Command line scanner problems

Discussion in 'ESET NOD32 Antivirus' started by julio99, Oct 6, 2011.

Thread Status:
Not open for further replies.
  1. julio99

    julio99 Registered Member

    Joined:
    Dec 23, 2008
    Posts:
    91
    Location:
    Ontario,Canada
    I use a download manager to DL most of my files and with that said this Mngr. allows you to addd a command line script to check the files you download for malware...... Anyway, I use ESET Nod 32 AV 5 for my antivirus and I tried to figure out a script that would allow me to scan the file, clean it or quarantine it, and log it. It would also be nice if I could see it performing said actions, but that is not totally neccessary. I'm adding a screenshot of a script I wrote that doesn't work as is not logging. I tried to follow the parameters, but alas I'm coming up short. The parameters that I found in the knowledgebase were for AV 4 and I'm running 5. Could I please get some help or instructions from one of you smart guys??
     

    Attached Files:

    • CLS.PNG
      CLS.PNG
      File size:
      9.1 KB
      Views:
      93
  2. toxinon12345

    toxinon12345 Registered Member

    Joined:
    Sep 8, 2010
    Posts:
    1,200
    Location:
    Managua, Nicaragua
    Why not add the program to the list of Web and email clients?
     
  3. julio99

    julio99 Registered Member

    Joined:
    Dec 23, 2008
    Posts:
    91
    Location:
    Ontario,Canada
    How exactly does that work? You know what Internet Download Manager does right? When It finishes downloading a file or picture or whatever, the 2 boxes I put in that attachment are for adding a command line scanner option. How does adding this program to the Web Protection line get the files that it downloads scanned. I'm not following how this option works for what I'm asking.
     
  4. Seer

    Seer Registered Member

    Joined:
    Feb 12, 2007
    Posts:
    1,596
    Location:
    Singidunum
    Why would you want to scan files with cl scanner when they're already scanned by the shields?
     
  5. julio99

    julio99 Registered Member

    Joined:
    Dec 23, 2008
    Posts:
    91
    Location:
    Ontario,Canada
    I don't understand why you would ask me that. If I use a download manager and i download a file with it there is no way that file is going to get scanned before I use it unless a/I scan it manually b/ I set up a command line scan for that file before I use it which by the way could be immediately. The Internet Download Manager gives me the option to have my downloaded files scanned before I use them or open them. It's a matter of convenience. I know if the file I download sits around long enough it is eventually going to get scanned. All I wanted was a simple script for scanning the downloaded file from the commandline. I don't think I wrote that correctly because I'm not finding it in the ESET Log of scanned items.
     
  6. Seer

    Seer Registered Member

    Joined:
    Feb 12, 2007
    Posts:
    1,596
    Location:
    Singidunum
    I didn't use ESET in years, but it still scans files on disk writes, does it? One would think so, as every other resident AV does that.
     
  7. julio99

    julio99 Registered Member

    Joined:
    Dec 23, 2008
    Posts:
    91
    Location:
    Ontario,Canada
    What do you mean by disk writes. You speak of shields. I use the antivirus not the smart security and there are no shields in the Nod 32 AV5. Let me ask you a quick question and maybe you'll see my logic Nick. When you download a music or document or any file, do you just open it and hope that your antivirus scanned it, or do you like right click and scan it via context menu? One way or another you have that file scanned before you use it and most people prefer to know that the file is actually being scanned. This command line scan is just a way of my eset scanner doing the work for me before I open it. And if it's dirty or virus it'll quarantine.
     
  8. Seer

    Seer Registered Member

    Joined:
    Feb 12, 2007
    Posts:
    1,596
    Location:
    Singidunum
    I don't think you quite understand how real-time AVs work. I don't "hope" that my AV scanned it, I know it did. I only hope that the AV didn't miss (either by signature or by heuristics) the malware. You're telling me that you context-scan every file you download? Why do you use ESET then, why not just use Malwarebytes, it's free.
     
  9. julio99

    julio99 Registered Member

    Joined:
    Dec 23, 2008
    Posts:
    91
    Location:
    Ontario,Canada
    I am definitely not an expert on how antivirus runs, but I use it for real time protection. Any file I download I scan before I open it. My email I let slide because I do believe Nod is scanning most of those when I recieve them. If I download a file there is no way that file can be scanned by Nod before I open it if I get it and open it immediately upon finish. What is the reason for a right click scanner. More bloat? I always thought it was for scanning a file before you open it. I know my real time protection can take care of me in most things but I have yet to have any kind of infection in 5 years. I just prefer to right click scan any files I download for "Immediate" use. I feel safer than just jumping ahead and regretting it later. I do have Malwarebytes. I run an occasional full scan with that also every month or so. With all the crap that idiot hackers are filling us with, it really doesn't hurt to be a little more careful.
     
  10. Seer

    Seer Registered Member

    Joined:
    Feb 12, 2007
    Posts:
    1,596
    Location:
    Singidunum
    As I said, I didn't use ESET for a long time, but if I remember well it had a limit on file size (possibly a customizable option), so to not degrade system performance while scanning large files. This is when context-scan option comes into play, to manually scan those large files. Otherwise, a proxy-based web scanner would scan payloads of all files while they're being transfered over port 80 (a http port your dl manager uses). Even with web scanner off, files would still be scanned by the real-time protection while they're being written to disk, so a file is scanned before the write is complete. If a malware is found, the write is denied.
    Someone correct me, but it works that way, doesn't it?
     
  11. julio99

    julio99 Registered Member

    Joined:
    Dec 23, 2008
    Posts:
    91
    Location:
    Ontario,Canada
    I think the file size option you're talking about is entirely up to the person making the decision, (Not scanning files larger thano_O) if that;s what you're referring to. Anyway. I set the web access according to the other poster's advice and I checked the box next to the IDM app making it "more active" which I suppose will get NOD to pay a bit more attention to it. I still have to read a bit more on this to better get a sense of what I need and don't need to do.
     
  12. toxinon12345

    toxinon12345 Registered Member

    Joined:
    Sep 8, 2010
    Posts:
    1,200
    Location:
    Managua, Nicaragua
    File scanning is not limited by the object size.


    Ok, you enabled active mode for IDM, good. Now try adding it to Advanced setup>web and email>protocol filtering>web and email clients.
    Hopefully that will scan the data as a whole through all ports.
     
    Last edited: Oct 6, 2011
  13. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    First of all, active mode is not recommended to be enabled for download managers and streaming media players. It indeed makes sense to run a command line scan when a file manager completes a download as files downloaded in fragments obviously would not be scanned by web protection.
    I assume that using the parameters "--clean-mode=standard --quarantine" will do what you wanted to achieve.
     
  14. julio99

    julio99 Registered Member

    Joined:
    Dec 23, 2008
    Posts:
    91
    Location:
    Ontario,Canada
    That's what I thought from the start but everyone else was guiding me other ways. The only thing I started out asking was to have it weitten for me as the one I was using didn't appear to be working as I couldn't see it in the ESET logs.
    /files/clean-mode=standard/quarantine/log-all/aind That is what I put in the box at the bottom. Is that one written right. I think the box at the top needed quotes to make it run. (First post at the top) the boxes I'm talking about.I'm not sure what order they need to be put in either. Thanks for your help.
     
    Last edited: Oct 7, 2011
Thread Status:
Not open for further replies.