Command-Line Parameters for Manual scanning
|
|
Info
To scan a system from the Command-line using the terminal, run the following command escan [OPTIONS]... [OBJECT]....
This command will scan and clean directories for viruses and other malwares.
The manual for escan can be accessed using command
#man escan
The command-line option is available in eScan for Linux Desktop and eScan for Linux File Servers
Synopsis
escan [OPTIONS]... [OBJECT]...
Options
Scan Actions
These option are the action to be taken in case of any infected object found by scanner.
-ly, --log-only
Only Report infection found / detected in the scanned log. No action on infected
files.
-dl, --disinfect-log
Will try to Disinfect, if not possible shall Report infection found / detected in the scanned log.
-dd, --disinfect-delete
Will try to Disinfect, if not possible shall delete the infected object.
-dq, --disinfect-quarantine
Will try to Disinfect, if not possible shall quarantine (Default) the infected object.
-dr, --disinfect-rename
Will try to Disinfect, if not possible shall rename the infected object.
-dp, --disinfect-prompt
Will try to Disinfect, if not possible shall prompt for the action to be taken on the infected object.
Following Actions will be prompted:
Do Nothing
Delete
Quarantine
Rename
Cancel Scan
-di, --delete-infected
Will Delete the Infected object.
-ri, --rename-infected
Will Rename the Infected object.
-qi, --quarantine-infected
Will Quarantine the Infected object.
-pr, --prompt
Will Prompt for an Action to be taken on the infected object without trying to disinfect it.
-qp, --quarantine-path*
Sets the Quarantine Path for the infected object. It sets action as quarantine.
While setting Quarantine Path, make sure that user has write permission to
directory.
Example
# escan -qp /var/MicroWorld/var/quarantine/escan
-re, --rename-extension*
Renames infected file with this extension. Extension must be alphanumeric string
starting with alphabet and 1 to 5 characters long. Please do not put dot (’.’)
before extension value.
Example
# escan -re mwt
NOTE:Quarantine path and Rename extension Parameters are descarded, if action is set as ’prompt’.
In that case default qurantine path ’/var/MicroWorld/var/quarantine/escan’ and default rename extension ’.mwt’
will be used.Also, provide only one of -qp or -re, otherwise both the parameters will be ignored and default values
will be used.
Recursion Options
These option defines the objects and sub-objects to be scanned during scanning.
-rr, --recursion
Will Scan files in the Directories and in the Sub-Directories recursively.
By default this option is enabled.
-rr-, --no-recursion
Will scan only the files in the directory of subject to scan without following
any sub-directory in the path.
-lk-, --no-symlink
While scanning the object(s), any symbolic link in the path will be will not be
followed and will be ignored. By default, all symbolic link scanning is disabled.
-lk, --all-symlink
While scanning the object(s), any symbolic link in the path will be resolved and
will be scanned.
-cr-, --no-cross-fs
While resolving the symbolic link in scan path or object, if any object is found
on other device (physical device or logical file system), the object will be
ignored and path will not be followed. By default, any cross file system scanning
is diabled.
-cr, --cross-fs
While resolving the symbolic link in scan path or object, if object(s) is/are
foundon other device, the path will be followed for scanning.
Scan Options
These option defines the types of objects to be scanned during scanning.
-m0, --mem-scan-only
In current scan session, scan memory for any virus(es).
-m, --mem-scan
For every scan, memory will be scanned before performing any other scanning.
By defualt, memory is set to scan at every scan session startup.
-m-, --no-mem-scan
Disbale all memory scan at scan session startup.
-au, --auto-update
At every scan session startup, update virus definition database, before scanning.
-pk, --pack
Scan packed files on scan path.
-pk-, --no-pack
Do not scan any packed files on scan path.
-ac, --archives
Scan archived files on scan path.
-ac-, --no-archives
Do not scan archived files on scan path.
-db, --mails
Scan plain mails & mail database files on scan path.
-db-, --no-mail
Do not scan plain mails & mail database files on scan path.
-hu, --heuristic
Perform heuristic checks for any suspected pattern of unknown virus(es) in object(s).
-hu-, --no-heuristic
Do perform heuristic checks for suspected pattern of unknown virus(es).
-sx, --scan-ext
Scan file(s) having defined extension(s).
Seperate multiple extensions by ’,’.
Example:
To scan files having extensions exe
# escan -sx exe /home
To scan files having extensions exe or com
# escan -sx exe,com /home
-xx, --exclude-ext
Exclude file(s) having defined extension(s) on scan path.
Seperate multiple extensions by ’,’.
Example:
To exclude files having extension exe type
# escan -xx exe /home
To exclude files having extension exe, com type
# escan -xx exe, com /home
NOTE: By default, all files with extension ’.mwt’ will be exclude, if not explicitly declared in scan extension list.
-xd, --exclude-dirs
Exclude directory(ies) on scan path.
Seperate multiple directories by ’,’.
Example:
To exclude the /var directory from scanning
# escan -xd /var /
To exclude the /var and /opt directory from scanning
# escan -xd /var,/opt /
-dh, --max-depth
While performing recursive scanning, it allows scanner to follow the defined
number of depth only. This option is ignored, if recursive scanning is disabled.
Example:
To scan upto 2 level of depth while scanning /home
# escan -dh 2 /home
-ms, --max-size
As larger files takes more time to scan, exclude the larger file(s) by providing
this option. suffix the size parameter with
’b’ for byte / ’k’ for kilo-bytes / ’m’ for mega-bytes.
If no suffix is provides, scanner assumes the size parameter in KB.
Example:
To exclude files larger than 5 MB
# escan -mx 5m /home
General Options
These option defines the types of logging during scanning and other general options.
-v, --version
Display the MicroWorld eScan version inforamtion(s).
y0, --display-none
Do not display any output on the terminal while scan is in progress.
-ym, --display-minimum
Display Minimum output on terminal. Only initialization alert,
scan configuration and scan result statistics will be printed.
-yi, --display-infected
In addition to above information, all infection and action details
will be printed to terminal.
-y, --display-all
Display eveything on terminal.
-l, --log-path
Will set the scan log file path. eScan creates escan directory in
log directory to differentiate escan log from other logs.
-l0, --no-log
Do not log any thing. No log file will be created.
-lm, --log-minimum
Log Minimum infomation. Only initialization alert, scan configuration
and scan result statistics will be printed.
-li, --log-infections
In addition to above information, all infection and action details
will be printed in log file.
-la, --log-all
Log everything.
-ss, --save-settings
Save the provided scan setting as default settings before scanning.
-so, --save-only
Save the provided scan setting as default settings and exit without
scanning.
-G, --restore-global
This option is available to non-root user’s only. All user (except root)
has their own default settings configuration saved. This option reset
the user’s default settings with the Global settings (root’s settings).
-ui, --av-info
Display the AV engine version, last virus signature update date and
virus signature count and exit.
Update Options (for root users login only)
These option defines the types of logging during scanning and other general options.
These options are available to root user only.
-u, --update
Start downloading the latest virus definitions.
-x, --use-proxy
Use Proxy for downloading the updates from internet.
-x-, --no-proxy
Do not use the Proxy for downloading the updates from internet.
-xi, --proxy-ip
IP Address of the Proxy Server.
-xt, --proxy-port
Port of the Proxy Server
Example:
To download the Virus defination using the proxy setting
# escan -u -xi 192.168.0.25 -xt 8080
-xa, --use-proxy-auth
Use the Proxy authentication for downloading the virus definition.
-xa-, --no-proxy-auth
Do not use Proxy authentication for downloading the virus definition.
-xu, --proxy-user
Proxy authentication user name.
-pw, --proxy-passwd
Proxy authentication password.
-ul, --server-list
Use update server(s) instead of default update server (not recommended).
Separate multi servers by comma.
-xs, --use-https
Use the secure http to download updates.
-xs-, --use-http
Do not use secure http to download updates.
-to, --time-out
Set the connection time out (in seconds) for downloading updates.
-rc, --retries
Set the retry count in case of connection failure for downloading.
These options are available to root user only.
Schedule Options (for root users login only)
These options allows to schedule a scanning jobs. These options are available to root user only.
-sc, --save-schedule
Save the Scheduled Job for scanning. This option requires a parameter
as UNIQUE job name. Job name must be alphanumeric starting with an alphabet and
1 to 10 characters long.
-min, --minute
Schedule job minutes of hour [0-59].
-hr, --hour
Schedule job hour of day [0-23].
-day, --month-day
Schedule job day of month [1-(28/29/30/31)].
-wd, --week-day
Schedule job day of week [0-6] (0 Sun/1 Mon/.../6 Sat).
-mon, --month
Schedule job month of yesk [1-12].
-fq, --frequency
Schedule job frequency.
0 once
1 hourly
2 daily
3 monthly
4 weekly
-ds, --del-schedule
Delete save scheduled job. This option requires a parameter
as existing job name.
Example:
# escan -ds <job name>
-do, --delete-old
Purge all expired/outdated schdules.
Note:
All schedules accepts scan and action parameters (except memory scan options),
that will be saved for new job. By default, schedules are saved with the default
scan options
Schedule examples:
To schedule a scanning to run only ONCE on the current date at paritcular time:
# escan -sc job1 -fq 0 -hr 15 -min 30 /home
Above command saves schedule with name job1, that will start scan at
15:30 on current day.
To schedule a scanning to run only ONCE on specified date at particular time:
# escan -sc job2 -fq 0 -day 1 -mon 10 -hr 15 -min 30 /home
Above command saves schedule with name job2, that will start scan at
15:30 on 1st of octobor.
To schedule a scanning to run at every HOUR:
# escan -sc job3 -fq 1 -min 59 /home
Above command saves schedule with name job3, that will start scan at
59th minute of every hour.
To schedule a scanning to run Daily at a particular:
# escan -sc job4 -fq 2 -hr 15 -min 40 /home
Above command saves schedule with name job4, that will start scan at
2:15 every day.
To schedule a scanning to run every MONTH:
# escan -sc job5 -fq 3 -day 1 -hr 15 -min 30 /home
Above command saves schedule with name job5, that will start scan at
15:30 on 1st of every month.
To schedule a scanning to run every WEEK:
# escan -sc job6 -fq 4 -wd 3 -hr 15 -min 30 /home
Above command saves schedule with name job5, that will start scan at
15:30 on every Wednesday.
Help Options
-h,--help
Print this help message and Exit