We have decided to release our internal command line scanner as beta version to the public so you can use it e.g. for scheduled scans etc.
The main reason for it being a beta version is that although we use it internally, we didn't have the time to test it carefully enough to call it a final... :)


################################################
# ewido anti-malware - Console Scanner 3.5 #
################################################


ewidoscan Options [[File|Folder]...]

Example:
ewidoscan /clean /backup /memory /nocookies C:\windows D:\mybadfile.exe


Options:

/clean Cleans if an infection was found
/backup Make a backup of an infected file
and moves it into the quarantine
/memory Executes a memory scan
/registry Executes a registry scan
/nocookies Disables scan for cookies
/nospyware Disables scan for spyware
/noriskware Disables scan for riskware
/report Generates a scan report (Report.txt)
/report=File Generates a scan report and saves it to
File e.g.
/report="C:\Documents and Settings\Foo.txt"

/trace The console scanner saves a trace log of
the scan.
/no_archives Do not scan in archives.
/no_heuristics Do not use heuristics
/no_binder Do not scan for binding threats.
/no_crypter Do not scan for executable packer
(UPX,petite,FSG...)
/no_ntfsads Do not scan for NTFS Alternative Data
Streams
It should be pretty self-explaining :)

Again, please keep in mind that this version is still untested and unsupported. As always with beta software: Use at your own risk :)

http://download.ewido.net/ewido-console-scanner.exe

The setup will copy the scanner "ewidoscan.exe" to your ewido directory. You can run it from there e.g. using cmd.exe... It will only run from within the ewido directory as it requires the other program components.

Any feedback is welcome :)

Nice addition while waiting V4.0 with scan scheduler (I assume).

Does work through setup in the Task Scheduler.

Would be great to see a little progress report in the CMD window as well as in the Report such as:

"Scanning Memory"
"Scanning Registry"
"Scanning C:"
etc.

Also a /minimize option to minimize the CMD window on startup.

Looks and runs quite good !

I bring up a command prompt...I have tried 100 combinations to get this to work and they all say cannot find path....I have the file in the correct directory...How should this look from a command prompt just to run the scanner with none of the switches?

Ok..I got it up..Now how do I do it to just scan all the files without cleaning? I do this because I don't want it cleaning my keylogger that I know is mine ? Thanks

The default setting is not to clean... Only if /clean is specified, it will do so...

I'll wait for version 4. Its not a big deal for me to do manual scans.

Assuming, ver 4 will have the capability to set scheduled scans.

I'm still not getting it here... I have the window up in the command prompt and it gives me all the switches..Now how do I do a scan without cleaning? Attached is what I am looking at now. What do I type in after my last entry there?

if its a console scanner how can i scan my ps2 and xbox?:P

{QUOTE-> I'm still not getting it here... I have the window up in the command prompt and it gives me all the switches..Now how do I do a scan without cleaning? Attached is what I am looking at now. What do I type in after my last entry there? <-QUOTE}
since it already scans w/o cleaning, just type "ewidoscan [path to file]" where [path] is the path to the file/folder/drive u wanna scan

e.g. ewidoscan C:\temp\

{QUOTE-> if its a console scanner how can i scan my ps2 and xbox?:P <-QUOTE}

lol, you're right, it should be called command line scanner :)

What if you want it to scan all of C Drive?

ewidoscan.exe c:\
:)

{QUOTE-> What if you want it to scan all of C Drive? <-QUOTE}ewidoscan c:\

I tryed that, I even went to ewido directery and double clicked on ewidoscan.exe . No console

did u start ewidoscan from the command line?

see pic:

http://img153.imageshack.us/img153/3359/ewido8zf.jpg

Yes I did, I am on windows XP Home SP2.

can u scan folders or files? also how to run the command prompt, from the start menu or do u use the run command and type in cmd? (i doubt itd make a difference but im covering the bases)

Yes I can scan files and folder with ewido., and Command prompt: start/program files/ Command Prompt

try running cmd from the run dialog box.

Ok done.

does it work in safe mode? also try downloading/installing the scanner again

Safe mode:no exact same result. Download/install scanner again:exact same result. Sorry I couldn't bring screen shot from safe mode.

As I see your problem, its the lack of knowledge to the Command prompt.

Changing directory needs quotes when a space is in the name of the directory

cd "c:\program files\Ewido Malware scan"

remember the tab in command line window..

Jens

Hi all,

I have just found the Command Line Scanner version and I am impressed with it's capabilities. But I could use some help with it's use.

I have several feature requests:

1) Can a new argument be added, /unattended, which would handle cleaning (if /clean has also been issued) so that the scan can continue without user requests. Basically, eliminate the need for user interaction, so that this can be run in true batch mode.

2) Can a new argument be added, /quiet, which would allow the scan to happen without any (or hidden) command window. This would imply /unattended.

3) Exclusions: I use several 'utilities' that in the wrong hands could be used for harm. Some of these potentially unwanted programs are OK and useful, again used carefully. As such, I would like to be able to create a list of files to Exclude from cleaning or deleting.

For an security officer or network administrator, this is a useful and needed feature.

Can a new argument be added, /excludelist="ExcludeFileList" where this file contains a list of file names to be excluded.

In the list I would expect that each exclusion would be on it's own line, with or without a pathspec and any other parameters needed for the exclusion. Without a starting pathspec, the filename would be excluded no matter where it is located. With a pathspec, the exclusion starts at that path.

Additional parameters would be whether to include subdirectories in the exclusion. Of course, wildcards would be really nice.

4) Relative directory and UNC support: /report="Filespec" currently requires a fully qualified filespec for logging. On different systems, the log file might need to be on different drives. Some, C: others on F: etc. However, logging to a relative filespec would be more useful, as sometimes it doesn't matter which drive I am on.

Additionally, it would be nice to send the logs to a central location on the network using a UNC notation instead.

ex. /report="\\myserver\ewido-logs\%COMPUTERNAME%.log"
ex. /report="ewido anti-malware\%COMPUTERNAME%.log"

5) /backup is useful, but could also point to another location, instead of the defaults used within. Like the above, the backups should be able to be relocated to a central store for further analysis by the network administrator or security team.

ex. /backup="\\myserver\ewido-quarantine\%COMPUTERNAME%"
ex. /backup="ewido anti-malware\quarantine"

When using UNCs, obviously appropriate rights need to be in place for this to work. But that's not your problem.

6) Finally, add several parameters that indicate a type of drives to scan. This would simplify the batch file by eliminating which drives specifically need to be scanned:

/local would be local drives (non-network, non-software drive letters)
/removeable would be drives like A:, CD-ROM drives, flash drives, etc.
/fixed would be local hard drives
/network would be mapped network drives


Anyway, these are just some thoughts.

Thanks,
Ron Metzger