2 Replies Latest reply on Dec 17, 2010 3:01 AM by TONI_N

    VirusScan Command Line Scanner not scanning in Win32 Cabinet files

      Hi All

       

      Had a strange situation at a customer that was infected with an variant of W32/xirtem@mm that I hope someone in here can give an answer to.

       

      What happend was that this customer had several .EXE Win32 Cabinet Self-Extractor files on several different shares that was the virus file - When opening, a DOCUMENT.EXE lay behind and was the real virus file.

       

      What I did was copying one of the EXE files to at workstation that had not been infected and used the 6.0.3.356 commandline scanner and scanned the EXE file with first DAT 6185 (released per 2. Dec.) and then with the Beta Dats - Both ended with no detection.

       

      Then I installed the VSE 8.7 to this workstation and updated the DAT files to 6185, and then scanned this sample, and now I got an detection on a W32/xirtem@mm worm - Question is why is there a differece in the result when scanning with the VSE 8.7i and the Commandline scanner when using the same DAT files.

       

      The Syntax I used in in the commndline scanner was: Scan /adl /all /Program /Analyze /report c:\virrep.txt

       

      Please Advice

       

      Best Regards

       

      RemRem