need advice on setting up scan of file transfers

Discussion in 'ESET NOD32 Antivirus' started by jayt, Nov 8, 2007.

Thread Status:
Not open for further replies.
  1. jayt

    jayt Registered Member

    Joined:
    Aug 30, 2004
    Posts:
    345
    Location:
    PA - USA
    How do I set up Nod32 v. 3 to scan file transfers using MSN (MS Live Messenger)? I had no problem setting it up with v. 2.7, but can't figure it out on v. 3. Thanks for any help. Should I add it as an internet browser?
     
    Last edited: Nov 8, 2007
  2. jayt

    jayt Registered Member

    Joined:
    Aug 30, 2004
    Posts:
    345
    Location:
    PA - USA
    Bump - getting lost on page 2
     
  3. GAN

    GAN Registered Member

    Joined:
    Mar 3, 2007
    Posts:
    355
    Here is one example that works (if you use ESS the path is different and have to be changed):

    "C:\Program Files\ESET\ESET NOD32 Antivirus\ecls.exe" /base-dir="C:\Program Files\ESET\ESET NOD32 Antivirus" /log-all /aind /no-boots /adware /sfx /unsafe /unwanted /heur /adv-heur /action=clean

    It should all be on a single line. You could type "ecls.exe /help" as well to see the parameters and add/remove the parameter you want or not want. I couldn't get the "/action=prompt" parameter to work and assume that is a bug. So using "/action=clean" anything infected will be cleaned or put into quarantine, but you won't get notified since the dos window close to fast to see what is infected and what is not.

    Another option if you want to see the result is to create a batch file. So what i did is to create the files "scan.cmd" with the following 3 lines:

    @echo off
    "C:\Program Files\ESET\ESET NOD32 Antivirus\ecls.exe" /base-dir="C:\Program Files\ESET\ESET NOD32 Antivirus" /log-all /aind /no-boots /adware /sfx /unsafe /unwanted /heur /adv-heur /action=clean %1
    pause

    and then i placed the scan.cmd in the nod32 directory and used the following in msn:

    "C:\Program Files\ESET\ESET NOD32 Antivirus\scan.cmd"

    That way i always see the result of the scan and have to press a key to close the window.
     
    Last edited: Nov 8, 2007
  4. jayt

    jayt Registered Member

    Joined:
    Aug 30, 2004
    Posts:
    345
    Location:
    PA - USA
    Gan, thanks for your reply. In the Nod32 v. 2.7 you could do this in the following manner: go to 'Tools' in MSN's toolbar and choose 'Options...' In the new window select 'File Transfer' and tick the box beside 'Scan files for viruses using:' Then press the 'Browse' button and locate nod32.exe which is in the Eset folder. There is not a nod32.exe file in v. 3 -There is a ecls.exe, but using that a window flashes up and then closes. Is there any way other than using a command line to do what v. 2.7 did?
     
  5. GAN

    GAN Registered Member

    Joined:
    Mar 3, 2007
    Posts:
    355
    Yes i know and you can do the same thing with 3.0, but version 3.0 only have ecls.exe for command line scanning which is a shame i think. As i described you can create a .cmd file with the 3 lines then you are able to see the result of the scanning (instead of the flashing window as you described) because the window won't close until you press a key.

    All the parameters is not required, but i would recommend them to enable features that make the detection rate higher. Version 2.7 had similar parameters. When using version 2.7 i use these parameter:

    "C:\Program Files\ESET\nod32.exe" /scanboot- /scanmem- /scanmbr- /sound- /break- /scroll+ /pattern+ /heur+ /scanfile+ /arch+ /sfx+ /pack+ /adware /unsafe /unwanted /antistealth+ /ah /prompt /cleanmode /quarantine

    When i tried 3.0 for a while i used the parameters as described in the previous post with a batchfile as described.

    If you choose to not use any of the parameters a lot of features is not enabled and that is the same for 2.7 and 3.0. Also using some parameter you can disable scanning of memory and boot sector since the purpose is to scan the file only and i see no reason why the memory should be scanned each time a file is transferred. But i guess what parameters to use is up to everyone to decide what they prefer.
     
  6. jayt

    jayt Registered Member

    Joined:
    Aug 30, 2004
    Posts:
    345
    Location:
    PA - USA
    Thanks again Gan. I set it up using your command file. Thanks for taking the time to help me with this.
     
  7. Darken

    Darken Registered Member

    Joined:
    May 16, 2007
    Posts:
    52
    Location:
    Canada
    Thanks.
     
  8. Weyrman

    Weyrman Registered Member

    Joined:
    Nov 11, 2007
    Posts:
    12
    I used your 3 line scan.cmd file with the firefox plugin "download statusbar" and found that it scanned all the files in the firefox folder rather than the 1 file that I had downloaded. I put the scan.cmd file in the new eset folder along side ecls.exe and set the path to it using the search button next to the "Antivirus Program Location" field.

    Any suggestions?
     
  9. stanny

    stanny Registered Member

    Joined:
    Aug 19, 2007
    Posts:
    4
    Hello guys,

    I have a couple of questions about the latest Nod32 parameters.

    - What's the log file for Nod, because when I try to use /log-file=Nod32.log it doesn't seem to do the job.
    - Where does the /quarantaine parameter go, it didn't seem to work here (in the Nod32 manual it says that quarantaine is a supplement for action)
    - What does /aind do

    I would appreciate your help! Thanks in advance.

    Greetings,
    Stanny
     
  10. GAN

    GAN Registered Member

    Joined:
    Mar 3, 2007
    Posts:
    355
    Hi Stanny,

    I went back to 2.7 because i didn't like 3.0 so cannot remember every parameter and cannot check since i don't use 3.0 anymore, but i think the /log-file parameter only log infected files by default and you need another parameter to log all the scanned files.
    I do believe i used the /quarantaine parameter in addition to /clean with success, but not 100% sure since i cannot remember exactly. I couldn't make the /action parameter work though so i assume that is a bug.
    For the /aind it basically show a indicator of the scanning progress. Try to use ecls to scan a large file with and without /aind and you can easily see the difference. For smaller files it's to fast to see.

    But it wouldn't surprise me if ecls contains several more bugs that i didn't see.....i found a couple after 10 minutes of testing before i figured i like 2.7 much better so went back to 2.7 for good.
     
  11. leBeatnik

    leBeatnik Registered Member

    Joined:
    Apr 3, 2008
    Posts:
    8
    I am currently using this method with several programs to scan newly downloaded programs but having to close the window evey time gets annoying besides removing "pause" from the batch file is there a pause variable that will pause for say 5 seconds then close? I want to be able to see but I dont necisarily need it to ask me to close. I wish the "Prompt" variable seams to be bugged as I would set it to prompt and remove the pause so it will only pause when there is a problem as that is all I am interested in. As I think most are the same.

    So far your script is working great all i need now is to work out the pause and the prompt thing (possibly in a future version) I am only using v3.0.621 as I am too lazy to upgrade it again until a very stable ver of v3 is out.

    I should know this but I haven't used dos very since XP came out. I sure could pound it out on my 386, I wish I saved it as an "antique" LoL
     
Thread Status:
Not open for further replies.