Using the Symantec AntiVirus Scan Engine Command Line Scanner

Article:TECH82008  |  Created: 2004-01-27  |  Updated: 2011-11-16  |  Article URL http://www.symantec.com/docs/TECH82008
Article Type
Technical Solution

Environment

Issue



You want to use the Symantec AntiVirus Scan Engine Command Line Scanner (SSECLS).

 


Solution



Use SSECLS from a command line. The following is the basic command line syntax.

ssecls [options] <file|directory> [file|directory]

 


Notes: In the line above there is a single space between each part. For example there is a space between ssecls and [options]. When inserting an option, replace [options] with the command. For example: ssecls -verbose
 



You can use several options with SSECLS. The following lists each option and associated defaults:

-server <IP1>:[port1]
Defaults to server 127.0.0.1:1344.
Multiple servers can be specified for load balancing.
 


Notes:
In the option above, insert the IP address for <IP1> followed by a colon. For example: -server 127.0.0.1:1344
You can add multiple IP addresses and ports using the syntax -server <IP1>:[port1];<IP2>:[port2]
An example: -server 127.0.0.1:1344;127.122.122.1:8081




-mode <scan|scanrepair>
Defaults to the Scan Engine's scan policy.

-verbose
Display file name and infection status for every file scanned.

-details
Display detailed infection information for infected files.

-timing
Display the total time required to scan the file.

-recurse
Recurse through directories.

-onerror leave|delete
Defaults to delete infected file when error occurs replacing the file.



Additional notes for Symantec Antivirus Command Line Scanner included with Symantec AntiVirus Scan Engine 4.3.6 and up:
The command-line scanner has been enhanced with new options to exclude certain files from scanning, and with the ability to redirect console output to a log file. Three command line arguments control these new capabilities.

Enhanced Logging

-log path

To redirect console output to a log file, use the argument '-log _path_' where _path_ is a full or partial path to a file. The file will be created if it does not exist, or overwritten if it does exist. When running in this mode, most output is sent to the log file instead of the screen; instead, savsecls writes a series of dots to the screen as it scans files so that you can 'see' progress.

Exclusions

-exclude *.ext | path/to/file | /path/to/dir
To exclude files by name, a rule file must be created. The format of the file is one string per line, where the string may contain:

  • A simple filename (such as "memo.doc") which causes files matching that name to be skipped regardless of the folder in which they are found. To skip all files with a given extension, use the syntax "*.ext". This is the only supported use of a wildcard.
  • A full pathname to a specific file in which case that specific file will be skipped.
  • A full pathname to a directory, in which case every file in that directory will be skipped.


Once a rule file has been created, run savsecls with the argument '-exclude _path_' where _path_ is the path to the rule file created above.

-maxsize size in bytes
To exclude files above a certain size from being scanned, use the argument '-maxsize _bytes_' where any file _bytes_ size or greater will be skipped by savsecls (e.g. such files are never sent to the scan engine.)


 


Notes:

  • SSECLS will ignore symbolic links. (Unix file systems only)
  • SSECLS is an inclusive scanner, it will scan all files that it is directed to scan. The ability to exclude files was added to the 4.3.6 version of the product.





 



Legacy ID



2004022714215354


Article URL http://www.symantec.com/docs/TECH82008


Terms of use for this information are found in Legal Notices