Command line for manual scan

[Stan Brown]

How do I initiate a manual scan of one or more files from the
command line? It's Win XP Pro SP2, Symantec Full version 9.0.0.338.

What I'm trying to accomplish is to configure WinZip to scan files
within an archive. To do that it needs to know the program name and
presumably any parameters.

Searching Symantec's site was useless as usual: each hit duplicated
a dozen times or so, and none of them answering the question. I
also gave up after the sixth page of Google results.

 

[David H. Lipman]

From: "Stan Brown" <[email protected]>

| How do I initiate a manual scan of one or more files from the
| command line? It's Win XP Pro SP2, Symantec Full version 9.0.0.338.
|
| What I'm trying to accomplish is to configure WinZip to scan files
| within an archive. To do that it needs to know the program name and
| presumably any parameters.
|
| Searching Symantec's site was useless as usual: each hit duplicated
| a dozen times or so, and none of them answering the question. I
| also gave up after the sixth page of Google results.
|
| --
|
| Stan Brown, Oak Road Systems, Tompkins County, New York, USA
| http://OakRoadSystems.com/

If you enable "scan archive files" from within NAV/SAV then there is no need to do so. The
Win32 scanner of NAV/SAV will scan inside the ZIP files as well as CAB and other compressed
file formats.

You can test this by going to the following URL
http://www.eicar.org/anti_virus_test_file.htm
and choose EICAR_COM.ZIP

or

http://www.eicar.org/download/eicar_com.zip

For example, McAfee logged the following....
4/4/2005 6:13:28 PM Deleted (Clean failed because the file isn't cleanable)
DLIPMAN-1\lipman D:\temp\IE6\Temporary Internet
Files\Content.IE5\Z0WFDAGD\eicar_com[1].zip\EICAR_COM[1].ZIP EICAR test file

 

[Adam Piggott]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

How do I initiate a manual scan of one or more files from the
command line? It's Win XP Pro SP2, Symantec Full version 9.0.0.338.

What I'm trying to accomplish is to configure WinZip to scan files
within an archive. To do that it needs to know the program name and
presumably any parameters.

Searching Symantec's site was useless as usual: each hit duplicated
a dozen times or so, and none of them answering the question. I
also gave up after the sixth page of Google results.

Sounds like Symantec's site search

You could try running the executables in SAV's program files directory,
passing a file name to them, e.g. savscan.exe C:\winnt\notepad.exe
The consumer version of their anti-virus works like that, but with
navw32.exe I think.

To find out which exe to run, you could try running a manual scan and
seeing which process pops up to do the scanning.

HTH,


Adam Piggott,
Proprietor,
Proactive Services (Computing).

- --
Please replace dot invalid with dot uk to email me.
Apply personally for PGP public key.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.0 (MingW32)

iD8DBQFCUbzL7uRVdtPsXDkRArU2AKCgAFg/1gvhDgvtYIFEP50KS5MTrQCcCgwT
11QxsU5GP9BJf7rlmJiLWA4=
=Sh4y
-----END PGP SIGNATURE-----

 

[Stan Brown]

If you enable "scan archive files" from within NAV/SAV then there is no need to do so. The
Win32 scanner of NAV/SAV will scan inside the ZIP files as well as CAB and other compressed
file formats.

In the long run you're right; but I want to scan a file RIGHT NOW
before I try to install or run it; I don't want to wait a day or so
for the background scan to get around to it.

 

[Stan Brown]

To find out which exe to run, you could try running a manual scan and
seeing which process pops up to do the scanning.

I tried that before posting. The answer is that no process popped
up. Something is flaky!

There are about half a dozen .exe and dozens of .dll in teh
Symantec directory. I'm afraid to just try running each one with a
filename argument, afraid I'll screw something up.

 

[Adam Piggott]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

in alt.comp.anti-virus:



I tried that before posting. The answer is that no process popped
up. Something is flaky!

There are about half a dozen .exe and dozens of .dll in teh
Symantec directory. I'm afraid to just try running each one with a
filename argument, afraid I'll screw something up.

Without trying to sound condescending, have you tried RTFM? I know software
documentation is generally poor these days, but you never know!


Adam.

- --
Please replace dot invalid with dot uk to email me.
Apply personally for PGP public key.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.0 (MingW32)

iD8DBQFCUmd57uRVdtPsXDkRAhNdAJ94Tuadc12oYYkwztw2Gywx69mJVACeOY4b
dlPF+2tQEDrPpSFmI2Jh1KQ=
=0heU
-----END PGP SIGNATURE-----

 

[David H. Lipman]

From: "Stan Brown" <[email protected]>


|
| In the long run you're right; but I want to scan a file RIGHT NOW
| before I try to install or run it; I don't want to wait a day or so
| for the background scan to get around to it.
|
| --
|
| Stan Brown, Oak Road Systems, Tompkins County, New York, USA
| http://OakRoadSystems.com/

All you have to do is copy the file from one location to another with "scan archive files"
enabled. As you copy the file, the ZIP file will be scanned by the "On Access" scanner of
the AV software.

 

[Roger Wilco]

in alt.comp.anti-virus:


In the long run you're right; but I want to scan a file RIGHT NOW
before I try to install or run it; I don't want to wait a day or so
for the background scan to get around to it.

Maybe invoking the on demand executable with the /? switch will give you
the info you seek.

 

[Stan Brown]

Maybe invoking the on demand executable with the /? switch will give you
the info you seek.

Good idea. Actually I'll have to try _every_ executable since I
don't know which one it is. (And I'm still worried by the failure
of anything to show in Task Mangler.) But /? is unlikely to trigger
an execution of the wrong executable -- unless Norton is written
even worse than everyone says.

 

[Stan Brown]

Without trying to sound condescending, have you tried RTFM? I know software
documentation is generally poor these days, but you never know!

There is no M, but I have tried RT the F-Help file and found
nothing. "Command line" and "command prompt" in full-text search
have no hits. "Manual scan" has a dozen or thereabouts, but the
only one that's about manual scan gives only a GUI procedure.

I don't mind your asking. I mentioned finding nothing on Symantec's
sight and nothing useful on Google, but I didn't mention local
resources. It would have been embarrassing if I'd forgotten that
and the information was actually there!

 

[Adam Piggott]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

in alt.comp.anti-virus:


I don't mind your asking. I mentioned finding nothing on Symantec's
sight and nothing useful on Google, but I didn't mention local
resources. It would have been embarrassing if I'd forgotten that
and the information was actually there!

I'd never even *seen* NAV's help documents until I opened them today to
look and see if it had mention of CLI switches, which it does.

I can't find much searching the web either...surely other people have been
asking this question? I would have if I were using it!

Dare I suggest an email to Symantec? *chuckle*


Adam.

- --
Please replace dot invalid with dot uk to email me.
Apply personally for PGP public key.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.0 (MingW32)

iD8DBQFCUwCz7uRVdtPsXDkRAlm4AJ4zgIa0f4jFiOd2RtvJWhE0YJO10ACeNjvH
wlgorEgxNgd45Xzk3o67gd4=
=u/ON
-----END PGP SIGNATURE-----

 

[Roger Wilco]

in alt.comp.anti-virus:

Good idea. Actually I'll have to try _every_ executable since I
don't know which one it is. (And I'm still worried by the failure
of anything to show in Task Mangler.) But /? is unlikely to trigger
an execution of the wrong executable -- unless Norton is written
even worse than everyone says.

Just for kicks, here's tha result from two of the NAV 5.0 executables.

**********
NAVDX [pathname] [options]
pathname Any valid drive, directory, file, or combination of
items.
/? Display this help screen.
/A or /L Scan All drives or Local drives. A: and B: are
skipped.
/B[+|-] Enable or disable scanning of boot records.
/BOOT Only scan the boot sectors of specified drives.
/M[+|-] Enable or disable scanning of memory.
/MEM Only scan memory.
/HEUR:[0|1|2|3] Set Bloodhound(tm) sensitivity. (0 disables)
/S[+|-] Enable or disable scanning subdirectories.
/REPAIR Repair infected files automatically.
/DELETE Delete infected files automatically.
/PROMPT Prompt for repair or delete on each infected file.
/HALT Halt the system when a virus is found.
/CFG:[directory] Specifies the directory containing Norton AntiVirus
configuration files.
/LOG:file Create a log file.
/APPENDLOG:file Append to a log file.
/DOALLFILES Scan all files, not just executables.
/ZIPS Scan files in compressed files.
/NOBEEP Do not generate any sound.
/HELPERROR List all possible DOS errorlevels NAVDX returns.

***************

C:\Program Files\Norton AntiVirus>

Command line switches

NAVW32.EXE is the Windows interface and scanner. It can be run with
command-line switches, typically from the Start menu Run command, to
override configuration settings.
NAVW32 [[pathname] options]

pathname Any drive, folder, file, or combination of these is scanned. If
you want to scan a combination of items, use a space to separate the
items. You can use wildcards when specifying pathnames for a group of
files (for example, NAVW32 A:C:\MYDIR\*.EXE

/A All drives, except drives A: and B:, are scanned. Network drives are
scanned if the Allow Network Scanning option is selected in the Scanner
Advanced Settings dialog box.
/L All local drives, except drives A: and B:, are scanned.
/S All subfolders specified in the pathname are also scanned.
/M[+|-] Enables (+) or disables (-) scanning of memory (for example,
NAVW32 C:/M or NAVW32 D:/M-)

/MEM Only memory is scanned.

/B[+|-] Enables (+) or disables (-) scanning of boot records (for
example, NAVW32 A: /B+ or NAVW32 B: /B-)

/BOOT Only the boot records of the specified drives are scanned.
/NORESULTS No scan results are reported on screen.
/DEFAULT Returns settings to how they were when you received Norton
AntiVirus.

/HEUR:[0|1|2|3] Set Bloodhound(tm) sensitivity (0 disables)

*********

 

[Stan Brown]

I'd never even *seen* NAV's help documents until I opened them today to
look and see if it had mention of CLI switches, which it does.

Is NAV an earlier verson of Symantec Anti Virus. The latter's help
file doesn't mention "switches", according to a Search I did in
Help.

 

[Ian JP Kenefick]

in alt.comp.anti-virus:

Is NAV an earlier verson of Symantec Anti Virus. The latter's help
file doesn't mention "switches", according to a Search I did in
Help.

NAV is Home version - SAV is enterprise.

 

[Stan Brown]

Just for kicks, here's tha result from two of the NAV 5.0 executables.

Unfortunately with my version, NONE of the executables responded to
/?. One of them popped up the GUI; the others did nothing at all
that I could see.

Incredible as it seems, I'm coming to the conclusion that you CAN'T
scan a file on demand with Symantec. (As I mentioned before, my
college requires me to have this lovely program running on my
computer.) Maybe I should download a different antivirus and run it
only on demand, not in background mode.

 

[Norman L. DeForest]

in alt.comp.anti-virus:

Unfortunately with my version, NONE of the executables responded to
/?. One of them popped up the GUI; the others did nothing at all
that I could see.

Incredible as it seems, I'm coming to the conclusion that you CAN'T
scan a file on demand with Symantec. (As I mentioned before, my
college requires me to have this lovely program running on my
computer.) Maybe I should download a different antivirus and run it
only on demand, not in background mode.

What happens if you run the executables and specify a file name after
them on the command line?

executablename C:\WINDOWS\notepad.exe

(replacing "executablename" with the name of one of the NAV executables
and using a known harmless file for the test)?

If it reports the results of scanning the file, you could try putting
a shortcut to the NAV executable into your SendTo folder and then try
right-clicking on a file or folder to be scanned and selecting the
NAV executable from the SendTo menu. That's what I did with F-Prot.
See:
http://www.chebucto.ns.ca/~af380/antivirus.html#fpst

Then try the same right-click on a copy of the eicar.com test file
(google for it).

 

[jonah]

How do I initiate a manual scan of one or more files from the
command line? It's Win XP Pro SP2, Symantec Full version 9.0.0.338.

What I'm trying to accomplish is to configure WinZip to scan files
within an archive. To do that it needs to know the program name and
presumably any parameters.

Searching Symantec's site was useless as usual: each hit duplicated
a dozen times or so, and none of them answering the question. I
also gave up after the sixth page of Google results.

Don't be silly

I bought the useless crap last year, caused total havoc with my
network, cost me hours of work and a lot of data. Asked for a re-fund
no chance, e mailed a bill for my time and funnily enough somebody
wrote back asking for the contract number / job details etc. Made up a
"number at random" but nothing appeared.

Symantecs own security seems pretty foolproof

T**Ts!



Jonah