cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Highlighted

EICAR.COM not deleted by Command line scanner

Jump to solution

Context
I'm building a test-service (a windows service that uses the McAfee command line scanner). I'm now trying to test the service by using Eicar.com

This is the information above any scan log. I know it's outdated, but for testing purposes this doesn't really matter. All I need to accomplish is that the Command Line Scanner is getting the right parameters.

McAfee VirusScan Command Line for Win32 Version: 6.0.6.653
Copyright (C) 2015 McAfee, Inc.
(408) 988-3832 LICENSED COPY - december 24 2015

AV Engine version: 5800.7501 for Win32.
Dat set version: 8024 created Dec 23 2015
Scanning for 670673 viruses, trojans and variants.

This program is more than 25 months old. New viruses come out all the
time - we would suggest that you upgrade your copy.

 

ProblemWhen using the following command:

EICAR_Testfile.txt /CLEAN /UNZIP /report=scan.log

The report will show:

 

2018-Feb-06 15:27:50


Options:
EICAR_Testfile.txt /CLEAN /UNZIP /report=scan.log 

EICAR_Testfile.txt [MD5:44d88612fea8a8f36de82e1278abb02f] ... Found: EICAR test file NOT a virus.
	No Repair information available.
	The File has been renamed.


Summary Report on EICAR_Testfile.txt
File(s)
	Total files:...................     1
	Clean:.........................     0
	Not Scanned:...................     0
	Possibly Infected:.............     1
	Cleaned:.......................     0
	Deleted:.......................     0

I suppose this is all fine. I don't care it's unable to clean it. It was renamed. Fine by me.

 

However. In the production environment I want the scanner to delete the files. So I use the following command:

EICAR_Testfile.txt /DEL /UNZIP /report=scan.log

 The report will show:

2018-Feb-06 15:23:33


Options:
EICAR_Testfile.txt /DEL /UNZIP /report=Scan.log 



Summary Report on EICAR_Testfile.txt
File(s)
	Total files:...................     1
	Clean:.........................     0
	Not Scanned:...................     1
	Possibly Infected:.............     0
	Deleted:.......................     0

This is incorrect. At least: I think it is. It's no longer recognizing the fact that it's an Eicar test file and it's not even scanning it. I have no idea what's going on. Can anyone help me?

 

1 Solution

Accepted Solutions

Re: EICAR.COM not deleted by Command line scanner

Jump to solution

I renamed the file to EICAR.COM and ran the commandline scanner again. Result: succes!

 

McAfee VirusScan Command Line for Win64 Version: 6.1.0.155
Copyright (C) 2016 McAfee, Inc.
(408) 988-3832 LICENSED COPY - februari 08 2018

AV Engine version: 5900.7806 for Win64.
Dat set version: 8797 created Feb 6 2018
Scanning for 668663 viruses, trojans and variants.


2018-Feb-09 09:53:53


Options:
eicar.com /DEL /report=ManualScanLocal.log 

eicar.com [MD5:44d88612fea8a8f36de82e1278abb02f] ... Found: EICAR test file NOT a virus.
	The file has been deleted.


Summary Report on eicar.com
File(s)
	Total files:...................     1
	Clean:.........................     0
	Not Scanned:...................     0
	Possibly Infected:.............     1
	Deleted:.......................     1



Time: 00:00.01

Should you get to this point: thanks for reading. I appreciate it 🙂

 

View solution in original post

4 Replies
Highlighted

Re: EICAR.COM not deleted by Command line scanner

Jump to solution

We updated the scanner. New information:

McAfee VirusScan Command Line for Win64 Version: 6.1.0.155
Copyright (C) 2016 McAfee, Inc.
(408) 988-3832 LICENSED COPY - februari 08 2018

AV Engine version: 5900.7806 for Win64.
Dat set version: 8797 created Feb 6 2018
Scanning for 668663 viruses, trojans and variants.

Same problem though.

 

Re: EICAR.COM not deleted by Command line scanner

Jump to solution

I renamed the file to EICAR.COM and ran the commandline scanner again. Result: succes!

 

McAfee VirusScan Command Line for Win64 Version: 6.1.0.155
Copyright (C) 2016 McAfee, Inc.
(408) 988-3832 LICENSED COPY - februari 08 2018

AV Engine version: 5900.7806 for Win64.
Dat set version: 8797 created Feb 6 2018
Scanning for 668663 viruses, trojans and variants.


2018-Feb-09 09:53:53


Options:
eicar.com /DEL /report=ManualScanLocal.log 

eicar.com [MD5:44d88612fea8a8f36de82e1278abb02f] ... Found: EICAR test file NOT a virus.
	The file has been deleted.


Summary Report on eicar.com
File(s)
	Total files:...................     1
	Clean:.........................     0
	Not Scanned:...................     0
	Possibly Infected:.............     1
	Deleted:.......................     1



Time: 00:00.01

Should you get to this point: thanks for reading. I appreciate it 🙂

 

View solution in original post

Highlighted
Reliable Contributor
Reliable Contributor
Report Inappropriate Content
Message 4 of 5

Re: EICAR.COM not deleted by Command line scanner

Jump to solution

I noticed EICAR based files when set to an executable file extension (.exe, .com etc) does not get deleted but only detected. Same with VSE and ENS on-demand scans. If you have one or two EICAR files on your system with a daily scan then it gets picked up every day.

Highlighted

Re: EICAR.COM not deleted by Command line scanner

Jump to solution

Like I said, when I name it EICAR.COM it will get detected and deleted (if my options say /DEL.

You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community