ewido console scanner

Discussion in 'ewido anti-spyware beta forum' started by peter.ewido, Feb 13, 2006.

Thread Status:
Not open for further replies.
  1. peter.ewido

    peter.ewido former ewido team

    Joined:
    Nov 10, 2003
    Posts:
    737
    Location:
    Brno, Czech Republic
    ewido command line scanner

    We have decided to release our internal command line scanner as beta version to the public so you can use it e.g. for scheduled scans etc.
    The main reason for it being a beta version is that although we use it internally, we didn't have the time to test it carefully enough to call it a final... :)

    Code:
      ################################################
      #   ewido anti-malware - Console Scanner 3.5   #
      ################################################
    
    
      ewidoscan Options [[File|Folder]...]
    
      Example:
         ewidoscan /clean /backup /memory /nocookies C:\windows D:\mybadfile.exe
    
    
      Options:
    
      /clean           Cleans if an infection was found
      /backup          Make a backup of an infected file
                       and moves it into the quarantine
      /memory          Executes a memory scan
      /registry        Executes a registry scan
      /nocookies       Disables scan for cookies
      /nospyware       Disables scan for spyware
      /noriskware      Disables scan for riskware
      /report          Generates a scan report (Report.txt)
      /report=File     Generates a scan report and saves it to
                       File e.g.
                       /report="C:\Documents and Settings\Foo.txt"
    
      /trace           The console scanner saves a trace log of
                       the scan.
      /no_archives     Do not scan in archives.
      /no_heuristics   Do not use heuristics
      /no_binder       Do not scan for binding threats.
      /no_crypter      Do not scan for executable packer
                       (UPX,petite,FSG...)
      /no_ntfsads      Do not scan for NTFS Alternative Data
                       Streams
    
    It should be pretty self-explaining :)

    Again, please keep in mind that this version is still untested and unsupported. As always with beta software: Use at your own risk :)

    http://download.ewido.net/ewido-console-scanner.exe

    The setup will copy the scanner "ewidoscan.exe" to your ewido directory. You can run it from there e.g. using cmd.exe... It will only run from within the ewido directory as it requires the other program components.

    Any feedback is welcome :)
     
    Last edited: Feb 14, 2006
  2. siliconman01

    siliconman01 Registered Member

    Joined:
    Mar 6, 2003
    Posts:
    780
    Location:
    West Virginia (USA)
    Nice addition while waiting V4.0 with scan scheduler (I assume).

    Does work through setup in the Task Scheduler.

    Would be great to see a little progress report in the CMD window as well as in the Report such as:

    "Scanning Memory"
    "Scanning Registry"
    "Scanning C:"
    etc.

    Also a /minimize option to minimize the CMD window on startup.

    Looks and runs quite good !
     
  3. Uffbros

    Uffbros Registered Member

    Joined:
    Jul 19, 2003
    Posts:
    157
    Location:
    Altoona,Pa
    I bring up a command prompt...I have tried 100 combinations to get this to work and they all say cannot find path....I have the file in the correct directory...How should this look from a command prompt just to run the scanner with none of the switches?
     
  4. Uffbros

    Uffbros Registered Member

    Joined:
    Jul 19, 2003
    Posts:
    157
    Location:
    Altoona,Pa
    Ok..I got it up..Now how do I do it to just scan all the files without cleaning? I do this because I don't want it cleaning my keylogger that I know is mine ? Thanks
     
  5. peter.ewido

    peter.ewido former ewido team

    Joined:
    Nov 10, 2003
    Posts:
    737
    Location:
    Brno, Czech Republic
    The default setting is not to clean... Only if /clean is specified, it will do so...
     
  6. berng

    berng Registered Member

    Joined:
    Sep 11, 2005
    Posts:
    246
    Location:
    NJ, USA
    I'll wait for version 4. Its not a big deal for me to do manual scans.

    Assuming, ver 4 will have the capability to set scheduled scans.
     
  7. Uffbros

    Uffbros Registered Member

    Joined:
    Jul 19, 2003
    Posts:
    157
    Location:
    Altoona,Pa
    I'm still not getting it here... I have the window up in the command prompt and it gives me all the switches..Now how do I do a scan without cleaning? Attached is what I am looking at now. What do I type in after my last entry there?
     

    Attached Files:

  8. cheater87

    cheater87 Registered Member

    Joined:
    Apr 22, 2005
    Posts:
    3,121
    Location:
    Pennsylvania.
    if its a console scanner how can i scan my ps2 and xbox?:p
     
  9. WSFuser

    WSFuser Registered Member

    Joined:
    Oct 7, 2004
    Posts:
    10,632
    since it already scans w/o cleaning, just type "ewidoscan [path to file]" where [path] is the path to the file/folder/drive u wanna scan

    e.g. ewidoscan C:\temp\
     
  10. peter.ewido

    peter.ewido former ewido team

    Joined:
    Nov 10, 2003
    Posts:
    737
    Location:
    Brno, Czech Republic
    lol, you're right, it should be called command line scanner :)
     
  11. Uffbros

    Uffbros Registered Member

    Joined:
    Jul 19, 2003
    Posts:
    157
    Location:
    Altoona,Pa
    What if you want it to scan all of C Drive?
     
  12. peter.ewido

    peter.ewido former ewido team

    Joined:
    Nov 10, 2003
    Posts:
    737
    Location:
    Brno, Czech Republic
    ewidoscan.exe c:\
    :)
     
  13. Bubba

    Bubba Updates Team

    Joined:
    Apr 15, 2002
    Posts:
    11,271
    ewidoscan c:\
     
  14. Carver

    Carver Registered Member

    Joined:
    Feb 5, 2006
    Posts:
    1,827
    Location:
    USA
    I tryed that, I even went to ewido directery and double clicked on ewidoscan.exe . No console
     
  15. WSFuser

    WSFuser Registered Member

    Joined:
    Oct 7, 2004
    Posts:
    10,632
  16. Carver

    Carver Registered Member

    Joined:
    Feb 5, 2006
    Posts:
    1,827
    Location:
    USA
    Yes I did, I am on windows XP Home SP2.
     

    Attached Files:

    Last edited by a moderator: Feb 19, 2006
  17. WSFuser

    WSFuser Registered Member

    Joined:
    Oct 7, 2004
    Posts:
    10,632
    can u scan folders or files? also how to run the command prompt, from the start menu or do u use the run command and type in cmd? (i doubt itd make a difference but im covering the bases)
     
  18. Carver

    Carver Registered Member

    Joined:
    Feb 5, 2006
    Posts:
    1,827
    Location:
    USA
    Yes I can scan files and folder with ewido., and Command prompt: start/program files/ Command Prompt
     
  19. WSFuser

    WSFuser Registered Member

    Joined:
    Oct 7, 2004
    Posts:
    10,632
    try running cmd from the run dialog box.
     
  20. Carver

    Carver Registered Member

    Joined:
    Feb 5, 2006
    Posts:
    1,827
    Location:
    USA
    Ok done.
     

    Attached Files:

    Last edited by a moderator: Feb 19, 2006
  21. WSFuser

    WSFuser Registered Member

    Joined:
    Oct 7, 2004
    Posts:
    10,632
    does it work in safe mode? also try downloading/installing the scanner again
     
  22. Carver

    Carver Registered Member

    Joined:
    Feb 5, 2006
    Posts:
    1,827
    Location:
    USA
    Safe mode:no exact same result. Download/install scanner again:exact same result. Sorry I couldn't bring screen shot from safe mode.
     
  23. Jensendk

    Jensendk Registered Member

    Joined:
    Mar 20, 2006
    Posts:
    1
    As I see your problem, its the lack of knowledge to the Command prompt.

    Changing directory needs quotes when a space is in the name of the directory

    cd "c:\program files\Ewido Malware scan"

    remember the tab in command line window..

    Jens
     
  24. rmetzger

    rmetzger Registered Member

    Joined:
    Apr 7, 2005
    Posts:
    5
    Location:
    Worcester, MA, USA
    Hi all,

    I have just found the Command Line Scanner version and I am impressed with it's capabilities. But I could use some help with it's use.

    I have several feature requests:

    1) Can a new argument be added, /unattended, which would handle cleaning (if /clean has also been issued) so that the scan can continue without user requests. Basically, eliminate the need for user interaction, so that this can be run in true batch mode.

    2) Can a new argument be added, /quiet, which would allow the scan to happen without any (or hidden) command window. This would imply /unattended.

    3) Exclusions: I use several 'utilities' that in the wrong hands could be used for harm. Some of these potentially unwanted programs are OK and useful, again used carefully. As such, I would like to be able to create a list of files to Exclude from cleaning or deleting.

    For an security officer or network administrator, this is a useful and needed feature.

    Can a new argument be added, /excludelist="ExcludeFileList" where this file contains a list of file names to be excluded.

    In the list I would expect that each exclusion would be on it's own line, with or without a pathspec and any other parameters needed for the exclusion. Without a starting pathspec, the filename would be excluded no matter where it is located. With a pathspec, the exclusion starts at that path.

    Additional parameters would be whether to include subdirectories in the exclusion. Of course, wildcards would be really nice.

    4) Relative directory and UNC support: /report="Filespec" currently requires a fully qualified filespec for logging. On different systems, the log file might need to be on different drives. Some, C: others on F: etc. However, logging to a relative filespec would be more useful, as sometimes it doesn't matter which drive I am on.

    Additionally, it would be nice to send the logs to a central location on the network using a UNC notation instead.

    ex. /report="\\myserver\ewido-logs\%COMPUTERNAME%.log"
    ex. /report="ewido anti-malware\%COMPUTERNAME%.log"

    5) /backup is useful, but could also point to another location, instead of the defaults used within. Like the above, the backups should be able to be relocated to a central store for further analysis by the network administrator or security team.

    ex. /backup="\\myserver\ewido-quarantine\%COMPUTERNAME%"
    ex. /backup="ewido anti-malware\quarantine"

    When using UNCs, obviously appropriate rights need to be in place for this to work. But that's not your problem.

    6) Finally, add several parameters that indicate a type of drives to scan. This would simplify the batch file by eliminating which drives specifically need to be scanned:

    /local would be local drives (non-network, non-software drive letters)
    /removeable would be drives like A:, CD-ROM drives, flash drives, etc.
    /fixed would be local hard drives
    /network would be mapped network drives


    Anyway, these are just some thoughts.

    Thanks,
    Ron Metzger
     
Thread Status:
Not open for further replies.