cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted

EICAR.COM not deleted by Command line scanner

Jump to solution

Context
I'm building a test-service (a windows service that uses the McAfee command line scanner). I'm now trying to test the service by using Eicar.com

This is the information above any scan log. I know it's outdated, but for testing purposes this doesn't really matter. All I need to accomplish is that the Command Line Scanner is getting the right parameters.

McAfee VirusScan Command Line for Win32 Version: 6.0.6.653
Copyright (C) 2015 McAfee, Inc.
(408) 988-3832 LICENSED COPY - december 24 2015

AV Engine version: 5800.7501 for Win32.
Dat set version: 8024 created Dec 23 2015
Scanning for 670673 viruses, trojans and variants.

This program is more than 25 months old. New viruses come out all the
time - we would suggest that you upgrade your copy.

 

ProblemWhen using the following command:

EICAR_Testfile.txt /CLEAN /UNZIP /report=scan.log

The report will show:

 

2018-Feb-06 15:27:50


Options:
EICAR_Testfile.txt /CLEAN /UNZIP /report=scan.log 

EICAR_Testfile.txt [MD5:44d88612fea8a8f36de82e1278abb02f] ... Found: EICAR test file NOT a virus.
	No Repair information available.
	The File has been renamed.


Summary Report on EICAR_Testfile.txt
File(s)
	Total files:...................     1
	Clean:.........................     0
	Not Scanned:...................     0
	Possibly Infected:.............     1
	Cleaned:.......................     0
	Deleted:.......................     0

I suppose this is all fine. I don't care it's unable to clean it. It was renamed. Fine by me.

 

However. In the production environment I want the scanner to delete the files. So I use the following command:

EICAR_Testfile.txt /DEL /UNZIP /report=scan.log

 The report will show:

2018-Feb-06 15:23:33


Options:
EICAR_Testfile.txt /DEL /UNZIP /report=Scan.log 



Summary Report on EICAR_Testfile.txt
File(s)
	Total files:...................     1
	Clean:.........................     0
	Not Scanned:...................     1
	Possibly Infected:.............     0
	Deleted:.......................     0

This is incorrect. At least: I think it is. It's no longer recognizing the fact that it's an Eicar test file and it's not even scanning it. I have no idea what's going on. Can anyone help me?

 

1 Solution

Accepted Solutions

Re: EICAR.COM not deleted by Command line scanner

Jump to solution

I renamed the file to EICAR.COM and ran the commandline scanner again. Result: succes!

 

McAfee VirusScan Command Line for Win64 Version: 6.1.0.155
Copyright (C) 2016 McAfee, Inc.
(408) 988-3832 LICENSED COPY - februari 08 2018

AV Engine version: 5900.7806 for Win64.
Dat set version: 8797 created Feb 6 2018
Scanning for 668663 viruses, trojans and variants.


2018-Feb-09 09:53:53


Options:
eicar.com /DEL /report=ManualScanLocal.log 

eicar.com [MD5:44d88612fea8a8f36de82e1278abb02f] ... Found: EICAR test file NOT a virus.
	The file has been deleted.


Summary Report on eicar.com
File(s)
	Total files:...................     1
	Clean:.........................     0
	Not Scanned:...................     0
	Possibly Infected:.............     1
	Deleted:.......................     1



Time: 00:00.01

Should you get to this point: thanks for reading. I appreciate it 🙂

 

4 Replies

Re: EICAR.COM not deleted by Command line scanner

Jump to solution

We updated the scanner. New information:

McAfee VirusScan Command Line for Win64 Version: 6.1.0.155
Copyright (C) 2016 McAfee, Inc.
(408) 988-3832 LICENSED COPY - februari 08 2018

AV Engine version: 5900.7806 for Win64.
Dat set version: 8797 created Feb 6 2018
Scanning for 668663 viruses, trojans and variants.

Same problem though.

 

Re: EICAR.COM not deleted by Command line scanner

Jump to solution

I renamed the file to EICAR.COM and ran the commandline scanner again. Result: succes!

 

McAfee VirusScan Command Line for Win64 Version: 6.1.0.155
Copyright (C) 2016 McAfee, Inc.
(408) 988-3832 LICENSED COPY - februari 08 2018

AV Engine version: 5900.7806 for Win64.
Dat set version: 8797 created Feb 6 2018
Scanning for 668663 viruses, trojans and variants.


2018-Feb-09 09:53:53


Options:
eicar.com /DEL /report=ManualScanLocal.log 

eicar.com [MD5:44d88612fea8a8f36de82e1278abb02f] ... Found: EICAR test file NOT a virus.
	The file has been deleted.


Summary Report on eicar.com
File(s)
	Total files:...................     1
	Clean:.........................     0
	Not Scanned:...................     0
	Possibly Infected:.............     1
	Deleted:.......................     1



Time: 00:00.01

Should you get to this point: thanks for reading. I appreciate it 🙂

 

Reliable Contributor chrisnlc
Reliable Contributor
Report Inappropriate Content
Message 4 of 5

Re: EICAR.COM not deleted by Command line scanner

Jump to solution

I noticed EICAR based files when set to an executable file extension (.exe, .com etc) does not get deleted but only detected. Same with VSE and ENS on-demand scans. If you have one or two EICAR files on your system with a daily scan then it gets picked up every day.

Re: EICAR.COM not deleted by Command line scanner

Jump to solution

Like I said, when I name it EICAR.COM it will get detected and deleted (if my options say /DEL.

More McAfee Tools to Help You
  • How-to: Endpoint Removal Tool
  • Support: Endpoint Security
  • Visit: Business Service Portal
  • More: Search Knowledge Articles
  • ePolicy Orchestrator Support

    • Download the new ePolicy Orchestrator (ePO) Support Center Extension which simplifies ePO management and provides support resources directly in the console. Learn more about ePO Support Center