cancel
Showing results for 
Search instead for 
Did you mean: 

EICAR.COM not deleted by Command line scanner

Jump to solution

Context
I'm building a test-service (a windows service that uses the McAfee command line scanner). I'm now trying to test the service by using Eicar.com

This is the information above any scan log. I know it's outdated, but for testing purposes this doesn't really matter. All I need to accomplish is that the Command Line Scanner is getting the right parameters.

McAfee VirusScan Command Line for Win32 Version: 6.0.6.653
Copyright (C) 2015 McAfee, Inc.
(408) 988-3832 LICENSED COPY - december 24 2015

AV Engine version: 5800.7501 for Win32.
Dat set version: 8024 created Dec 23 2015
Scanning for 670673 viruses, trojans and variants.

This program is more than 25 months old. New viruses come out all the
time - we would suggest that you upgrade your copy.

 

ProblemWhen using the following command:

EICAR_Testfile.txt /CLEAN /UNZIP /report=scan.log

The report will show:

 

2018-Feb-06 15:27:50


Options:
EICAR_Testfile.txt /CLEAN /UNZIP /report=scan.log 

EICAR_Testfile.txt [MD5:44d88612fea8a8f36de82e1278abb02f] ... Found: EICAR test file NOT a virus.
	No Repair information available.
	The File has been renamed.


Summary Report on EICAR_Testfile.txt
File(s)
	Total files:...................     1
	Clean:.........................     0
	Not Scanned:...................     0
	Possibly Infected:.............     1
	Cleaned:.......................     0
	Deleted:.......................     0

I suppose this is all fine. I don't care it's unable to clean it. It was renamed. Fine by me.

 

However. In the production environment I want the scanner to delete the files. So I use the following command:

EICAR_Testfile.txt /DEL /UNZIP /report=scan.log

 The report will show:

2018-Feb-06 15:23:33


Options:
EICAR_Testfile.txt /DEL /UNZIP /report=Scan.log 



Summary Report on EICAR_Testfile.txt
File(s)
	Total files:...................     1
	Clean:.........................     0
	Not Scanned:...................     1
	Possibly Infected:.............     0
	Deleted:.......................     0

This is incorrect. At least: I think it is. It's no longer recognizing the fact that it's an Eicar test file and it's not even scanning it. I have no idea what's going on. Can anyone help me?

 

1 Solution

Accepted Solutions

Re: EICAR.COM not deleted by Command line scanner

Jump to solution

I renamed the file to EICAR.COM and ran the commandline scanner again. Result: succes!

 

McAfee VirusScan Command Line for Win64 Version: 6.1.0.155
Copyright (C) 2016 McAfee, Inc.
(408) 988-3832 LICENSED COPY - februari 08 2018

AV Engine version: 5900.7806 for Win64.
Dat set version: 8797 created Feb 6 2018
Scanning for 668663 viruses, trojans and variants.


2018-Feb-09 09:53:53


Options:
eicar.com /DEL /report=ManualScanLocal.log 

eicar.com [MD5:44d88612fea8a8f36de82e1278abb02f] ... Found: EICAR test file NOT a virus.
	The file has been deleted.


Summary Report on eicar.com
File(s)
	Total files:...................     1
	Clean:.........................     0
	Not Scanned:...................     0
	Possibly Infected:.............     1
	Deleted:.......................     1



Time: 00:00.01

Should you get to this point: thanks for reading. I appreciate it :-)

 

4 Replies

Re: EICAR.COM not deleted by Command line scanner

Jump to solution

We updated the scanner. New information:

McAfee VirusScan Command Line for Win64 Version: 6.1.0.155
Copyright (C) 2016 McAfee, Inc.
(408) 988-3832 LICENSED COPY - februari 08 2018

AV Engine version: 5900.7806 for Win64.
Dat set version: 8797 created Feb 6 2018
Scanning for 668663 viruses, trojans and variants.

Same problem though.

 

Re: EICAR.COM not deleted by Command line scanner

Jump to solution

I renamed the file to EICAR.COM and ran the commandline scanner again. Result: succes!

 

McAfee VirusScan Command Line for Win64 Version: 6.1.0.155
Copyright (C) 2016 McAfee, Inc.
(408) 988-3832 LICENSED COPY - februari 08 2018

AV Engine version: 5900.7806 for Win64.
Dat set version: 8797 created Feb 6 2018
Scanning for 668663 viruses, trojans and variants.


2018-Feb-09 09:53:53


Options:
eicar.com /DEL /report=ManualScanLocal.log 

eicar.com [MD5:44d88612fea8a8f36de82e1278abb02f] ... Found: EICAR test file NOT a virus.
	The file has been deleted.


Summary Report on eicar.com
File(s)
	Total files:...................     1
	Clean:.........................     0
	Not Scanned:...................     0
	Possibly Infected:.............     1
	Deleted:.......................     1



Time: 00:00.01

Should you get to this point: thanks for reading. I appreciate it :-)

 

Reliable Contributor chrisnlc
Reliable Contributor
Report Inappropriate Content
Message 4 of 5

Re: EICAR.COM not deleted by Command line scanner

Jump to solution

I noticed EICAR based files when set to an executable file extension (.exe, .com etc) does not get deleted but only detected. Same with VSE and ENS on-demand scans. If you have one or two EICAR files on your system with a daily scan then it gets picked up every day.

Re: EICAR.COM not deleted by Command line scanner

Jump to solution

Like I said, when I name it EICAR.COM it will get detected and deleted (if my options say /DEL.

McAfee ePO Support Center Plug-in
Check out the new McAfee ePO Support Center. Simply access the ePO Software Manager and follow the instructions in the Product Guide for the most commonly used utilities, top known issues announcements, search the knowledgebase for product documentation, and server status and statistics – all from within ePO.