. This allows you to run complete scans with ease, and at any time; you need only specify the files or directories that you want to scan.
To configure a scan:
1 Choose the command options that you want to use.
on page 24 for a description of available options.
2 Type the command options into a text editor just as you might on the command line.
3 Save the text as a file.
4 Type the following at the command prompt:
SCAN /LOAD
<FILENAME> <TARGET>
Here, <
FILENAME>
is the name of the text file you created in steps Step 2
and
, and <
TARGET>
is the file or directory you want to scan.
If the scanner detects no virus infections, it displays no output.
To learn how to specify the options, see
The following examples show how you can configure scans using task files. The examples assume the scanner is available in the search path.
Example 1
To scan files in the
C:\WINDOWS
directory according to the settings you stored in the task file
C:\TASKS\CONFIG1.TXT
, type the command:
20
VirusScan
®
Command Line 6.00.1 Product Guide Using VirusScan Command Line
Creating a list of infected files
3
SCAN /LOAD C:\TASKS\CONFIG1.TXT C:\WINDOWS
The contents of the file
C:\TASKS\CONFIG1.TXT
are:
/MOVE C:\VIRUSES /NOCOMP /MAXFILESIZE 4
They instruct the scanner to move any infected files to
C:\VIRUSES
, to ignore compressed executables created with LZEXE or PkLite, and to examine only files smaller than 4
MB
.
As an alternative, you can arrange the contents of the task file as single lines:
/MOVE C:\VIRUSES
/NOCOMP
/MAXFILESIZE 4
Example 2
To scan only files smaller than 4
MB
and to ignore compressed executables created with
LZEXE or PkLite in three separate directories, type the command:
SCAN /LOAD C:\TASKS\CONFIG2.TXT /CHECKLIST C:\CHECKS\CHECK1.TXT
The contents of the task file
C:\TASKS\CONFIG2.TXT
are:
/NOCOMP
/MAXFILESIZE 4
The contents of the checklist file
C:\CHECKS\CHECK1.TXT
are:
C:\WINDOWS
C:\BIN
C:\PERL
Creating a list of infected files
Although a summary report can be useful, you can also create a simple list that contains only the names of the infected files. You can create and control this list using the options,
/BADLIST
,
/APPENDBAD
, and
/CHECKLIST
.
For example, the following command scans the directory
DIR1
and all its subdirectories, and produces information on-screen:
SCAN C:\DIR1\*.* /SUB
To produce a simple list of infected files, you can add the
/BADLIST
option:
SCAN C:\DIR1\*.* /SUB /BADLIST BAD1.TXT
The contents of
BAD1.TXT
might look like this list:
C:\DIR1\GAMES\HOTGAME.EXE ... Found Acid.674 virus!
C:\DIR1\SCANTEST\VTEST.COM ... Found: EICAR test file NOT a virus.
You can add to the list of infected files by using the
/APPENDBAD
option. For example, the following command scans the directory
DIR2
, and any infected files found here are added to the existing list:
SCAN C:\DIR2\*.* /SUB /BADLIST BAD1.TXT /APPENDBAD
21
VirusScan
®
Command Line 6.00.1 Product Guide Using VirusScan Command Line
Using heuristic analysis
3
Then, the contents of
BAD1.TXT
might look like this:
C:\DIR1\GAMES\HOTGAME.EXE ... Found Acid.674 virus!
C:\DIR1\SCANTEST\VTEST.COM ... Found: EICAR test file NOT a virus.
C:\DIR2\PRICES.DOC ... Found: virus or variant W97M/Concept!
C:\DIR2\COSTS\MAY2005.DOC ... Found the W97M/Ethan virus!
Using the
/CHECKLIST
option, you can refer to that list, and scan the same files again later:
SCAN /CHECKLIST BAD1.TXT
Using heuristic analysis
A scanner uses two techniques to detect viruses — signature matching and heuristic analysis.
A virus signature is simply a binary pattern that is found in a virus-infected file. Using information in the DAT files, the scanner searches for those patterns. However, this approach cannot detect a new virus because its signature is not yet known, therefore the scanner uses another technique — heuristic analysis.
Programs, documents or e-mail messages that carry a virus often have distinctive features. They might attempt unprompted modification of files, invoke mail clients, or use other means to replicate themselves. The scanner analyzes the program code to detect these kinds of computer instructions. The scanner also searches for
“legitimate,” non-virus-like behavior, such as prompting the user before taking action, and thereby avoids raising false alarms.
In an attempt to avoid detection, some viruses are encrypted. Each computer instruction is simply a binary number, but the computer does not use all the possible numbers. By searching for unexpected numbers inside a program file, the scanner can detect an encrypted virus. By using these techniques, the scanner can detect both known viruses and many new viruses and variants. Options that use heuristic analysis
,
,
Producing reports
The scanner can report its results in a log file that you create and name. In this example, the scanner creates its report in a log file called
WEEK40.TXT
, which appears in your current working directory.
To create a report:
1 If you do not already have the VirusScan installation directory included in your
PATH environment variable, change the current directory to where you installed your
VirusScan program files.
2 At the command prompt, type:
SCAN /ADN /REPORT WEEK40.TXT
22
VirusScan
®
Command Line 6.00.1 Product Guide Using VirusScan Command Line
Producing reports
3
The scanner scans all network drives and generates a text file of the results. The contents of the report are identical to the text you see on-screen as the scanner is running.
3 To create a running report of the scanner’s actions, use the
any results of the scan to a file. At the command prompt, type:
SCAN /ADN /APPEND /REPORT WEEKLY.TXT
The scanner scans all network drives, and appends the results of the scan to the existing file,
WEEKLY.TXT
.
XML reports
You can generate an XML format report using the /XMLPATH switch. For example, run the following command from the install directory: scan . /XMLPATH=report.xml /RPTALL
This will generate a file called
report.xml
with the following content.
<?xml version="1.0" encoding="utf-8"?>
<!-- Scan Results -->
<Scan>
<Preamble>
<Product_name value="McAfee VirusScan Command Line for Win32" />
<Version value="6.0.0.162" />
<AV_Engine_version value="5301.4018" />
<Dat_set_version value="5594" />
</Preamble>
<Date_Time value="2009-Jun-19 14:26:18" />
<Options value=". /xmlpath=report.xml /rptall " />
<File name="D:\vcl\avvclean.dat" status="ok" />
<File name="D:\vcl\avvnames.dat" status="ok" />
<File name="D:\vcl\avvscan.dat" status="ok" />
<File name="D:\vcl\config.dat" status="ok" />
<File name="D:\vcl\mc5300up.001" status="ok" />
<File name="D:\vcl\mcscan32.dll" status="ok" />
<File name="D:\vcl\report.xml" status="ok" />
<File name="D:\vcl\runtime.dat" status="ok" />
<File name="D:\vcl\scan.exe" status="ok" />
<File name="D:\vcl\vcl6wpg.pdf" status="ok" />
<summary On-Path="D:\vcl" Total-files="14" Clean="10" Not-Scanned="4"
Possibly-Infected="0" />
<Time value="00:00.01" />
</Scan>
23
VirusScan
®
Command Line 6.00.1 Product Guide Using VirusScan Command Line
Choosing the options
3
for information on the formal schema for
XML reports.
Choosing the options
The following sections describe the options that you can use to target your scans:
Response and notification options
.
The options are also listed alphabetically with brief descriptions on
In the descriptions, variables such as file names or path appear in chevrons (< >). To
learn how to add these to the command line, see
Scanning options
Scanning options describe how and where each scan looks for infected files. You can use a combination of these options to customize the scan to suit your needs.
Caution
To configure a scan, you must specify a target location for the scan, such as C:\, A:\,
/ADL
, /ADN.
The /ALL option overrides the /NODOC option, such that all files are scanned, but
Microsoft Office files are not scanned for macros.
Table 3-2 Scanning options
Option
/AD
/ADL
Limitations
None.
None.
/ADN
/AFC=<SIZE>
/ALL
None.
See note on
.
Description
Scan all local drives, including compressed and PC drives, in addition to any other drives specified on the command line.
Do not scan removable media.
Scan all network drives, in addition to any other drives specified on the command line.
Specify the size of the file cache.
By default, the cache size is 12
MB
. A larger cache size can improve scanning performance in some cases, unless the computer has low memory. The range of sizes allowed is
8
MB
to 512
MB
. Specify the size in megabytes. For example, to specify a 64
MB
cache, use /AFC=64.
Scan all files regardless of extension.
By default, only executable files are scanned. Using this option substantially increases the scanning time. Use it only if you find a virus or suspect you have one.
24
VirusScan
®
Command Line 6.00.1 Product Guide Using VirusScan Command Line
Choosing the options
3
Table 3-2 Scanning options
(continued)
Option
/ALLDRIVES
/ALLOLE
/ANALYZE
/ANALYSE
/APPENDBAD
/BADLIST <FILENAME>
/BOOT
/CHECKLIST <FILENAME>
/DOHSM
/DRIVER
/EXCLUDE <FILENAME>
/EXTENSIONS
/EXTRA <FILENAME>
Limitations
None.
None.
Use with
/BADLIST
.
None.
Description
Scan all drives. Scan all network drives and local drives, but not removable drives; these include disk drives, CD drives, and Zip drives.
This is a combination of /ADN and /ADL.
Check every file for OLE objects.
Use heuristic analysis to find possible new viruses in
“clean” files.
This step occurs after the program has checked the file for
other viruses and potentially unwanted software. See
For macro viruses only, use /MANALYZE. For program
Append names of infected files to an existing file, as specified by /BADLIST.
Creating a list of infected files
.
Create a list of infected files.
Creating a list of infected files
.
Scan boot sector and master boot record only. Do not use with
None.
On Windows NT and later versions only.
None.
None.
None
None.
Scan the files listed in the specified file.
Creating a list of infected files
.
Scan files that are offline.
These are files that Hierarchical Storage Management
(HSM) has archived because they have not been accessed
for some time. See also /NORECALL and
Scanning files in remote storage
.
Specify the location of the DAT files: AVVSCAN.DAT,
AVVNAMES.DAT
, and AVVCLEAN.DAT.
If you do not specify this option in the command line, the program looks in the same directory from where it is executed. If it cannot find these data files, it issues exit code 6.
Exclude the directories or files from the scan as specified in
<
FILENAME
>
.
List the complete path to each directory or file on its own line. You may use wildcards, * and ?.
Scan defaults and user extension list.
Specify the location on any EXTRA.DAT file.
An EXTRA.DAT is a small, supplemental virus-definition file that is released between regular DAT updates.
If you do not use this option in the command line, the program looks in the same directory from where it was executed.
If it cannot find this file, the program issues exit code 6.
25
VirusScan
®
Command Line 6.00.1 Product Guide Using VirusScan Command Line
Choosing the options
3
Table 3-2 Scanning options
(continued)
Option
/FAM
/FREQUENCY
<HOURS>
/LOAD
<FILENAME>
/MAILBOX
/MANALYZE
/MANALYSE
/MANY
/MAXFILESIZE <SIZE>
/MEMSIZE
/MIME
Limitations
None.
None.
None.
Use with /MIME
None.
None.
None
None.
Description
Find all macros, not just macros suspected of being infected.
The scanner treats any macro as a possible virus and reports that the file “contains one or more macros.”
However, the macros are not removed.
If you suspect a file is infected, you can remove all macros from the file using the /FAM and /DAM options together, although this should be used with caution. For example:
SCAN <FILENAME> /FAM /DAM
Do not scan before the specified number of hours after the previous scan.
In environments where the risk of virus infection is very low, this option prevents unnecessary scans.
Remember, frequent scanning provides greater protection against viruses.
Load scanning options from the named file, or scanning profile.
You can call scanning profiles from any local directory.
You can use this option to perform a scan you have already configured by loading custom settings already saved in an
ASCII-formatted file. See also
.
Scan plain-text mailboxes.
These include Eudora, PINE, and Netscape. Most mailboxes will be in MIME format, and therefore the /MIME option is also required.
This option detects, but does not rename or clean mail items. The item must be extracted and cleaned separately.
Use heuristics analysis to identify potential macro viruses.
(In Microsoft Word, you can automate a task by using a
macro - a group of Word commands that run as a single command.)
This option is a subset of /ANALYZE. See
for more information.
Scan multiple disks consecutively in a single drive.
The program prompts you for each disk. You can use this option to check several disks quickly. If one disk is found to be infected, the scanning stops.
You cannot use this option if you run the scanner from a boot disk and you have only one disk drive. This option is applicable to floppy disks and LS120 media diskettes only.
.
Examine only those files that are smaller than the specified size.
Specify the file size in megabytes. For example,
/MAXFILESIZE 5 means scan only files that are smaller than 5
MB
.
Manage local memory caches used by the scanner to increase the scanning speed.
Scan MIME-encoded files.
This type of file is not scanned by default.
26
VirusScan
®
Command Line 6.00.1 Product Guide Using VirusScan Command Line
Choosing the options
3
Table 3-2 Scanning options
(continued)
Option
/NOBKSEM
/NOBOOT
/NOBREAK
/NOCOMP
/NOD
/NODDA
/NODECRYPT
/NODOC
/NOEXPIRE
/NOJOKES
/NOMEM
/NOSCRIPT
/PANALYZE
/PANALYSE
Limitations
Windows NT and later versions only.
None.
None.
None.
Use with
None.
None.
Do not use
None.
See note on
None.
None.
Description
Prevent scanning of files that are normally protected.
Such files can normally be accessed by the operating system’s FILE_FLAG_BACKUP_SEMANTICS flag.
See
Do not scan the boot sector.
Disable C
TRL
-C and C
TRL
-B
REAK
during scans.
Users cannot halt scans in progress if this option is set.
Do not check compressed executables created with the
LZEXE or PkLite file-compression programs.
This reduces scanning time when a full scan is not needed.
Otherwise, by default, the scanner checks inside executable, or self-decompressing files by decompressing each file in memory and checking for viruses.
Scan only the susceptible file types.
By default, /CLEAN scans and tries to clean viruses in all file types. When you include the /NOD option, the scanning and cleaning are limited to the susceptible file types only, as
recognized by their file extensions. See
File types scanned by default.
.
Do not access disk directly. This prevents the scanner from accessing the boot record.
You might need to use this option on some device- driven drives.
Do not decrypt Microsoft Office compound documents that are password-protected.
By default, macros inside password-protected compound documents are scanned by employing “password cracking” techniques. If, for reasons of security, you do not require these techniques, use this option. Password cracking does not render the file readable.
Do not scan document files.
This includes Microsoft Office documents, OLE2,
PowerPoint, CorelDraw, WordPerfect, RTF, Visio, Autodesk
Autocad 2000, Adobe PDF 5, and Corel PhotoPaint 9 files.
Disable the “expiration date” message if the scanner’s DAT files are out of date.
For more details, see
.
Do not report any joke programs.
Do not scan memory for viruses.
Use this option only when you are certain that your computer is virus-free.
Do not scan files that contain HTML, JavaScript, Visual
Basic, or Script Component Type Libraries.
This type of file is normally scanned by default. Stand-alone
JavaScript and Visual Basic Script files will still be scanned.
Use heuristic analysis to identify potential new program viruses.
By default, the program scans only for known viruses. This
option is a subset of /ANALYZE. See also
.
27
VirusScan
®
Command Line 6.00.1 Product Guide Using VirusScan Command Line
Choosing the options
3
Table 3-2 Scanning options
(continued)
Option
/PROGRAM
/SECURE
/SHOWCOMP
/STREAMS
/SUB
Limitations
None.
None.
None.
NTFS only, run from within
Windows NT and later versions.
None.
Description
Scan for potentially unwanted applications.
Some widely available applications such as “password crackers” can be used maliciously or can pose a security threat.
Examine all files, decompress archive files, and use heuristic analysis.
This option activates the /ANALYZE, and /UNZIP options.
Report any files that are packaged.
Scan all streams within a file if it is in an NTFS partition.
/TIMEOUT
<SECONDS>
/THREADS <nThreads>
/UNZIP
/WINMEM
/WINMEM=
<PID>
/XMLPATH <filename>
None.
None
None.
Specify at least one file for scanning.
None
Scan any subdirectories inside a directory.
By default, when you specify a directory to scan rather than a drive, the scanner examines only the files it contains, not its subdirectories.
Use this option to scan all subdirectories within the specified directories. This option is not necessary if you specify an entire drive as a target.
Set the maximum time to scan any one file.
Scan multithreaded with specified number of threads.
Scan inside archive files, such as those saved in ZIP, LHA,
PKarc, ARJ, WinACE, CAB, and CHM formats.
If used with /CLEAN, this option attempts to clean
non-compressed files inside ZIP files only. No other archive formats can be cleaned.
The program cannot clean infected files found within any other archive format; you must first extract them manually from the archive file.
Scan inside running processes.
Scan the specified process from its memory image. See
.
Create XML report.
28
VirusScan
®
Command Line 6.00.1 Product Guide Using VirusScan Command Line
Choosing the options
3
Response and notification options
The response and notification options determine how the scanner responds to an infection. You can use a combination of these options to customize the scan. None of the options in the following table occur automatically. To activate each option, specify it in the command line.
Table 3-3 Response and notification options
Option
/CLEAN
Limitations
None.
/CONTACTFILE <FILENAME>
/DAM
/DEL
/MOVE <DIR>
None.
None.
None.
None.
Description
Automatically remove any infections.
By default, the program states only that infections were found but does not try to clean the infected files. If the program cannot clean the file, it displays a warning message.
If you use this option, repeat the scan to ensure that there are
If the scanner detects a virus
for more information.
Display the contents of the specified file when a virus is found.
This enables you to provide contact information and instructions to the user when a virus is encountered.
This option is especially useful for networks, because you can maintain the message text in a central file, rather than on each workstation.
Any character is valid in a contact message except a backslash (\). Messages beginning with a slash (/)or a hyphen
(-) must be placed in quotation marks.
Delete all macros in a file if an infected macro is found.
If you suspect you have an infection in your file, you can choose to remove all macros from the file to prevent any exposure to a virus.
To pre-emptively delete all macros in a file, use this option with /FAM, although this should be used with caution. If you use these two options together, all found macros are deleted, regardless of the presence of an infection.
Delete infected
.COM
and
.EXE
files.
This option does not delete infected items within Microsoft
Word documents or archives. If the scanner detects infected files within an archive, it does not delete the files within the archive, nor does it delete the archive itself.
We recommend that you use the /CLEAN option to protect
against viruses that infect file types other than
.COM
or
.EXE
.
See
If the scanner detects a virus
information.
Move any infected files to a quarantine location as specified.
When the program moves an infected file, it replicates the full directory path for the infected file inside the quarantine directory, so that you can determine the original location of the infected file.
This option has no effect if the Master Boot Record or boot sector is infected, because these are not files.
See
If the scanner detects a virus
information.
29
VirusScan
®
Command Line 6.00.1 Product Guide Using VirusScan Command Line
Choosing the options
3
Table 3-3 Response and notification options
(continued)
Option
/NORENAME
/PAUSE
/PLAD
Limitations
None.
Do not use with report options.
On NetWare volumes only.
Description
Do not rename an infected file that cannot be cleaned.
For information about renaming, see
.
See
If the scanner detects a virus
information.
Enable a screen pause.
When the screen is full of messages, the prompt “Press any key to continue” appears. Otherwise, by default, the screen fills and scrolls continuously without stopping.
This allows the scanner to run without stopping on computers with multiple drives or that have severe infections.
We recommend that you do not use this option with the
report options, /REPORT, /RPTALL, /RPTCOR, and /RPTERR.
Preserve the last-accessed time and date for files that are scanned.
Some software (such as used for creating backups or archives) relies on a file’s last-accessed time and date to work correctly. If you set this option, the scanner resets that time and date to their original values after scanning the file.
30
VirusScan
®
Command Line 6.00.1 Product Guide Using VirusScan Command Line
Choosing the options
3
Report options
By default, the results of a scan appear on-screen. The following table lists the options for displaying the results elsewhere. To capture a scanner report to a text file, use
/REPORT
with any additional options as needed. For examples, see
.
Table 3-4 Report options
Option
/APPEND
/HTML <FILENAME>
/LOUD
Limitations
Use this option with /REPORT.
None.
None
/REPORT <FILENAME>
/RPTALL
Do not use with /PAUSE.
Description
Add any results of the scan to a file.
Create a file containing the results in HTML format.
Display a progress summary during the scan.
Note that this option can produce a large amount of information.
Create a report of infected files and system errors, and save the data to the specified file in ASCII text file format.
If that file already exists, /REPORT overwrites it. To avoid
overwriting, use the /APPEND option with /REPORT. The
scanner then adds report information to the end of the file, instead of overwriting it.
You can also use /RPTALL, /RPTCOR and /RPTERR to add more information to the report.
You can include the destination drive and directory (such as
D:\VSREPRT\ALL.TXT
), but if the destination is a network drive, you must have rights to create and delete files on that drive.
You may find it helpful to add a list of scanning options to the report files. To do this, type at the command prompt:
SCAN /HELP /APPEND /REPORT <FILENAME>
We recommend you do not use /PAUSE when using any report option.
Include the names of all scanned files in the report file.
/RPTCOR
/RPTERR
Use with
/REPORT
.
Use with
/REPORT
.
Use with
/REPORT
.
Include a list of corrupted files in the report file.
/VIRLIST
/XMLPATH <filename>
None.
None
Include system errors in the report file.
System errors can include problems reading or writing to a disk or hard disk, file system or network problems, problems creating reports, and other system-related problems.
Display the name of each virus that the scanner can detect.
This option produces a long list, which is best viewed from a text file. To do this, type:
SCAN /VIRLIST /REPORT <FILENAME.TXT>
For full details about each virus, see the Virus Information
Library (see
Create XML report.
31
VirusScan
®
Command Line 6.00.1 Product Guide Using VirusScan Command Line
Choosing the options
3
General options
General options provide help or give extra information about the scan. You may use a
combination of these options to customize the scan. None of the options in Table 3-5
occur automatically. To activate each option, specify it as part of the command line.
Table 3-5 General options
/?
/DECOMPRESS
/EXTLIST
/FDC
/HELP
/NORECALL
/SILENT
None Display a list of command-line options, each with a brief description.
You can add a list of scanning options to a report file. To do this, type at the command prompt:
SCAN /? /REPORT <FILENAME>
The report is appended with the full set of options available for that task.
Decompress DAT files after an update.
None
None
None
None.
Display names of file extensions that are scanned by default.
Stop on failed digital signing check.
Do not move files from remote storage into local storage after scanning. See also
Scanning files in remote storage
.
None. Do not display any information on-screen.
32
VirusScan
®
Command Line 6.00.1 Product Guide Using VirusScan Command Line
Choosing the options
3
Options in alphabetic order
For convenience, the options are repeated in this section alphabetically with a brief description. For full descriptions, see the previous sections.
Table 3-6 Alphabetic list of options
Option Description
Display a list of command-line options, each with a brief description.
Scan all network drives, in addition to any other drives specified on the command line.
/ANALYSE
Specify the size of the file cache.
Scan all files regardless of extension.
Check every file for OLE objects.
Use heuristic analysis to find possible new viruses in “clean” files.
Add any results of the scan to a file.
Append names of infected files to an existing file, as specified by
Create a list of infected files.
Scan boot sector and master boot record only.
Scan the files listed in the specified file.
Automatically remove any infections.
Display the contents of the specified file when a virus is found.
Delete all macros in a file if an infected macro is found.
Delete infected .COM and .EXE files.
Specify the location of the DAT files: AVVSCAN.DAT,
AVVNAMES.DAT, and AVVCLEAN.DAT.
Exclude the directories or files from the scan as specified in
Scan defaults and user extension list.
Display names of file extensions that are scanned by default.
Specify the location on any EXTRA.DAT file.
Find all macros, not just macros suspected of being infected.
Do not scan before the specified number of hours after the previous scan.
Create a file containing the results in HTML format.
Load scanning options from the named file, or scanning profile.
Display a progress summary during the scan.
page 24 page 24 page 24 page 24 page 24
page 25 page 25 page 25 page 25
page 25 page 25 page 25 page 25
page 29 page 29 page 29 page 29
page 25 page 25 page 25 page 25
33
VirusScan
®
Command Line 6.00.1 Product Guide Using VirusScan Command Line
Choosing the options
3
Table 3-6 Alphabetic list of options
(continued)
Option Description
/MANALYSE
/MEMSIZE
Use heuristics analysis to identify potential macro viruses. page 26 page 26
Scan multiple disks consecutively in a single drive. page 26
Examine only those files that are smaller than the specified size. page 26
Manage local memory caches used by the scanner to increase the scanning speed.
Move any infected files to a quarantine location as specified.
Prevent scanning of files that are normally protected.
/PANALYSE
Disable Ctrl-C and Ctrl-Break during scans.
Do not check compressed executables created with the LZEXE or
PkLite file-compression programs.
Scan only the susceptible file types. page 27 page 27
Do not access disk directly. This prevents the scanner from accessing the boot record.
Do not decrypt Microsoft Office compound documents that are password-protected.
Do not scan document files. page 27 page 27 page 27
Disable the “expiration date” message if the scanner’s DAT files are out of date.
Do not report any joke programs.
Do not scan memory for viruses. page 27 page 27 page 27 page 27
Do not rename an infected file that cannot be cleaned.
Do not scan files that contain HTML, JavaScript, Visual Basic, or
Script Component Type Libraries.
Use heuristic analysis to identify potential new program viruses. page 27
Preserve the last-accessed time and date for files that are scanned.
Scan for potentially unwanted applications.
Include the names of all scanned files in the report file.
Include a list of corrupted files in the report file.
Include system errors in the report file.
Examine all files, decompress archive files, and use heuristic analysis.
/THREADS <nThreads>>
Report any files that are packaged.
Do not display any information on-screen.
Scan all streams within a file if it is in an NTFS partition.
Scan any subdirectories inside a directory.
Scan multithreaded with specified number of threads.
Set the maximum time to scan any one file. page 28
page 28 page 28 page 28 page 28
34
VirusScan
®
Command Line 6.00.1 Product Guide Using VirusScan Command Line
Error levels
3
Table 3-6 Alphabetic list of options
(continued)
Option Description
Scan inside archive files, such as those saved in ZIP, LHA, PKarc,
ARJ, WinACE, CAB, and CHM formats.
/XMLPATH <filename>
Display the name of each virus that the scanner can detect.
Scan inside running processes.
Create XML report.
Error levels
When you run the on-demand scanner in the MS-DOS environment, an error level is set. You can use the
ERRORLEVEL
value in batch files to take actions based on the results of the scan. See your MS-DOS operating-system documentation for more information.
The on-demand scanner can return the following error levels:
2
6
8
10
12
13
Table 3-7 Error Levels
Error
Level
0
Description
15
19
20
21
The scanner found no viruses or other potentially unwanted software, and returned no errors.
Integrity check on DAT file failed.
A general problem occurred.
The scanner was unable to find a DAT file.
A virus was found in memory.
The scanner tried to clean a file, the attempt failed, and the file is still infected.
The scanner found one or more viruses or hostile objects — such as a
Trojan-horse program, joke program, or test file.
The scanner’s self-check failed; the scanner may be infected or damaged.
The scanner succeeded in cleaning all infected files.
Scanning was prevented because of the /FREQUENCY option.
See
Computer requires a reboot to clean the infection.
Handling error messages
You can often correct the message,
Invalid switch or incorrect usage
by checking
Where an option has a parameter, insert only one space between them. For example, the following commands are intended to scan all directories on the C disk, and list any infected files in the file named
BADLIST.TXT
. The first two commands are valid, but the third command gives an error message because it has more than one space between the
/BADLIST
option and its parameter,
BADLIST.TXT
.
SCAN C:\ /SUB /BADLIST BADLIST.TXT
SCAN C:\ /SUB /BADLIST BADLIST.TXT
35
VirusScan
®
Command Line 6.00.1 Product Guide
SCAN C:\ /SUB /BADLIST BADLIST.TXT
Using VirusScan Command Line
Handling error messages
3
36
4
Removing Infections
Although they are not harmless, most viruses that infect your computer do not destroy data, play pranks, or render your computer unusable. Even the rare viruses that carry a destructive payload usually produce their nasty effects in response to a trigger event.
In most cases, unless you know that a payload has activated, you have time to deal with the infection properly. However, this unwanted computer code can interfere with your computer’s normal operation, consume system resources and have other undesirable effects, so take viruses seriously and remove them when you encounter them.
Unusual computer behavior, unexplained crashes, or other unpredictable events might not be caused by a virus. If you believe you have a virus on your computer because of occurrences such as these, a scan might not produce the results you expect, but it helps eliminate one potential cause of your computer problems.
To clean your computer
If your computer has a virus or you suspect it has, and you have not yet installed the on-demand scanner, follow these steps:
1 Isolate your infected computer from any network that it uses.
2 Download and unzip up-to-date anti-virus software and DAT files onto another computer and create a CD.
3 Create a directory for the software on the hard disk of the infected computer.
4 Insert the CD into your CD drive, then copy the files from the CD to the directory
.
5 Add the directory to the
PATH
statement in your
AUTOEXEC.BAT
file or use the
System
Properties
window.
6 At the command prompt, type the following to thoroughly scan the computer:
SCAN /ADL /ALL /CLEAN /WINMEM /PROGRAM
7 Shut down your computer and boot it into Safe Mode.
8 Scan your disks again immediately after the boot. At the command prompt, type:
SCAN /ADL /ALL /CLEAN /WINMEM /PROGRAM
This step is necessary because some infections can affect other files but this will not be apparent until the computer has booted.
37
VirusScan
®
Command Line 6.00.1 Product Guide Removing Infections
4
9 If necessary, repeat Step 7 and Step 8
to ensure that all effects of the original infection are removed.
10 If you cannot remove all effects of the original infection, refer to the Virus
Information Library for more information about manually removing an infection. For any further assistance, refer to the McAfee Labs Home Page. See the addresses in
.
If the infections were removed:
Shut down your computer and remove the CD. Reconnect to the network, and begin the installation procedure described on
To find and remove the possible source of infection, scan your diskettes
immediately after installation. For information, see
If infections were not removed:
If the scanner cannot remove an infection, you see one of the following messages:
Virus could not be removed.
There is no remover currently available for the virus.
In this case, refer to the Virus Information Library. See
on page 9 for more information about manually removing an infection.
If the virus still cannot be removed, refer to the McAfee Labs Home Page for information about manually removing infections. See
38
VirusScan
®
Command Line 6.00.1 Product Guide Removing Infections
If the scanner detects a virus
4
If the scanner detects a virus
Viruses attack computer systems by infecting files — usually executable program files or macros inside documents and templates. The scanner can safely remove most common viruses from infected files.
However, some viruses are designed to damage your files. The scanner can move these irreparably damaged or corrupted files to a quarantine directory or delete them permanently to prevent further infection.
If the scanner cannot clean an infected file, it renames the file to prevent its use. When a file is renamed, only the file extension (typically three letters) is changed. The following table shows the methods of renaming.
Table 4-1 Renaming infected files
Original Renamed Description
Not V??
V??
File extensions that do not start with v are renamed with v as the initial letter of the file extension. For example,
MYFILE.DOC
becomes MYFILE.VOC.
V??
VIR File extensions that start with v are renamed as
.
example, MYFILE.VBs becomes MYFILE.VIR.
VIR
. For
VIR
,
V01
-V99
<blank>
VIR
These files are recognized as already infected, and are not renamed again.
Files with no extensions are given the extension,
.
VIR
.
For example, if an infected file called
BAD.COM
is found, the scanner attempts to rename the file to
BAD.VOM
. However, if a file of that name already exists in the directory, the scanner attempts to rename the file to
BAD.VIR
,
BAD.V01
, or
BAD.V02
, and so on.
For file extensions with more than three letters, the name is usually not truncated. For example,
NOTEPAD.CLASS
becomes
NOTEPAD.VLASS
. However, an infected file called
WATER.VAPOR
becomes
WATER.VIR
.
Removing a virus found in a file
If the scanner detects a virus in a file, it displays the path names of infected files and takes the action you specified. For example:
If you selected
/MOVE
, the scanner automatically moves the infected files to the specified quarantine directory.
If you selected
/CLEAN
, the scanner attempts to clean the file.
If you selected
/DEL
and this is an
.EXE
or
.COM
file, the scanner deletes the infected file.
If you selected
/NORENAME
, the scanner does not rename the infected file.
39
VirusScan
®
Command Line 6.00.1 Product Guide Removing Infections
If the scanner detects a virus
4
Caution
Take care if you are using more than one of these options in combination. For example, if you specify /MOVE and /CLEAN together, the scanner creates a copy of an infected file in the specified quarantine directory before attempting to clean the file. If you want to keep an infected copy for investigation, this is useful, but if you intend only to remove any virus that might be present on the computer, it is more beneficial and more secure to use /CLEAN on its own. Generally speaking, simply specifying more command-line options does not necessarily increase the benefit of the scanning.
Running additional virus-cleaning tasks
These tasks include:
Cleaning macro viruses from password-protected files
Cleaning Windows NT hard disks
Cleaning macro viruses from password-protected files
The scanner respects users’ passwords and usually leaves them intact. For example, in some password-protected Microsoft Excel files, the scanner removes macro viruses without disturbing users’ passwords.
However, macro viruses that infect Microsoft Word files sometimes plant their own passwords. Depending on the capabilities of the virus, the scanner takes one of the following actions when trying to clean a password-protected file:
If the macro virus can plant its own password:
The scanner cleans the file, removes the planted password, and removes the virus.
If the macro virus cannot plant its own password:
The scanner notes the infection but does not remove the password.
Cleaning Windows NT hard disks
To clean the Master Boot Record (MBR) on a hard disk formatted with the Microsoft
Windows NT file system (NTFS):
1 Start the computer that has the NTFS file system partition from a virus-free MS-DOS boot disk.
2 Run the scanner, using
SCAN /BOOT /CLEAN
. Be sure to run the scanner from a disk that you know is free from viruses.
This cleans the NTFS file system Master Boot Record, but the scanner cannot read the rest of the NTFS file system partition when you boot into a MS-DOS environment. To scan the rest of the NTFS file system partition, reboot into Windows NT, then run the scanner again.
40
5
Preventing Infections
VirusScan
®
Command Line is an effective tool for preventing infections, and it is most effective when combined with regular backups, meaningful password protection, user training, and awareness of threats from viruses and other potentially unwanted software.
To create a secure system environment and minimize the chance of infection, we recommend that you do the following:
Install VirusScan
®
Command Line software and other McAfee security software.
Schedule scans — at system boot and/or at regular intervals.
Make frequent backups of important files. Even if you have VirusScan
®
Command
Line software to prevent attacks from viruses, damage from fire, theft, or vandalism can render your data unrecoverable without a recent backup.
Detecting new and unidentified viruses
To offer the best protection possible, we continually update the definition (DAT) files that the VirusScan
®
Command Line software uses to detect potentially unwanted software. For maximum protection, you should regularly retrieve these files.
We offer free online DAT file updates for the life of your product, but cannot guarantee that they will be compatible with previous versions. By updating your software to the latest version of the product and updating regularly to the latest DAT files, you ensure complete protection for the term of your software subscription or maintenance plan.
Why do I need new DAT files?
Hundreds of new viruses and other potentially unwanted objects appear each month.
Often, older DAT files cannot assist the VirusScan
®
Command Line software in detecting these new variations. For example, the DAT files with your original copy of
VirusScan
®
Command Line might not detect a virus that was discovered after you bought the product.
If you suspect you have found a new virus, use WebImmune. See
41
VirusScan
®
Command Line 6.00.1 Product Guide Preventing Infections
Detecting new and unidentified viruses
5
Updating your DAT files
DAT files are contained in a single compressed file that you can download from the internet.
1 Navigate to the FTP location ftp://ftp.mcafee.com/commonupdater .
The commonupdater folder does not appear in ftp://ftp.mcafee.com
, however can be accessed by typing the complete URL (as shown in
).
Note
2 To gain access, type anonymous as your user name and your email address as your password when prompted.
3 Look for a filename that is of the format avvdat-nnnn.zip, where nnnn is the DAT version number.
The number given to the file changes on a regular basis. A higher number indicates a later version of the DAT files. When you are selecting the latest version of DAT file, ignore any reference to SuperDAT (a self-installing DAT file). You cannot use this type of file with VirusScan Command Line.
To use the new DAT files:
1 Create a download directory.
2 Change to the download directory, and download the new compressed file from the source you have chosen. The downloaded DAT file is in a compressed .ZIP format.
3 To extract the DAT files, type the command: unzip file
Here file is the name of the zip file you downloaded.
4 Use a suitable compression utility to extract the files from the .ZIP file into that directory. Ensure to extract all the files.
5 Allow the updated files to overwrite the existing DAT files.
Note
If other SupportingProductName software products are loaded on your computer, or if you chose custom installation options, some DAT files might be located in more than one directory. If so, save these updated DAT files to each directory.
Tip
After an update, run the following command once to decompress the newly downloaded DATs and accelerate the time for subsequent initializations.
SCAN /DECOMPRESS
This product is not suitable for on-access (single file) scanning.
42
A
Schema for the XML reports
The formal schema for the XML reports is as follows:
<?xml version="1.0" encoding="UTF-8"?>
<!--W3C Schema for the VSCL 6.0 XML Report format-->
<xs:schema xmlns:xs="http://www.w3.org/2001/XMLSchema">
<xs:element name="Scan">
<xs:complexType>
<xs:sequence>
<xs:element ref="Preamble"/>
<xs:element ref="Date_Time"/>
<xs:element ref="Options"/>
<xs:group ref="FileSummary" maxOccurs="unbounded" minOccurs="0"/>
<xs:element ref="Time"/>
</xs:sequence>
</xs:complexType>
</xs:element>
<xs:element name="Preamble">
<xs:complexType>
<xs:sequence>
<xs:element ref="Product_name"/>
<xs:element ref="Version"/>
<xs:element ref="License_info"/>
<xs:element ref="AV_Engine_version"/>
<xs:element ref="Dat_set_version"/>
<xs:element ref="Extra_Dat_Info" minOccurs="0"/>
</xs:sequence>
</xs:complexType>
</xs:element>
<xs:element name="Date_Time">
<xs:complexType>
43
VirusScan
®
Command Line 6.00.1 Product Guide Schema for the XML reports
A
<xs:attribute name="value" type="xs:string" use="required"/>
</xs:complexType>
</xs:element>
<xs:element name="Options">
<xs:complexType>
<xs:attribute name="value" type="xs:string" use="required"/>
</xs:complexType>
</xs:element>
<xs:element name="Time">
<xs:complexType>
<xs:attribute name="value" type="xs:string" use="required"/>
</xs:complexType>
</xs:element>
<xs:group name="FileSummary">
<xs:sequence>
<xs:element ref="File" maxOccurs="unbounded" minOccurs="0"/>
<xs:element ref="Summary" maxOccurs="unbounded"/>
</xs:sequence>
</xs:group>
<xs:element name="File">
<xs:complexType>
<xs:attribute name="status" type="xs:string" use="required"/>
<xs:attribute name="name" type="xs:string" use="required"/>
<xs:attribute name="virus-name" type="xs:string" use="optional"/>
<xs:attribute name="detection-type" type="xs:string" use="optional"/>
</xs:complexType>
</xs:element>
<xs:element name="Summary">
<xs:complexType>
<xs:attribute name="Total-processes" type="xs:int" use="optional"/>
<xs:attribute name="On-Path" type="xs:string" use="optional"/>
<xs:attribute name="Total-files" type="xs:int" use="optional"/>
<xs:attribute name="Total-Objects" type="xs:int" use="optional"/>
<xs:attribute name="Possibly-Infected" type="xs:int" use="optional"/>
<xs:attribute name="Objects-Possibly-Infected" type="xs:int" use="optional"/>
<xs:attribute name="Not-Scanned" type="xs:int" use="optional"/>
<xs:attribute name="Clean" type="xs:int" use="optional"/>
<xs:attribute name="Possibly-Infected-MBR" type="xs:int" use="optional"/>
44
VirusScan
®
Command Line 6.00.1 Product Guide Schema for the XML reports
A
<xs:attribute name="Possibly-Infected-BootSector" type="xs:int" use="optional"/>
<xs:attribute name="Master-Boot-Records" type="xs:int" use="optional"/>
<xs:attribute name="Boot-Sectors" type="xs:int" use="optional"/>
<xs:attribute name="Cleaned" type="xs:int" use="optional"/>
<xs:attribute name="Moved" type="xs:int" use="optional"/>
<xs:attribute name="Deleted" type="xs:int" use="optional"/>
</xs:complexType>
</xs:element>
<xs:element name="Product_name">
<xs:complexType>
<xs:attribute name="value" type="xs:string" use="required"/>
</xs:complexType>
</xs:element>
<xs:element name="Version">
<xs:complexType>
<xs:attribute name="value" type="xs:string" use="required"/>
</xs:complexType>
</xs:element>
<xs:element name="License_info">
<xs:complexType>
<xs:attribute name="value" type="xs:string" use="required"/>
</xs:complexType>
</xs:element>
<xs:element name="AV_Engine_version">
<xs:complexType>
<xs:attribute name="value" type="xs:decimal" use="required"/>
</xs:complexType>
</xs:element>
<xs:element name="Dat_set_version">
<xs:complexType>
<xs:attribute name="value" type="xs:short" use="required"/>
</xs:complexType>
</xs:element>
<xs:element name="Extra_Dat_Info">
<xs:complexType>
<xs:attribute name="Path" type="xs:string" use="required"/>
<xs:attribute name="Additional_Viruses" type="xs:string" use="required"/>
</xs:complexType>
45
VirusScan
®
Command Line 6.00.1 Product Guide
</xs:element>
</xs:schema>
Schema for the XML reports
A
46
Index
A
/ALL option, warning with /NODOC
alphabetic options
ARC files
arguments (See options)
audience for this guide
B
BACKUP_SEMANTICS flag
beta program website
boot record, preventing scanner from accessing
boot sector limiting scan to
warning about /NODDA
C
cache
/CLEAN option
clean, all infected files
CodeRed
colon, delimiter in stream naming
command-line options (See options)
compressed files scanning inside
skipping during virus scans
types recognized by the scanner
computer problems, attributing to viruses
configuration options
conventions, command line
corrupted files
crashes attributed to viruses
CTRL+BREAK, disabling during scans
CTRL+C, disabling during scans
customer service, contacting
D
damaged files
DAT file
DAT files
McAfee Labs notification service for updates
updates, website
date (expiration date message)
defaults, cache
/DEL option
direct drive access, disabling with scanner
directories, scanning
diskettes
disks scanning
scanning multiple
DLL scanning
DOS
download website
drives scanning local
scanning network
E
EICAR "virus" for testing installation
error levels
error messages
Eudora
evaluating McAfee products, download website
examples batch file for NetWare login
cache, AFC
deleting all macros
list of infected files
reporting
streams
/WINMEM
Excel
excluding files from scan
exit codes (error levels)
expiration date message, disabling
EXTRA.DAT
F
file types list of scanned
scanning all
FILE_FLAG_BACKUP_SEMANTICS flag
files compressed
corrupted
damaged
deleting infected files
do not scan compressed files
excluding from scan
joke programs
last -access date
moving infected files
scanning all
scanning ARC
scanning under specified size
setting cache size
floppy disks
frequency error level for prevented scanning
setting for scan
G
general options
H
help displaying
online
heuristic analysis
enabling full capabilities
macro viruses only
program viruses only
HotFix and Patch releases (for products and security vulnerabilities)
47
VirusScan
®
Command Line 6.00.1 Product Guide
I
infected files creating a list of
deleting permanently
do not rename
moving
not renaming
installation requirements
installation, testing effectiveness of
installing VirusScan software
Invalid switch or incorrect usage, message
J
joke programs
K
KnowledgeBase search
L
local drives, scanning
LS120 media
LZEXE
M
macro
macro viruses cleaning
heuristic analysis for
mailboxes plain text
with /MIME
master boot record (MBR), how to clean on NTFS
McAfee Labs Threat Center
McAfee Labs Threat Library
memory cache
omitting from scans
virus infections in, error level for
messages displaying when a virus is found
Invalid switch or incorrect usage
pausing when displaying
Microsoft Office files not scanned for macros, warning
omitting files from scans
MIME
/MOVE option
moving infected files
N
Netscape
NetWare last -access date
scanning before login
network drives, scanning
new features
/NODDA, do not use with BOOT
/NODOC option, warning with /ALL
/NORENAME option
NTFS streams
NTFS, cleaning
O
Office, Microsoft
on-demand scanning
options
alphabetic order
general
report
response and notification
P
password-protected files
/PAUSE do not use with report options
not with /REPORT
pausing, when displaying scanner messages
PID, process scanning
PINE
PKLITE
plain-text mailboxes
preventing infection
process identifier
process scanning
product information, where to find
product upgrades
professional services, McAfee resources
protected files
Q
quarantine
R
recycle bins
remote storage
/DOHSM and /NORECALL
report options
reports adding names of scanned files to
adding system errors to
do not use options with /PAUSE
generating with scanner
with scanning options
resources, for product information
response and notification options
S
SCAN.EXE
scanning disks
full scan
on-demand
speed improvement
scanning options, added to report
script
McAfee Labs) security threat
security updates, DAT files and engine
security vulnerabilities, releases for
self-check, error level if fails
ServicePortal, technical support
streams
subdirectories, scanning
submit a sample, McAfee Labs
WebImmune
switches (See options)
system performance
system requirements
T
task file
technical support, contacting
testing your installation
Threat Center (See McAfee Labs)
threat library
training, McAfee resources
trash can
U
upgrade website
user profiles
users halting scans, how to prevent
using this guide
audience
typeface conventions and symbols
V
version number
Virus Information Library
Virus Information Library (See
McAfee Labs Threat Library)
Index
48
VirusScan
®
Command Line 6.00.1 Product Guide virus scanning displaying message when virus is found
preventing users from halting
viruses detected, error level for
displaying list of detected
list of detected
VirusScan software
W
WebImmune, McAfee Labs Threat
Center
Windows NT File System (NTFS), cleaning MBR
X
xml report schema
Index
49
advertisement
Related manuals
advertisement