The scan options are pretty much the same as far as i'm aware. (There's a few new ones for example)
If you run a manual scan which is functioning as expected then i'm afraid the issue is likely somewhere in the automation script you're using.
Debugging a home-grown automation script is not something you can log a support call for with McAfee unfortunately but perhaps colleagues here will be able to make a peer review if you can post it.
Perhaps there's also some clues or a pattern from the 45 files being scanned vs the remainder which are not being scanned in /usr/sbin ?
Are the files being scanned all in the root of that path for example ?
If you have the summary output and are willing to share it maybe that'll help us identify a cause.
The problem appears to be definitely related to the --maxfilesize option.
For instance, if I run ./uvscan --verbose --summary /usr/sbin, it scans all 448 files. The largest file is 1.4M, the next largest is 576K, then 478K, 350K, and then the bulk of the files are 85K or less.
If I run ./uvscan --verbose --summary --maxfilesize 5 /usr/sbin, then it should scan all the files because the --maxfilesize n is listed in MB, according to the docs. This is what worked just fine in the past with the old scan engine using V1 dat files.
However, ./uvscan --verbose --summary --maxfilesize 5 /usr/sbin yields only 42 files scanned with the new scan engine and V2 dat files. If I do a find /usr/sbin -size -5000c -type f, the result yields 40 files. Add in links and and the total goes up to around 120.
Only by running ./uvscan --verbose --summary --maxfilesize 1400 /usr/sbin, do all the files get scanned whereas before --maxfilesize 5 was sufficient. What changed? I am running the same CL version (18.104.22.1689) and same AV Engine (5400.1158) on a Linux Red Hat system and am having the same problem there as well as on Solaris 10.
The doc supplied with version 6.0.0 says: "Examine only those files smaller than the specified size. Specify the file size in megabytes. For example, maxfilesize 5 means scan only files that are smaller than 5MB." This is identical to the old docs.
Hm, that seems to warrant further investigation, thank you for narrowing it down.
I'd suggest you please open a support case so we can look at it in more detail.
Make sure to quote this forum discussion at the time to speed up the process.
At the least I suspect we'll need scan output from uvscan and a matching directory listing showing file size showing the discrepancy.
Whatever mer script that support will request from you will likely not include this information.
I'll ping our developers off-line about this anyway in the mean time to see what they think.
First impressions are it's treating the value as KB, not MB as stated in the product guide.
I would expect it to function as before (as stated in the guide), so please log a support call if you can so it can be invesitgated further.
I will try to get a call opened if possible. These systems are owned by the US Army and I need to find out what the Grant number is so that I an open a call. Thanks for the assistance.
Update: It will take a few days to get a call opened. The ACERT team will not release the Grant number so I have to get on a conference call with support to get a call opened. I will post the call ID once that occurs. Thanks.
We were finally able to open a call and I spoke to one of the tech support people on the phone. The case number given was 3-831577420.
Thanks for the case number.
I'll find the case, and put a note in it that is should be escalated to Engineering.
...And the interactive mode is broken as well...
./uvscan -f -
USED to allow interactive submittal of files, as is standard in UNIX, but not simply reports "can't open file"
I've heard that support for the entire command line interface is being eliminated 1/2011...
Anybody know of a replacement product?
Where did you hear that? So far on McAfee's EOL page, the only thing indicated is that support for the V1 dat files ended this month. No mention of the entire product being phased out.