What happened to the Messenger Plus! forums on msghelp.net?
Shoutbox » MsgHelp Archive » Skype & Technology » Skype & Live Messenger » Is my NOD32 scanning transfer files?

Is my NOD32 scanning transfer files?
Author: Message:
Dreamsilver
Junior Member
**


Posts: 17
Joined: Jan 2007
O.P. Is my NOD32 scanning transfer files?
Here's what I have in my File Transfer scanning path

"C:\Program Files\ESET\ESET NOD32 Antivirus\ecls.exe" /adv-heur /adware /arch /auto /boots /files /mail /no-log-all /pattern /quarantine /rtp /sfx /subdir /unsafe /unwanted /action=clean %1

I'm not sure if its working or anything, because I don't see any window or anything scanning when I receive a transferred file.
07-14-2008 09:36 AM
Profile PM Find Quote Report
Spunky
Former Super Mod
*****

Avatar

Posts: 3658
Reputation: 61
36 / Male / Flag
Joined: Aug 2006
RE: Is my NOD32 scanning transfer files?
I think it all needs to be in the quotes, because the arguments form part of the path... Have you tried it without them?
<Eljay> "Problems encountered: shit blew up" :zippy:
07-14-2008 07:48 PM
Profile PM Find Quote Report
Butcher_ss
Junior Member
**


Posts: 57
39 / Male / Flag
Joined: Mar 2004
RE: Is my NOD32 scanning transfer files?
Download this file and put it into your NOD32 Antivirus folder.

ScanFile

Then paste this into WLM where it says scan files using:

"C:\Program Files\ESET\ESET NOD32 Antivirus\scan.cmd"


scan.cmd is a text file renamed to cmd with certain parameters in it. When you receive a file the cmd file will initialise a command line scan for NOD32 showing you the results, example:

[Image: test1.jpg]
07-21-2008 04:16 AM
Profile E-Mail PM Find Quote Report
CookieRevised
Elite Member
*****

Avatar

Posts: 15517
Reputation: 173
– / Male / Flag
Joined: Jul 2003
Status: Away
RE: Is my NOD32 scanning transfer files?
quote:
Originally posted by Dreamsilver
Here's what I have in my File Transfer scanning path

"C:\Program Files\ESET\ESET NOD32 Antivirus\ecls.exe" /adv-heur /adware /arch /auto /boots /files /mail /no-log-all /pattern /quarantine /rtp /sfx /subdir /unsafe /unwanted /action=clean %1

I'm not sure if its working or anything, because I don't see any window or anything scanning when I receive a transferred file.
The error you make is the use of the %1 tag.

Windows Live Messenger does not replace any command line tags like that. Instead it simply concats the filename to the command line string.

Thus loose the %1 and it will work...

Also see CookieRevised's reply to scan receiving files



----------------------------------------------------------------------------

quote:
Originally posted by SpunkyLoveMuff
I think it all needs to be in the quotes, because the arguments form part of the path... Have you tried it without them?
Windows Live Messenger will already add quotes if the path or name of the file has spaces in it.

The thing which he did wrong was using '%1'....



----------------------------------------------------------------------------

quote:
Originally posted by Butcher_ss
Download this file and put it into your NOD32 Antivirus folder.

ScanFile
That batch file has some errors:


1) Change the first line from:
    echo off
to
    @echo off


2) Never hard copy a path in the batch file, this most likely will not work for other people (not everybody uses the same folder names). Instead simply add:
    ecls.exe %1 /aind /files /no-boots /arch /mail /sfx /rtp /no-subdir /adware /unsafe /unwanted /pattern /heur /adv-heur /action=clean /quarantine /no-log-all

...thus without any path (and quotes). Also try to loose the base-dir parameter for that very same reason.

If this doesn't work (then the command line scanner is not programmed that good), you could always retrieve the startup/base path by using the %0 tag (the complete startup command line) and some of the extended variables for string manipulation like so: %~dp0. This will strip the drive and path name from the used parameter.

Thus:
    "%~dp0ecls.exe" %1 /base-dir="%~dp0" ...........


3) Remove the 'exit' command. It is only usefull if you want to exit with a specific error code or want to close the window even if you happen to use the batch file from the command line manually.

So, you should realy leave it out or add the parameter /B (which will both have the same result).
If you want to use it, do not use it without the /B parameter for stuff like this! But as said, using the /B parameter is just the same as not using the exit command at all.

The /B parameter makes that you will exit the batch file with the last generated errorlevel code. If NOD32 is programmed decently and it reported an infected file, the chance is very high that it also outputs an errorlevel code. In that way, this code will be passed to Windows Live Messenger and will on its turn show the user that the received file is infected in the conversation window (anything different than errorlevel code 0 will generate that message).


4) I dont know the command line tool of NOD32, but most likely it also outputs DOS Errorlevels like I said above. This can also be used in the batch file itself. In that way you can check if a file was infected and either wait (thus 'pause') so the user can see the results, or simply quit without showing anything, which is more user-friendly than always pauzing.

Moreover, isn't there already a parameter for NOD32 to wait for user input if an infection is detected??? Almost all scanners I know of have such a parameter. This would make this whole batch file bussiness realy unneeded.


;)

This post was edited on 07-21-2008 at 11:12 AM by CookieRevised.
.-= A 'frrrrrrrituurrr' for Wacky =-.
07-21-2008 10:03 AM
Profile PM Find Quote Report
Magneto
New Member
*


Posts: 1
Joined: Jul 2008
RE: Is my NOD32 scanning transfer files?
Let me get this straight...I used the cmd line originally like Dreamsilver and took out the %1 tag. I scanned a file and the cmd flashed and then that was it.

Is a log only generated in my ESET NOD32 folder if there is a virus or corrupt file?

2)Will you be able to see details of the scan if you use Butcher's batch file? and just changeing the echo error,removing the exit and leaving the pause to see the result? Removing the base-dir paramater as mentioned.

3)So no batch file is needed just a cmd to pause and log? Is this correct? thnx for all help in advance :) I'm getting frustrated :S
07-28-2008 09:22 PM
Profile E-Mail PM Find Quote Report
CookieRevised
Elite Member
*****

Avatar

Posts: 15517
Reputation: 173
– / Male / Flag
Joined: Jul 2003
Status: Away
RE: Is my NOD32 scanning transfer files?
quote:
Originally posted by Magneto
Let me get this straight...I used the cmd line originally like Dreamsilver and took out the %1 tag. I scanned a file and the cmd flashed and then that was it.

Is a log only generated in my ESET NOD32 folder if there is a virus or corrupt file?

2)Will you be able to see details of the scan if you use Butcher's batch file? and just changeing the echo error,removing the exit and leaving the pause to see the result? Removing the base-dir paramater as mentioned.

3)So no batch file is needed just a cmd to pause and log? Is this correct? thnx for all help in advance :) I'm getting frustrated :S
1) I don't know. If it isn't you most likely will be able to add a parameter to the command line (or in the batch file) which will log everything. I don't know the NOD32 parameters, so you must look for yourself in the help files.

Also note the /no-log-all parameter, which dreamsilver used. This will have something todo with it. I would be very surprised if their wasn't a parameter to create a log file....



2) I don't know. Again, this could depend on the parameters you enter at the command line. There will most likely be a parameter which tells the command line scanner to pauze and/or ask for user-input when a virus is found.

When you use such a parameter, a batch file would become almost useless.

Though I strongly suspect that the parameter /auto or /action=clean, which dreamsilver used, prevents any pauze and prompt. I think the /auto parameter will automatically clean stuff. If this is so, then it is a parameter which should be used with great care! Automatic cleaning is not always a good thing (eg: you might damage files which have had a false warning). It is far better to let the scanner prompt for action.

If there isn't a parameter to let it prompt for action (I strongly doubt that though), then it might also be possible that the command line scanner returns DOS errorlevel codes, which could then be used in a batch file to pauze the output when a virus is found or do other stuff depending on what was scanned and found.



3) Completely depends on what the command line scanner can do on its own, and on what you want to do.



-----

The best advice I can give is to read the help files and documents of the command line scanner. They will explain everything and show you what each parameter is for >
ecls /help or ecls /? or ecls -help or ecls -h or ecls -?
(one of those will most likely show you a list of command line parameters and their uses)



PS: eventhough you could probably do everything from the command line (thus without a batch file), it might be handy if you still create a batch file so that you can use the command line scanner from anywhere on your hard disk. This because the command line scanner from NOD32 requires that the virus definitions can be found in the same current directory. Thus doing something like:
   C:\>  C:\Program Files\NOD32\ecls.exe
will not work.

Hence why I suggested to Butcher_ss to use the "%~dp0" batch file parameter to automatically extract the startup path which then can be used as a parameter for /base-dir. See note 2 in my previous post.

This post was edited on 07-28-2008 at 11:51 PM by CookieRevised.
.-= A 'frrrrrrrituurrr' for Wacky =-.
07-28-2008 10:49 PM
Profile PM Find Quote Report
« Next Oldest Return to Top Next Newest »


Threaded Mode | Linear Mode
View a Printable Version
Send this Thread to a Friend
Subscribe | Add to Favorites
Rate This Thread:

Forum Jump:

Forum Rules:
You cannot post new threads
You cannot post replies
You cannot post attachments
You can edit your posts
HTML is Off
myCode is On
Smilies are On
[img] Code is On