Dr.Web Console Scanner is separate module which may be used for anti-virus scanning of files and disks on demand. It operate independent from Dr.Web Anti-Virus for Linux Control Desk, Dr.Web SpIDer Guard and Dr.Web Daemon.
To list all parameters, run file drweb with the -?, -h or -help parameters.
The Console Scanner parameters can be divided into the following groups:
Scan Area Parameters
These parameters determine where to perform a virus scan:
Parameter
|
Description
|
-path=<path>
|
Sets the scan path.
Symbol '=' can be skipped, in this case path for scan is delimited from -path parameter by a white space. You can specify several paths in one -path parameter (paths will aggregate to one list). Also you can specify paths without -path parameter.
If path is specified with following prefix in startup options:
disk://<path to device file>,
then boot sector (MBR) of appropriate device will be checked and cured, if necessary.
Device file is a special file, placed in directory /dev and having name like as sdX or hdX, where X – letter of latin alphabet (a, b, c, ...). For example: hda, sda.
So, if you want to check MBR of disk sda, specify:
disk:///dev/sda
|
-@[+]<file>
|
Instructs to scan objects listed in the specified file. Add a plus '+' if you do not want the list-file to be deleted when scanning completes. List file may contain paths to directories that must be scanned regularly, or list of files to be checked only once.
|
--
|
Instructs to read list of objects to scan from the standard input (STDIN).
|
-sd
|
Sets recursive search for files to scan in subfolders.
|
-fl
|
Instructs to follow symbolic links to both files and folders. Links causing loops are ignored.
|
-mask
|
Instructs to ignore masks for filenames.
|
Diagnostics Parameters
These parameters determine which types of objects to scan for viruses:
Parameter
|
Description
|
-al
|
Instructs to scan all objects defined by scan paths regardless of their file extension and structure.
This parameter is opposite in effect to the -ex parameter.
|
-ex
|
Instructs to search scan paths for threats presented by files of certain types and ignore objects of other types. The list of file types should be specified in the FileTypes variable of the configuration file. The configuration file is defined by the -ini parameter. By default, objects with the following file extensions are scanned: EXE, COM, DLL, SYS, VXD, OV?, BAT, BIN, DRV, PRG, BOO, SCR, CMD, 386, FON, DO?, XL?, WIZ, RTF, CL*, HT*, VB*, JS*, INF, PP?, OBJ, LIB, PIF, HLP, MD?, INI, MBR, IMG, CSC, CPL, MBP, SH, SHB, SHS, SHT*, CHM, REG, XML, PRC, ASP, LSP, MSO, OBD, THE*, NWS, SWF, MPP, OCX, VS*, DVB, CPY, BMP, RPM, ISO, DEB, AR?, ZIP, R??, GZ, Z, TGZ, TAR, TAZ, CAB, LHA, LZH, BZ2, MSG, EML, 7Z, CPIO.
This parameter is opposite in effect to the -al parameter.
|
-ar[d|m|r][n]
|
Instructs to scan contents of archives (ARJ, CAB, GZIP, RAR, TAR, ZIP, etc.), both simple (*.tar) and compressed (*.tar.bz2, *.tbz).
If you do not supplement the parameter with an additional d, m or r modifier, Console Scanner only informs you about detected malicious or suspicious files in archives. Otherwise, it applies appropriate actions to avert detected threats.
|
-cn[d|m|r][n]
|
Instructs to scan contents of files containers (HTML, RTF, PowerPoint).
If you do not supplement the parameter with an additional d, m or r modifier, Console Scanner only informs you about detected malicious or suspicious files in containers. Otherwise, it applies appropriate actions to avert detected threats.
|
-ml[d|m|r][n]
|
Instructs to scan contents of mail files.
If you do not supplement the parameter with an additional d, m or r modifier, Console Scanner only informs you about detected malicious or suspicious elements of mail files. Otherwise, it applies appropriate actions to avert detected threats.
|
-upn
|
Scan executable files packed with LZEXE, DIET, PKLITE, EXEPACK with compression type output disabled
|
-ha
|
Enables heuristic analyser that help detect possible unknown threats.
|
For some parameters, you can use the following additional modifiers:
• | Add d to delete objects to avert the threat |
• | Add m to move objects to Quarantine to avert the threat |
• | Add r to rename objects to avert the threat (that is, replace the first character of the file's extension with '#') |
• | Add n to disable output of the archive, container, mail file or packer type |
For more information on actions, see Fighting Computer Threats.
If malicious objects are detected within complex objects such as archives, containers, packed or mail files, then the reaction is applied to the complex object as a whole, and not to the included malicious object only.
|
Action Parameters
These parameters determine which actions to apply to infected (or suspicious) objects:
Parameter
|
Description
|
-cu[d|m|r]
|
Defines an action to apply to infected files and boot sectors. If you do not supplement the parameter with an additional modifier, Console Scanner cures infected objects and deletes incurable files (if another action is not specified in the -ic parameter). Otherwise, it applies appropriate action to infected curable object, and processes incurable files as specified in the -ic parameter.
|
-ic[d|m|r]
|
Defines an action to apply to incurable files. If you do not supplement the parameter with an additional modifier, Console Scanner only informs you about the threat.
|
-sp[d|m|r]
|
Defines an action to apply to suspicious files. If you do not supplement the parameter with an additional modifier, Console Scanner only informs you about the threat.
|
-adw[d|m|r|i]
|
Defines an action to apply to adware. If you do not supplement the parameter with an additional modifier, Console Scanner only informs you about the threat.
|
-dls[d|m|r|i]
|
Defines an action to apply to dialers. If you do not supplement the parameter with an additional modifier, Console Scanner only informs you about the threat.
|
-jok[d|m|r|i]
|
Defines an action to apply to joke programs. If you do not supplement the parameter with an additional modifier, Console Scanner only informs you about the threat.
|
-rsk[d|m|r|i]
|
Defines an action to apply to potentially dangerous programs. If you do not supplement the parameter with an additional modifier, Console Scanner only informs you about the threat.
|
-hck[d|m|r|i]
|
Defines an action to apply to hacktools. If you do not supplement the parameter with an additional modifier, Console Scanner only informs you about the threat.
|
Additional modifiers indicate actions that should be applied for averting threats:
• | Add d to delete objects. |
• | Add m to move objects to Quarantine. |
• | Add r to rename objects, that is, replace the first character of extension with '#'. |
• | Add i to ignore threats (available for minor threats only such as adware etc), that is, apply no action and do not list such threats in the report. |
For more information on actions, see Fighting Computer Threats.
If malicious objects are detected within complex objects such as archives, containers, packed or mail files, then the reaction is applied to the complex object as a whole, and not to the included malicious object only.
|
Interface Parameters
These parameters configure Console Scanner output:
Parameter
|
Description
|
-v,
-version,
--version
|
Instructs to output information about the product and scan engine versions and exit Console Scanner.
|
-ki
|
Instructs to output information about the license and its owner (in UTF8 encoding only).
|
-go
|
Instructs to run Console Scanner in batch mode when all questions implying answers from a user are skipped and all decisions implying a choice are taken automatically. This mode is useful for automatic scanning of files, for example, during a daily (or weekly) check of the hard drive.
|
-ot
|
Instructs to use the standard output (STDOUT).
|
-oq
|
Disables information output.
|
-ok
|
Instructs to list all scanned objects in the report and mark "clean" object with Ok.
|
-log=[+]<path to file>
|
Instructs to log Console Scanner operations in the specified file. The file name is mandatory to turn on logging. Add a plus '+' if you want to append the log file instead of overwriting it.
|
-ini=<path to file>
|
Instructs to use the specified configuration file. No configuration file is supplied with Console Scanner by default.
|
-lng=<path to file>
|
Instructs to use the specified language file. The default language is English.
|
-a = <Control Agent address>
|
Run Console Scanner in central protection mode.
|
-ni
|
Disables the use of the configuration file for setting up scanning options. Console Scanner is configured with parameters from the command line only.
|
-ns
|
Disables interruption of scanning process including the use of interruption signals (SIGINT).
|
--only-key
|
Nothing but key file is received from the Control Agent at start.
|
You can use hyphen «-» postfix to disable the following parameters:
-ar -cu -ha -ic -fl -ml -ok -sd -sp
For example, if you start Console Scanner with the following command:
$ drweb <path> -ha-
heuristic analysis (enabled by default) will be disabled.
For the -cu, -ic and -sp parameters, the negative form disables any action specified with additional modifiers, that is, negative form of these parameters instruct to report on detection of infected or suspicious objects, but take no actions to avert threats.
The -al and -ex parameters have no negative for, but cancel one another.
By default (if Console Scanner configuration was not customized and no parameters were specified) Console Scanner starts with the following parameters:
-ar -ha -fl- -ml -sd
Default Console Scanner parameters (including scan of archives, packed files and mailboxes, recursive search, heuristic analysis, etc.) is sufficient for everyday diagnostics and can be used in typical cases. You can also use hyphen «-» postfix to disable some parameters, as it was explained above.
Disabling scan of archives and packed files will significantly decrease antivirus protection level, because in archives (especially, self-extracting) enclosed in e-mail attachments viruses are distributed. Office documents potentially susceptible to infection with macro viruses (Word, Excel) are also dispatched via e-mail in archives and containers.
When you run Console Scanner with default parameters, no cure actions and no actions for incurable and suspicious files are taken. For these actions to be performed, you must specify corresponding command line parameters explicitly.
Set of actions parameters may vary in particular cases. We recommend the following:
• | cu - cure infected files and system areas without deletion, moving or renaming infected files; |
• | icd - delete incurable files; |
• | spm - move suspicious files; |
• | spr - rename suspicious files. |
When Console Scanner is started with cu action specified, it will try to restore the previous state of infected object. It is possible only if detected virus is known virus, and cure instructions for it are available in virus database, though even in this case cure attempt may fail if infected file is seriously damaged by virus.
If infected files are found inside archives they will not be cured, deleted, moved or renamed. To cure such files you must manually unpack archives to the separate directory and instruct Console Scanner to check it.
When Console Scanner is started with action icd specified, it will delete all infected files from disk. This option is suitable for incurable (irreversibly damaged by virus) files.
With action spm enabled Console Scanner will move infected or suspicious files to the quarantine directory.
Action spr makes Console Scanner replace file extension with a certain specified extension («*.#??» by default, i.e. first extension symbol is replaced with «#» symbol). Enable this parameter for files of other OS (e.g., DOS/Windows) detected heuristically as suspicious. Renaming helps to avoid accidental startup of executable files in these OS and therefore prevents infection by possible virus and its further expansion.
|