Malformed containers are deleted although the action in Command Line Scanner is set to ‘-onerror leave’
| Article:TECH150023 | | | Created: 2011-01-23 | | | Updated: 2011-01-27 | | | Article URL http://www.symantec.com/docs/TECH150023 |
Problem
You are using Command Line Scanner (a command driven tool to scan files) and notice that files are deleted even though you are using the parameter –onerror with a value of 'leave'.
Environment
Command Line Scanner (ssecls.exe) is installed when you install Symantec Scan Engine (SSE).
Command Line Scanner is an API that lets you use the Symantec Scan Engine service (symcscan.exe) for scanning files.
Cause
This is caused by the default action for the antivirus scanning mode.
If you do not specify a scanning mode (using the parameter '-mode' and a value), the scan policy defaults to scanrepairdelete.
Command Line Scanner tries to repair infected (violating) files, but if files cannot be repaired they are deleted by the Command Line Scanner.
The parameter ‘-onerror’ does not relate to an action for a scan error but to what should happen if the Command Line Scanner has a problem attempting to replace an infected file.
The parameter ‘-onerror’ is applied later in the scanning process.
If a scan error occurs, the configured action for antivirus scanning is applied.
If that action is delete there is no longer a file to which to apply the ‘-onerror’ setting (should that be necessary).
Solution
The solution is to set the antivirus scanning parameter to
-mode scan
or
-mode scanrepair
In the first case the file is scanned but no repair is attempted.
In the second case the file is not deleted if the repair fails.
|
|
| Description | More about the -mode and the -onerror parameters: -mode -onerror
|
Related Articles
Article URL http://www.symantec.com/docs/TECH150023
Terms of use for this information are found in Legal Notices
Thank you.