From eScan Wiki
||· eScan · MailScan · Technologies||· Technical Info · Security Awareness · User Guides|
|Command-Line Parameters for Manual scanning||
To scan a system from the Command-line using the terminal, run the following command # escan [OPTIONS]... [OBJECT]... This command will scan and clean directories for viruses and other malwares.
The manual for escan can be accessed using command #man escan
The command-line option is available in eScan for Linux Desktop and eScan for Linux File Servers
escan [OPTIONS]... [OBJECT]...
These option defines the action to be taken in case of any infected object found by scanner.
-ly, --log-only Only Report infection found / detected in the scanned log. No action on infected files.
-dl, --disinfect-log Will try to Disinfect, if not possible shall Report infection found / detected in the scanned log.
-dd, --disinfect-delete Will try to Disinfect, if not possible shall delete the infected object.
-dq, --disinfect-quarantine Will try to Disinfect, if not possible shall quarantine (Default) the infected object.
-dr, --disinfect-rename Will try to Disinfect, if not possible shall rename the infected object.
-dp, --disinfect-prompt Will try to Disinfect, if not possible shall prompt for the action to be taken on the infected object. Following Actions will be prompted: Do Nothing Delete Quarantine Rename Cancel Scan
-di, --delete-infected Will Delete the Infected object.
-ri, --rename-infected Will Rename the Infected object.
-qi, --quarantine-infected Will Quarantine the Infected object.
-pr, --prompt Will Prompt for an Action to be taken on the infected object without trying to disinfect it.
-qp, --quarantine-path* Sets the Quarantine Path for the infected object. It sets action as quarantine. While setting Quarantine Path, make sure that user has write permission to directory.
Example # escan -qp /var/MicroWorld/var/quarantine/escan
-re, --rename-extension* Renames infected file with this extension. Extension must be alphanumeric string starting with alphabet and 1 to 5 characters long. Please do not put dot (’.’) before extension value.
Example # escan -re mwt
NOTE:Quarantine path and Rename extension Parameters are descarded, if action is set as ’prompt’. In that case default qurantine path ’/var/MicroWorld/var/quarantine/escan’ and default rename extension ’.mwt’ will be used.Also, provide only one of -qp or -re, otherwise both the parameters will be ignored and default values will be used.
These option defines the objects and sub-objects to be scanned during scanning.
-rr, --recursion Will Scan files in the Directories and in the Sub-Directories recursively. By default this option is enabled.
-rr-, --no-recursion Will scan only the files in the directory of subject to scan without following any sub-directory in the path.
-lk-, --no-symlink While scanning the object(s), any symbolic link in the path will be will not be followed and will be ignored. By default, all symbolic link scanning is disabled.
-lk, --all-symlink While scanning the object(s), any symbolic link in the path will be resolved and will be scanned.
-cr-, --no-cross-fs While resolving the symbolic link in scan path or object, if any object is found on other device (physical device or logical file system), the object will be ignored and path will not be followed. By default, any cross file system scanning is diabled.
-cr, --cross-fs While resolving the symbolic link in scan path or object, if object(s) is/are foundon other device, the path will be followed for scanning.
These option defines the types of objects to be scanned during scanning.
-m0, --mem-scan-only In current scan session, scan memory for any virus(es).
-m, --mem-scan For every scan, memory will be scanned before performing any other scanning. By defualt, memory is set to scan at every scan session startup.
-m-, --no-mem-scan Disbale all memory scan at scan session startup.
-au, --auto-update At every scan session startup, update virus definition database, before scanning.
-pk, --pack Scan packed files on scan path.
-pk-, --no-pack Do not scan any packed files on scan path.
-ac, --archives Scan archived files on scan path.
-ac-, --no-archives Do not scan archived files on scan path.
-db, --mails Scan plain mails & mail database files on scan path.
-db-, --no-mail Do not scan plain mails & mail database files on scan path.
-hu, --heuristic Perform heuristic checks for any suspected pattern of unknown virus(es) in object(s).
-hu-, --no-heuristic Do perform heuristic checks for suspected pattern of unknown virus(es).
-sx, --scan-ext Scan file(s) having defined extension(s). Seperate multiple extensions by ’,’.
To scan files having extensions exe # escan -sx exe /home
To scan files having extensions exe or com # escan -sx exe,com /home
-xx, --exclude-ext Exclude file(s) having defined extension(s) on scan path. Seperate multiple extensions by ’,’.
To exclude files having extension exe type # escan -xx exe /home
To exclude files having extension exe, com type # escan -xx exe, com /home
NOTE: By default, all files with extension ’.mwt’ will be exclude, if not explicitly declared in scan extension list.
-xd, --exclude-dirs Exclude directory(ies) on scan path. Seperate multiple directories by ’,’.
To exclude the /var directory from scanning # escan -xd /var /
To exclude the /var and /opt directory from scanning # escan -xd /var,/opt /
-dh, --max-depth While performing recursive scanning, it allows scanner to follow the defined number of depth only. This option is ignored, if recursive scanning is disabled.
To scan upto 2 level of depth while scanning /home # escan -dh 2 /home
-ms, --max-size As larger files takes more time to scan, exclude the larger file(s) by providing this option. suffix the size parameter with ’b’ for byte / ’k’ for kilo-bytes / ’m’ for mega-bytes. If no suffix is provides, scanner assumes the size parameter in KB.
To exclude files larger than 5 MB # escan -mx 5m /home
These option defines the types of logging during scanning and other general options.
-v, --version Display the MicroWorld eScan version inforamtion(s).
y0, --display-none Do not display any output on the terminal while scan is in progress.
-ym, --display-minimum Display Minimum output on terminal. Only initialization alert, scan configuration and scan result statistics will be printed.
-yi, --display-infected In addition to above information, all infection and action details will be printed to terminal.
-y, --display-all Display eveything on terminal.
-l, --log-path Will set the scan log file path. eScan creates escan directory in log directory to differentiate escan log from other logs.
-l0, --no-log Do not log any thing. No log file will be created.
-lm, --log-minimum Log Minimum infomation. Only initialization alert, scan configuration and scan result statistics will be printed.
-li, --log-infections In addition to above information, all infection and action details will be printed in log file.
-la, --log-all Log everything.
-ss, --save-settings Save the provided scan setting as default settings before scanning.
-so, --save-only Save the provided scan setting as default settings and exit without scanning.
-G, --restore-global This option is available to non-root user’s only. All user (except root) has their own default settings configuration saved. This option reset the user’s default settings with the Global settings (root’s settings).
-ui, --av-info Display the AV engine version, last virus signature update date and virus signature count and exit.
Update Options (for root users login only)
These option defines the settings to download the eScan AV updates from the internet.
These options are available to root user only.
-u, --update Start downloading the latest virus definitions.
-x, --use-proxy Use Proxy for downloading the updates from internet.
-x-, --no-proxy Do not use the Proxy for downloading the updates from internet.
-xi, --proxy-ip IP Address of the Proxy Server.
-xt, --proxy-port Port of the Proxy Server
To download the Virus defination using the proxy setting # escan -u -xi 192.168.0.25 -xt 8080
-xa, --use-proxy-auth Use the Proxy authentication for downloading the virus definition.
-xa-, --no-proxy-auth Do not use Proxy authentication for downloading the virus definition.
-xu, --proxy-user Proxy authentication user name.
-pw, --proxy-passwd Proxy authentication password.
-ul, --server-list Use update server(s) instead of default update server (not recommended). Separate multi servers by comma.
-xs, --use-https Use the secure http to download updates.
-xs-, --use-http Do not use secure http to download updates.
-to, --time-out Set the connection time out (in seconds) for downloading updates.
-rc, --retries Set the retry count in case of connection failure for downloading. These options are available to root user only.
Schedule Options (for root users login only)
These options allows to schedule jobs scanning. These options are available to root user only.
-sc, --save-schedule Save the Scheduled Job for scanning. This option requires a parameter as UNIQUE job name. Job name must be alphanumeric starting with an alphabet and 1 to 10 characters long.
-min, --minute Schedule job minutes of hour [0-59].
-hr, --hour Schedule job hour of day [0-23].
-day, --month-day Schedule job day of month [1-(28/29/30/31)].
-wd, --week-day Schedule job day of week [0-6] (0 Sun/1 Mon/.../6 Sat).
-mon, --month Schedule job month of yesk [1-12].
-fq, --frequency Schedule job frequency.
0 once 1 hourly 2 daily 3 monthly 4 weekly
-ds, --del-schedule Delete save scheduled job. This option requires a parameter as existing job name.
# escan -ds <job name>
-do, --delete-old Purge all expired/outdated schdules.
All schedules accepts scan and action parameters (except memory scan options), that will be saved for new job. By default, schedules are saved with the default scan options
To schedule a scanning to run only ONCE on the current date at paritcular time: # escan -sc job1 -fq 0 -hr 15 -min 30 /home Above command saves schedule with name job1, that will start scan at 15:30 on current day.
To schedule a scanning to run only ONCE on specified date at particular time: # escan -sc job2 -fq 0 -day 1 -mon 10 -hr 15 -min 30 /home Above command saves schedule with name job2, that will start scan at 15:30 on 1st of octobor.
To schedule a scanning to run at every HOUR: # escan -sc job3 -fq 1 -min 59 /home Above command saves schedule with name job3, that will start scan at 59th minute of every hour.
To schedule a scanning to run Daily at a particular: # escan -sc job4 -fq 2 -hr 15 -min 40 /home Above command saves schedule with name job4, that will start scan at 2:15 every day.
To schedule a scanning to run every MONTH: # escan -sc job5 -fq 3 -day 1 -hr 15 -min 30 /home Above command saves schedule with name job5, that will start scan at 15:30 on 1st of every month.
To schedule a scanning to run every WEEK: # escan -sc job6 -fq 4 -wd 3 -hr 15 -min 30 /home Above command saves schedule with name job5, that will start scan at 15:30 on every Wednesday.
Print this help message and Exit