My observations about eScan AntiVirus ToolKit Utility Ver (4.4.7) (http://www.spywareinfo.dk/download/mwav.exe)

I think mwavscan.com in the v4.4.7 version of MWAV.EXE has only these parameters:

C:\MWAV447> strings (http://www.sysinternals.com/ntw2k/source/misc.shtml#strings) mwavscan.com | find "/"
/MEM
/REG
/STARTUP
/SYSFOLDER
/SYSAREA
/SER
/DRIVE
/FOLDER
/WAITTOEXIT
/FS
/RunDownload
/SC
/SNOC
/DELETE

ALSO, if you run mwavscan.com without no parameters, the first GUI button under "Action" says "Scan".

BUT, if you run mwavscan.com /anything, the first GUI button under "Action" says "Scan Clean".

-----------------------------------------------------

My observations about eScan AntiVirus ToolKit Utility Ver (4.8.7) (http://www.mwti.net/antivirus/free_utilities.asp)

I think mwavscan.com in the v4.8.7 version of MWAV.EXE has only these parameters:
(note: you'll have to "upx -d (http://upx.sourceforge.net/) mwavscan.com" on a COPY OF MWAVSCAN.COM!)

C:\MWAV487> strings (http://www.sysinternals.com/ntw2k/source/misc.shtml#strings) mwavscan.com | find "/"
/mem
/service
/log
/MEM - Scan Memory
/REG - Scan Registry
/STARTUP - Scan Startup Folders
/SYSFOLDER - Scan System Folders
/SER - Scan Services
/FOLDER=[FolderName] - Scan FolderName
/SUBFOLDERS - Include Sub-Folder Scanning
/DRIVE - Scan Local Drives
/SNOC - Scan Only
/SC - Scan and Clean
/WAITTOEXIT - Wait for user to press OK
/S - Silent Mode
/FS - Full Silent Mode
/NOLOG - Dont make Log
/DELETE_IF_NOT_CLEANABLE - Delete if virus cannot be cleaned
/DELETE_ALL_INFECTED - Delete all infected files
/LOWPRIORITY - Run in Low Priority
/MEM
/REG
/STARTUP
/SYSFOLDER
/SYSAREA
/SER
/DRIVE
/SUBFOLDERS
/SUBFOLDER
/FOLDER
/WAITTOEXIT
/DELETE_ALL_INFECTED
/LOWPRIORITY
/NOLOG
/DELETE_IF_NOT_CLEANABLE
/DONOTWAITTOEXIT
/Silent
/FS
/FullSilent
/RunDownload
/SC
/SNOC
/DELETE
/BOOT
/HELP

ALSO, the GUI Help window (mwavscan.com /HELP) only displays some of the parameters????

-----------------------------------------------------

Questions...

#1 Does anyone know if ALL the v4.8.7 parameters work? (mwavscan.com /sc appears to NOT work)

#2 Do any of the /DELETE... parameters work?

#3 Anyone know where I can find more details about kavupd.exe and the C:\BASES folder?

Thanks,

Mike

hm interesting. Thanks for the research on this. It would bear some testing that is for sure.

Well I am only the official tester for the commercial version of eScan, however I might look into this when I have the time (maybe two-three days?).

I would try the parameters on v4.8.4, I still use the v4.4.7 copy which updates great using kavupd.exe getting all the supersecure database files.

would you mind sharing that file? The 4.4.7 version that is.

See this thread (last post)

http://www.wilderssecurity.com/showthread.php?t=61563&highlight=escan

{QUOTE-> would you mind sharing that file? The 4.4.7 version that is. <-QUOTE}Aahhh... this very first line of my post is for V4.4.7. ;)
Mike

Yes I have found it now. And am quite happy with it. THank you.

{QUOTE-> Yes I have found it now. And am quite happy with it. THank you. <-QUOTE}
Now you get cleaning of files too!!! I won't squeal to the eScan people, use your new wealth properly!!!

thanks but it does not matter to me really. I use allot of different av's I think it's funny how everybody looks at statistics here and think one av is so much better than another. I dont really have a huge collection of virii to test with as far as samples go but I do work on live systems alsmost every day with live virii and some of them I would guess can be said to be in the wild. Other than that it gives me a very good cross section of virii and systems to test on so I get a very good idea of just how good different virii scanners work. I currently have a collection of about 5 different ones I use.

I find that nod often catches things that kasperski doesn't but not always. The reason I like to use escan is because of xbases though. The only thing this version cleans is virii and not spyware and other things like it. It does make a good backup scanner to check against adaware and spybot. It seems to catch some things that adaware and spybot don't. I still have to clean those things by hand though.

This all gives me a good checking through multiple scanners. and allot of time e-scan supports adaware's findings. Spybot always seems to catch the hard things that everything else misses but doesn't catch as much as adaware. This combined ith e-scan gives me that little bit of extra security.

Sorry to bring up another old thread but I thought I might share my simple little batch file for updating and running eScan 4.4.7
simply save the following file as eScan.bat and place in your escan free folder then run it. It will prompt you for action as to updating scanning etc. I find it is really easy to slip on a USB stick and pass out to people with infestations when I don't have the time. You can also place it on your desktop or wherever as long as you change the paths (ex .\ to C:\Escan\*.*) to your eScan folder.

@echo off
REM ======================================================================
REM
REM Batch File -- Created with SAPIEN Technologies PrimalScript 3.1
REM
REM NAME: eScan.bat
REM
REM AUTHOR: DTM , Zer0-Tec Systems
REM DATE : 3/30/2005
REM
REM COMMENT: eScan KAV based Antivirus scanner file sanner and updater
REM
REM ======================================================================

REM Set Window title and explination
TITLE eScan free command line front end - By DTM

REM Description
ECHO.
ECHO This utility will allow you to use eScan free to check your PC for
ECHO virii. This batch file also gives you the option to update your
ECHO virus definition as long as you have an active internet connection.

REM Choices
:start
ECHO.
ECHO 1. Update your virus definitions*
ECHO 2. Launch the eScan free console
ECHO 3. Update and then Scan*
ECHO 4. Exit program
ECHO.
ECHO NOTE: You need an active internet connection for the asterik marked options.
ECHO.
set choice=
set /p choice=Please make your choice from the options above:
if not '%choice%'=='' set choice=%choice:~0,1%
if '%choice%'=='1' goto UPD
if '%choice%'=='2' goto SCN
if '%choice%'=='3' goto USC
if '%choice%'=='4' goto EXT
ECHO "%choice%" Please try another option
ECHO.
goto start

REM Update section
:UPD
CLS
ECHO Starting antivirus update from KAV update server.
START .\kavupd.exe
CLS
goto start

REM Scan section
:SCN
CLS
ECHO Please allow time to launch the eScan console, after pressing any key.
ECHO.
PAUSE
START .\mwavscan.com /sc /sysarea
CLS
goto start

REM Update and Scan combo
:USC
CLS
ECHO Starting update from KAV servers, then launching scan.
START .\kavupd.exe
ECHO.
ECHO Please allow time for the scanner to load after you press any key.
ECHO.
PAUSE
START .\mwavscan.com /sc /sysarea
CLS
goto start

REM exit
:EXT
CLS

HTH
LK

Very useful. Thanks

{QUOTE-> Very useful. Thanks <-QUOTE}
Np problem, and after looking at it I realized it was a little to basic so I modified it a little bit, I added a line that creates a text file with the date of you last update, which in turn is displayed after you run the batch once, so just add this batch to your *\Bases folder and you are good to go.

@echo off
REM ======================================================================
REM
REM Batch File -- Created with SAPIEN Technologies PrimalScript 3.1
REM
REM NAME: eScan.bat
REM
REM AUTHOR: DTM , Zer0-Tec Systems
REM DATE : 3/30/2005
REM
REM COMMENT: eScan KAV based Antivirus scanner file scanner and updater
REM Place this file in your *\Bases directory and run from there
REM ======================================================================

REM Set Window title and explination
TITLE eScan free command line front end - By DTM

REM Description
CLS
ECHO.
ECHO Description:
ECHO This utility will allow you to use eScan free, a Kaspersky based
ECHO solution to check your PC for virii. This batch file also gives
ECHO you the option to update your virus definitions so long as you
ECHO have an active internet connection.
ECHO.
ECHO Instructions:
ECHO Select your desired option below. Please note that updating requires
ECHO an internet connection which has already been initiated. Dialup is
ECHO supported but not recommended as virus definition updates can be large
ECHO at times.
ECHO.
REM Choices
:start
ECHO.
ECHO 1. Update your virus definitions
ECHO 2. Launch the eScan free console
ECHO 3. Update and then Scan
ECHO 4. Exit program
ECHO.
TYPE .\update.txt
ECHO.
set choice=
set /p choice=Please make your choice from the options above:
if not '%choice%'=='' set choice=%choice:~0,1%
if '%choice%'=='1' goto UPD
if '%choice%'=='2' goto SCN
if '%choice%'=='3' goto USC
if '%choice%'=='4' goto EXT
ECHO "%choice%" Please try another option
ECHO.
goto start

REM Update section
:UPD
CLS
ECHO Starting antivirus update from KAV update server.
DEL .\update.txt
ECHO Your last update was %DATE%. >> .\update.txt
START .\kavupd.exe
CLS
goto start

REM Scan section
:SCN
CLS
ECHO Please allow time to launch the eScan console, after pressing any key.
ECHO.
PAUSE
START .\mwavscan.com /sc /sysarea
CLS
goto start

REM Update and Scan combo
:USC
CLS
ECHO Starting update from KAV servers, then launching scan.
DEL .\update.txt
ECHO Your last update was %DATE%. >> .\update.txt
START .\kavupd.exe
ECHO.
ECHO Please allow time for the scanner to load after you press any key.
ECHO.
PAUSE
START .\mwavscan.com /sc /sysarea
CLS
goto start

REM exit
:EXT
CLS

4.4.7 seems to no longer work. As you can see the virus defs are updated yet it
mwavscan.com won't start. It seems someone put a stop to the free lunch (also the bat file needs to change to "KAVUpd.exe" - seems to be recognizing caps):

http://img80.echo.cx/img80/2540/escan7zr.jpg (http://www.imageshack.us)

I may be not understanding all there is to know about the last posts. However my Mwav 4.4.7 still works. I just updated and ran a scan.
Did I miss something?

Jerry

Well, my experience is that the screenshot shows the latest update as today. I then get a pop-up, stating the database is older than 30 days, when trying to start escan. At this point escan fails to start.

Hi.

My escan still works here after a update today, bases dated with todays date.

Just want to say thanks as well lynchknot for the great FF themes U do.

You're welcome oddbod (hehe,odd Nic) - you are using 4.4.7?

Perhaps someone will come along and can help me.

{QUOTE-> Well, my experience is that the screenshot shows the latest update as today. I then get a pop-up, stating the database is older than 30 days, when trying to start escan. At this point escan fails to start. <-QUOTE}

No problems here - just updated and everything runs fine. I would suggest you try updating again.

Ned

When i update, it creates copies of the files in my download dir & the root of the drive it installed on in a folder called bases, i just cut all the files from the bases folder & paste them in the mwav dir.

Maybe if U still have the self extracting zip file it comes in U can try deleting the the mwav folder & unzip it again & try to update?

Yes im using 4.4.7 at the moment as a backup for NOD.

As for the themes, i a fan of Ur work & wanted to say thanks.

lynchknot,
I have no expertise in this area. Firecat helped me a lot, and if he is around perhaps he can help.
I will be glad to try to answer any question.
I do have mine loaded in C:\bases if that helps any.

Jerry

You might try copying kavupd.exe from one of the new versions over. I noticed that the updater did change some, but works fine for me in the old version. I also noticed that the updater has started copying the updates to Bases_X rather than just Bases.

I also enjoy your themes, Lynchknot, they're the best :)

thanks guys. I just re downloaded and deleted the old one. It works now but I have a problem of outpost reporting a port scan while updating. I had to exclude that IP.

Hi lynchknot, just want to say I'm a fan of your FF skins so thanks :)

Also glad your eScan works now, mine always work fine. 8)

lol - you damn stalker! :lurking: yeah, you know I'm a fan of Fastgame's computer hardware.

After reading i still don't understand the differences.

The 4.47 can clean, but 4.8.7 can not.
So apart from that what are the difference? Can the 4.8.7 only report? Can it delete as well? ( If so than what is the difference between delete and Clean )

What about the engine? etc?

And my Signature files always stay at 17/5 / 2005.......

I also wonder if it is possible to design another GUI for it?

I think the main difference is that versions after 4.4.7 can onlt detect, not clean or delete.

Version 4.4.7 can be updated manually. If you're using a newer version, just download a new version whenever a new updated version is released. For example, their website currently says:

{QUOTE-> Last Updated : 5/24/2005 9:38:39 AM <-QUOTE}

I think updated versions are released about once per week.

Ned

@Ned it is reversed, 4.4.7 Scans and Cleans, 4.8.7 only shows you what is infected and then tells you that you should buy eScan. ;)

{QUOTE-> @Ned it is reversed, 4.4.7 Scans and Cleans, 4.8.7 only shows you what is infected and then tells you that you should buy eScan. ;) <-QUOTE}

That's what I said - versions after 4.4.7 can only detect, not clean or delete :)

Ned

{QUOTE-> That's what I said - versions after 4.4.7 can only detect, not clean or delete :)

Ned <-QUOTE}
I missed that, after, must have been the onlt. Oops :)

hehe - my bad, t and y are next to each other ;D

Here is the batch file again I just checked it to make sure it works, also it now adds the time of day it was updated. HTH
@echo off
REM ======================================================================
REM
REM Batch File -- Created with SAPIEN Technologies PrimalScript 3.1
REM
REM NAME: eScan.bat
REM
REM AUTHOR: DTM , Zer0-Tec Systems
REM DATE : 3/30/2005
REM
REM COMMENT: eScan KAV based Antivirus scanner file scanner and updater
REM Place this file in your *\Bases directory and run from there
REM ======================================================================

REM Set Window title and explination
TITLE eScan free command line front end - By DTM

REM Description
CLS
ECHO.
ECHO Description:
ECHO This utility will allow you to use eScan free, a Kaspersky based
ECHO solution to check your PC for virii. This batch file also gives
ECHO you the option to update your virus definitions so long as you
ECHO have an active internet connection.
ECHO.
ECHO Instructions:
ECHO Select your desired option below. Please note that updating requires
ECHO an internet connection which has already been initiated. Dialup is
ECHO supported but not recommended as virus definition updates can be large
ECHO at times.
ECHO.
REM Choices
:start
ECHO.
ECHO 1. Update your virus definitions
ECHO 2. Launch the eScan free console
ECHO 3. Update and then Scan
ECHO 4. Exit program
ECHO.
TYPE .\update.txt
ECHO.
set choice=
set /p choice=Please make your choice from the options above:
if not '%choice%'=='' set choice=%choice:~0,1%
if '%choice%'=='1' goto UPD
if '%choice%'=='2' goto SCN
if '%choice%'=='3' goto USC
if '%choice%'=='4' goto EXT
ECHO "%choice%" Please try another option
ECHO.
goto start

REM Update section
:UPD
CLS
ECHO Starting antivirus update from KAV update server.
DEL .\update.txt
ECHO Your last update was %DATE% at %time% >> .\update.txt
START .\kavupd.exe
CLS
goto start

REM Scan section
:SCN
CLS
ECHO Please allow time to launch the eScan console, after pressing any key.
ECHO.
PAUSE
START .\mwavscan.com /sysarea
CLS
goto start

REM Update and Scan combo
:USC
CLS
ECHO Starting update from KAV servers, then launching scan.
DEL .\update.txt
ECHO Your last update was %DATE% at %time% >> .\update.txt
START .\kavupd.exe
ECHO.
ECHO Please allow time for the scanner to load after you press any key.
ECHO.
PAUSE
START .\mwavscan.com /sysarea
CLS
goto start

REM exit
:EXT
CLS

@Ned- :)

May be RejZoR could make us a GUI for this?

And i know why my signature hasn't been updated.... It is becoz it downloaded into another folder. So i just copy and paste into my orginal folder.

I have been using 4.4.7 since about last December. I had a lot of trouble setting it up to scan/clean. After I got it set up it manually updates daily.

Here is the thread where Firecat finally got me straight as to how to set it up. Once set up it is a snap.
http://www.wilderssecurity.com/showthread.php?t=67183&page=1&pp=25&highlight=JerryM

I recommend that you go through that thread, and I think you will find it fairly easy to set up. I had to go to the bases folder to get it working correctly. When Firecat is available he is now and expert after having to help me. ;D

Jerry

Jerry