Command line to scan file for NOD32 2.7

Discussion in 'ESET NOD32 Antivirus' started by Shermaine, May 7, 2008.

Thread Status:
Not open for further replies.
  1. Shermaine

    Shermaine Registered Member

    Joined:
    May 7, 2008
    Posts:
    5
    Hi, There,
    We are running NOD32 Anti virus Ver 2.7 on our desktop and server, we are looking for the command line support so we can build in the code to scan the batch file.
    Just would like to whether this product support, if yes, where I can find necessory document for it, if it is not support in this version, any other solution which we can go for?

    Many thanks in advance!

    Shermaine
     
  2. agoretsky

    agoretsky Eset Staff Account

    Joined:
    Apr 4, 2006
    Posts:
    4,032
    Location:
    California
    Hello,

    Perhaps the following will help, it's from some notes I made a while ago. Apologies for any formatting errors, as I copied and pasted it from a wiki which uses a different markup language than the forum software and I only lightly edited it.

    Regards,

    Aryeh Goretsky

    ________________________________________________________________________________​

    Listed below are NOD32's command-line options. Options listed in bold typeface are defaults. Commands, path specifications, arguments and other literals appear in Courier typeface.

    NOTE: This list is for NOD32 v2.70, not ESET NOD32 Antivirus v3.0.


    General

    /BREAK+

    Allows scanning to be paused, resumed and canceled. This is the default option.


    /BREAK-

    Prevents scanning from being paused or canceled.


    /EXPIRE+

    Displays information about the license expiration when NOD32 is run. This is the default option.


    /EXPIRE-

    Skip displaying the expiry notice.


    /HELP

    Displays a list of all of NOD32's command-line options.


    /MULTI+

    Runs NOD32 in a loop against the target specified on the command line. This can be useful for checking floppy diskettes for viruses. When a floppy diskette drive (A: or B: letter) is specified as the target, NOD32 will check the diskette for viruses and then pause, allowing you to eject the diskette and insert another for scanning.


    /MULTI-

    Disable scanning of multiple diskettes. This is the default option.


    /QUIT+

    Exit NOD32 after it finishes scanning a target.


    /QUIT-

    NOD32 will remain running after it finishes scanning a target. This is the default option.


    /SCROLL+

    Log file continuously scrolls at the bottom of the scanning window.


    /SCROLL-

    Log file does not scroll as it fills in the scanning window. This is the default option.


    /SELFCHECK+

    Performs a self-check for damage (file corruption, tampering, et cetera) when run. This is the default option.


    /SELFCHECK-

    Disables the self-check.


    /SOUND+

    Beep when a viruses are found or an error occurs. This is the default option.


    /SOUND-

    Disable beeping when viruses are found or errors occur.

    Detection


    /ADWARE

    Enables detection of adware, spyware and riskware.


    /ALL

    Scans all files regardless of their file extension. NOTE: Using the /ALL switch may slow down scanning. It is recommended you use the /ALL switch only if you are recovering from a virus infection, working in a suspect contaminated environment or scanning small sets of files, e.g., a directory of downloaded files.


    /ALL-

    Scans files based on their filename extension. Extensions scanned by default are .ASP, .BAT, .CGI, .CHM, .CLA, .CLASS, .CMD, .COM, .CPL, .CSC, .CSS, .DLL, .DOC, .DOT, .ELF, .EML, .EXE, .HLP, .HTA, .HTM, .HTML, .HTT, .INF, .INI, .JS, .JSE, .LNK, .MD?, .MPT, .MSO, .NWS, .OCX, .OV?, .PDF, .PHP, .PIF, .POT, .PP?, .PRC, .RB, .REG, .RTF, .SCR, .SCR, .SCT, .SH, .SHB, .SHS, .SMIL, .SRC, .SYS, .SWF, .SYS, .THE, .THEME, .VBE, .VBS, .VSD, .VXD, .WSC, .WSF, .WSH, .XL? and .{*. There is no difference between running NOD32 with the /ALL- command line option and without. This option was added in NOD32 v2.70.37. NOTE: In previous versions, NOD32 performed with this behavior when run without the /ALL switch.


    /ANTISTEALTH+

    Tells NOD32 to use Anti-Stealth technology when scanning. NOTE: Anti-stealth is only available under Microsoft Windows NT 4.0-derived operating systems. It does not work under Windows 95-derived operating systems, nor does it work when a computer is started in Safe Mode. This is the default option. This option was added in NOD32 v2.70.


    /ANTISTEALTH-

    Disables Anti-Stealth when scanning. This option was added in NOD32 v2.70.


    /ARCH+

    Enables scanning inside of archived files. Several archive formats are supported, including ARJ, LHA, LZH, RAR and ZIP.


    /ARCH-

    Disable scanning inside of archived files. This is the default option.


    /EXCLUDE={filename}

    Non-working option. Deprecated in NOD32 v2.7, left over from previous versions and kept so that scripts using this option would continued to operate without error.


    /EXT={extension1, extension2... extension3}

    Adds the listed file extensions to those scanned by NOD32 for viruses. Multiple extensions can be scanned by separating them with a comma, e.g., if you wished to scan files ended in .486, .TD0 and .VXE extensions, you would add "/EXT=486,TD0,VXE" to the command line.


    /LOCAL

    Scan all local non-removable disk volumes.


    /MAILBOX+

    Enables scanning inside of Microsoft Outlook (Outlook Express?) mail stores.


    /MAILBOX-

    Disables scanning mailboxes. This is the default option.


    /NETWORK

    Scan all mapped network disk volumes.


    /NTFS+

    Enables scanning inside of NTFS alternate data streams.


    /NTFS-

    Disables scanning inside of NTFS alternate data streams. This is the default option.


    /PACK+

    Enable scanning inside of files compressed with runtime packers, such as ACE, PKWare's PKLITE and UPX.


    /PACK-

    Disables scanning inside of runtime packed files. This is the default option.


    /SUBDIR+

    Check all subdirectories beneath the target directory when run. This option is typically used to scan all the subdirectories below a target directory. E.g., if you had directories on your disk named "C:\BBS\DOWNLOAD\1999\JAN", "C:\BBS\DOWNLOAD\1999\FEB" and "C:\BBS\DOWNLOAD\1999\MAR" you could scan all of them at once by specifying a target of "C:\BBS\DOWNLOAD\1999\" and using the /SUBDIR+ switch. This is the default option.


    /SUBDIR-

    Prevents subdirectories from being scanned.


    /PATTERN+

    Tells NOD32 to scan for known viruses using virus signatures (patterns). This is the default option.


    /PATTERN-

    Tells NOD32 to not scan for viruses using signatures.


    /SCANBOOT+

    Enables scanning of boot sectors on floppy and hard disk drives. NOTE: It is not possible to scan the boot sector of a file server from a workstation. This is the default option.


    /SCANBOOT-

    Prevents NOD32 from scanning boot sectors.


    /SCANFILE+

    Tells NOD32 to scan files on the target for viruses. This is the default option.


    /SCANFILE-

    Tells NOD32 not to scan files on the target.


    /SCANMBR+

    Enables scanning of master boot records on floppy disk drives. NOTE: It is not possible to scan the MBR of a file server from a workstation. This is the default option.


    /SCANMBR-

    Prevents NOD32 from scanning MBRs.


    /SFX+

    Enables scanning inside of self-extracting archive files.


    /SFX-

    Prevents NOD32 scanning inside of self-extracting archive files. This is the default option.


    /UNSAFE

    Enables scanning for Potentially Unsafe Applications (or PUsA, for short) medium-risk threats. NOTE: This category was previously called Potentially Dangerous Applications in NOD32 v2.5. This option was added in NOD32 v2.7.


    /UNWANTED

    Enables scanning for Potentially Unwanted Applications (or PUwA, for short) low-risk threats. NOTE: This category was previously called Potentially Dangerous Applications in NOD32 v2.5. This option was added in NOD32 v2.7.

    Heuristic Analysis

    /AH

    Enables advanced heuristics.


    /HEUR+

    Tells NOD32 to scan for unknown viruses using heuristics. This is the default option.


    /HEUR-

    Disables use of heuristics during scans.


    /HEURDEEP

    Enable deep heuristic sensitivity, also known as Advanced Heuristics. NOTE: Heuristics work by scanning the MBR of hard disk drives, boot sectors of floppy and hard disks and files for mechanisms used by malware. By default, NOD32 is designed to provide a balanced level of heuristic detection. Use of the /HEURDEEP option may result in an increased level of false positive reports.


    /HEURSAFE

    Use a minimal level of heuristics when scanning for viruses. This option should be specified if you are experiencing false positive alarms with NOD32's heuristics.


    /HEURSTD

    Use standard level of heuristics when scanning for viruses. This is the default option.


    Reporting


    /LIST+

    Report all system areas and files scanned for viruses and disk errors in the log file.


    /LIST-

    Report only infected system areas, files and disk errors in the log file. This is the default option.


    /LOG+

    Enable log file creation when scanning for viruses. This is the default option.


    /LOG-

    Disable log file creation.


    /WRAP+

    Wrap text to eighty (80) characters per line in the log file.


    /WRAP-

    Do not wrap text in the log file. This is the default option.


    /LOGAPPEND

    Append the results of the current scan to an existing log file.


    /LOGREWRITE

    Enable rewriting of the log file.


    /LOGSIZE={number}

    Tells NOD32 to create a log file with a maximum size of {number} kilobytes. For example, specifying "/LOGSIZE=128" on the command line tells NOD32 to create a log file no larger than 128KB. If the log file exceeds the size specified, older entries will be removed from the beginning to make room for the newest entries at the end of the log file.


    /LOG={path specification and filename}

    Tells NOD32 where to save a log file to, and what filename to use. For example, specifying "/LOG=C:\BBS\DOWNLOAD\NOD32.LOG" will tell NOD32 to create (or update or overwrite depending upon the other command-line options used) the log file "NOD32.LOG" in the "C:\BBS\DOWNLOAD\" directory. NOTE: NOD32 does not create the path specified with the /LOG= if it does not exist. It must already be present on the disk drive. Also, if saving files to a Novell NetWare server, make sure NOD32 has file-creation and file-modification privileges for the specified directory path.


    Cleaning


    /CLEAN

    Remove viruses from infected files and system areas (boot sectors and MBRs), if applicable.


    /CLEANMODE
    Enables cleaning mode. The actions taken will depend on the action settings.


    /DELETE

    Tells NOD32 to delete infected file(s) when they are found.


    /PROMPT

    Tells NOD32 to prompt the user for what action to take when a virus is found.


    /QUARANTINE

    Copy infected file to quarantine directory before taking further action (e.g., cleaning or deleting).


    /RENAME

    Tells NOD32 to rename infected file(s) when they are found.


    /REPLACE

    Tells NOD32 to replace infected boot sectors on floppy and hard disks with a standard boot sector.

    NOTE: If the /DELETE, /PROMPT, /RENAME or /REPLACE switches are used with the /CLEAN switch, the action specified will only be performed if the virus cannot be cleaned.


    Scheduling


    /DAILY

    Tells NOD32 to perform a scan for viruses once a day.


    /WEEKLY

    Tells NOD32 to perform a scan for viruses once a week.


    /PERIOD={number}

    Tells NOD32 to perform a scan for viruses every "{number}" of days.


    Network (Windows-only)


    /RECIPIENT={server names, workgroups or workstations}

    Specifies the names of the servers, workgroups or workstations to which alerts should be sent when a virus is found. Multiple entries be used. For example, specifying "/RECIPIENT=SERVER01,ADMINPC01" would send alerts to the screens of SERVER01 and ADMINPC01. This option must be used with the /MSG option.


    /MSG="{message}"

    Specifies the message to be sent when a virus is detected. The message must be placed inside double quotation marks. This option must be used with the /RECIPIENT option.


    /CENTRAL={path specification}

    Tells NOD32 the path (mapped drive) to the LAN Update Server from which to download (copy) update files.
     
  3. Shermaine

    Shermaine Registered Member

    Joined:
    May 7, 2008
    Posts:
    5
    Hi Aryeh Goretsky,
    Very appreciate your time and effort to me help me on this.
    Is this from Eset official site? Because developers is going to build-in our application to scan all the files transfered, I need make sure those command are workable.

    If you got this from official site, can you send me the original URL.

    Many thanks again!

    Shermaine
     
  4. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,375
    All these parameters are described in the help files.
     
  5. Shermaine

    Shermaine Registered Member

    Joined:
    May 7, 2008
    Posts:
    5
    Hi, agoretsky,
    I managed find out, just for your information.
    Go to dos prompt, go to C:\Program Files\ESET folder,
    type: nod32 /? it will pupop the help file which include the comand line as well.
    Anyhow, many thanks!

    Shermaine
     
  6. agoretsky

    agoretsky Eset Staff Account

    Joined:
    Apr 4, 2006
    Posts:
    4,032
    Location:
    California
Thread Status:
Not open for further replies.