Endpoint Protection

Hello
I use Symantec Antivirus Corporate edition for my Windows server, And i am trying to scan single files on demand and save log files
The only file i can find that should be able to do the job for me is DoScan.exe but it doesn't seem to work.

I tried with eicar test file like this:

DoScan.exe c:\eicar.com /LOGFILE="C:\Logfile.log"

And the result is:

Started QuickScan 06/05/2009 16:33:55
Duration of Scan in Seconds = 23
Scan Ended. Status = 0

So tell me please, how can i scan a single file using command line? (and save report)

Oops mistake by me, the syntax i am using is this:

DoScan.exe /cmdlinescan c:\eicar.com /LOGFILE="C:\Logfile.log"

Hi,

Not sure if single files can be scanned with vpscan, but you could try.

http://service1.symantec.com/SUPPORT/ent-security.nsf/0/7fce382ff2eacc1288256c4d0050c605?OpenDocument

- Jukka

DoScan.exe is not supported for single file/ folder scans. You already assumed this since it didn't work. Also as a note for anyone else that is working with DoScan.exe you should know that because DoScan.exe makes a call to Rtvscan.exe and uses the current local virus definitions, Auto-Protect must be enabled. Just thought that might be helpful for someone else reading this. Also I don't know if I am getting exactly why you are doing this. Are you hoping to get a more complete log from scanning a particular file, or do you want just logs that relate to that particular file being scanned.  I think if we know why it might give us a better idea on how to tell you to do this. I have never tried this so hopefully someone else will enlighten us. Thanks.
Grant

Hi,

unfortunately what I know is that DoScan does not support the scan of single files or folders via the command line. You can just run a quick scan or a full scan.
In this I am not in the office and I am not able to find the related document.

Regards,

I think we were clear on what we want to accomplish. We need a full report for 1 specific file we scan. For example with panda I can get a log output like:

---------------------------------------------------
Date                : 11/05/2009
Time                : 00:10:56
File checked        : C:\eicar.com

   Found virus :EICAR-AV-TEST-FILE 



                 Panda CommandLineSecure 9.05.01 (c) Panda 2008                

Time employed for scan .............: 00:00:01
Number of files scanned ............: 1
Number of files infected ...........: 1
Number of suspicious files .........: 0
Number of files disinfected ........: 0
Number of files renamed ............: 0
Number of files deleted ............: 0

                          Copyright Panda Security 2008    

dru33  i think the comments about not understanding what you are doing are more general in nature.

What is the bigger problem or need you are trying to address by scanning a single file?

Often times the big picture can be addressed in a different manner than you are attempting.

Yes Giuseppe is right you can do this, but I think he wants it from the command line. I am not sure that is possible. To scan a single file normally you can just right click and select scan. You get a report for just this single file in the SEP manager (same for SAV). The report looks very similar to what dru posted above just in a gui window. My question again is it is not clear why you want to do this from the command line, instead of the normal way. So Rubust if you could give a little more info on what exactly you want from this then that would be good. Thanks

Grant

First of all norton has the worst community forums ever, you will find meaningless post about the command line scanner all over the web.

I tell you what did I figure out with hard work:

 1, navc < outdated
 2, vpscan < only works with business edition products (you cant get any report out of it)
 3, navwnt32 or whatever the main exe of norton av 2009+norton internet security 2009 (this will delete the infected files and you cant export the report)
 4, DoScan.exe /cmdlinescan c:\eicar.com /LOGFILE="C:\Logfile.log" (cant scan single file, folder cant be specified)

So is it possible with *any* norton products to start an automated scan from a batch file to scan a single file and create a report log or not?

Thanks rweessen, you hit the nail on the head with what I am meaning. I understood what he is asking, but by asking why he wants to do this I hope to come up with a solution to the 'bigger" problem. ie the reason they need to run a scan of one file from the command line. Thanks for clarifying what I was meaning. Appreciate it.
Grant-

Not to be completely cynical, but the first thing that comes to mind is a simple way to test if my new package I just created in metasploit will pass vendor x's defs+engine.  If I can get a simple command line scanner from each vendor, this becomes easy and automated.

I'm hoping there is another reason I'm just not thinking of right now.

I need this for automated scanning of files what users upload to  one server and why norton ? Because my company only bought those AVs so I don't have a choice.

If you have network scanning on this happens already and automatically. I still need to hear back from Robust to see if his/her needs are being met. This was Robust post to begin with, so I don't want to start posting and forget about Robust. So Dru if you want to talk about this more feel free to make another post or PM me, and I will be happy to help.
Thanks
Grant

If SAV or SEP is installed and autoprotect is on, this is happening already.  The big difference would be you can't script it, its just automatic.  You can however kick off notifications to be emailed or a script be run from the SEPM anytime that server finds an infected file in whichever upload directory you specify.

Does that accomplish what you need?  It may not be the way you originally envisionsed, but the end result is likely the same.

Hi Grant,

I would like to do a scan a file from the command line and get the output as mentioned by dru33,

Time employed for scan .............: 00:00:01
Number of files scanned ............: 1
Number of files infected ...........: 1
Number of suspicious files .........: 0
Number of files disinfected ........: 0
Number of files renamed ............: 0
Number of files deleted ............: 0

is there any way we can do it with the doscan.exe or by any other way.

Regards,

Xtreams

I find Robust's question quite clear. The person merely wants to automate scanning a single file using a command line, and output the information from the scan to a log in a directory and file name of that person's choice WITHOUT having to perform the action manually by using the context menu (right click on the file, and select Scan). Are there any command line arguments for Rtvscan.exe that will allow a program to call the Rtvscan.exe executable with command line arguments?

This is an example of wanting to call rtvscan.exe from a different program (one a user has developed) to scan the file MyFile.exe in folder C:\MyFolder to determine whether the file is infected.

Example: rtvscan.exe C:\MyFolder\MyFile.exe

Robust wants to output the information to his own log. Not the log created by the antivirus program. Is that possible as well?

Check out this link. It may help you.

*edited*  this link was posted in the third post in this thread by Jukka Ruotsila

Sorry for the late reply. In general you can run a scan from the command line by using doscan.exe. However doscan.exe does not support specification of individual files or folders. The log files for this scan will get outputted to the default location for logs but you can change where they get outputted by editing the command, but I feel this is not what you guys are wanting. As far as I know Symantec does not have a scanner that will scan a single file from the command line. Hopefully someone else will correct me with this if I am wrong, but I have not seen it. Hope this helps
Grant-

Hi Grant,

Thanks for the Reply.
Yeah I would like to get the out put of the scanned file/folder(bunch of files in folder) report in a text format with doscan.exe or any other way  that would serve the purpose.
Grant, if you are not able help me with this can you please escalate it to some one in Product Development who can help me to get the output as I mentioned in earlier post.
Hoping to see a positive reply.

Regards,

xtreams.