1 2 Previous Next 10 Replies Latest reply on Jul 2, 2013 6:13 AM by orel86

    how can i scan folder with Stinger command line?

    orel86

      when i try to scan for wxample c:/scan folder i do tat command  "stinger32.exe c:/scan --reportpath=c:/scan --go" and it is make the stinger gui to start but my biger problem is that start to scan allll of my c: insted just the c:/scan folder that i want

       

      any ideas whay? maybe something wrong with my command??

       

      thanks

        • 1. Re: how can i scan folder with Stinger command line?
          Peter M

          Moved this from Business General to Malware Discussion > Corporate User Assistance in the hope someone will be able to help you better.

           

          I'm not familiar with using Stinger in the Command Prompt but as far as I can see one of your parameters may be incorrect: "c:/scan folder" should be "--scanpath=x:\"  perhaps  (x being the drive letter of the object you wish scanned), however, as I say, I don't know and hopefully someone else will chime in here.

          Maybe you could try that.

           

          Capture.JPG

           

           

           

           

           

           

           

           

           

           

           

           

           

          Message was edited by: Ex_Brit on 23/06/13 9:43:15 EDT AM

           

          Message was edited by: Ex_Brit on 23/06/13 12:17:42 EDT PM
          • 2. Re: how can i scan folder with Stinger command line?
            Peter M

            I found an example of how to configure the scanpath:

             

            --scanpath=C:\Documents and Settings\user1\Application Data\  is one example.  Simply adapt that to whatever you are scanning.

            • 3. Re: how can i scan folder with Stinger command line?
              rmetzger

              Ex_Brit wrote:

               

              I found an example of how to configure the scanpath:

               

              --scanpath=C:\Documents and Settings\user1\Application Data\  is one example.  Simply adapt that to whatever you are scanning.

              Hi orel86

               

              Welcome to the forums,

               

              Peter spoke correctly regarding the --scanpath command. I might suggest using " (quotes) around the specified --scanpath. ex. (using Peter's example):

              --scanpath="C:\Documents and Settings\user1\Application Data\"

              --scanpath="C:\Documents and Settings\user1\Application Data"

              --scanpath="%USERPROFILE%\Application Data"

              --scanpath="%USERPROFILE%"

              --scanpath="%USERPROFILE%\.."

              --scanpath="%ALLUSERSPROFILE%"

               

              Please note that Stinger is a very focused and limited tool designed for very specific infections. Often, a single infection may span several scanpath directories. Using --scanpath may limit detections accordingly.

               

              As a Business user, consider downloading the Command Line Scanner using your valid Grant Number. This is capable of scanning multiple defined directories and has a greater number of infections that are detected. Command Line Scanner is highly flexible to many different uses with extensive command line options.

               

              Good luck,

              Ron Metzger

               

              Message was edited by: rmetzger on 6/23/13 9:14:53 PM EDT
              • 4. Re: how can i scan folder with Stinger command line?
                orel86

                i alredy use this --scanpath parameter and what i got is that the stinger start scan from c:/ and after he scan c:/ just after this he continued to what i want hin to scan even if i do --scanpath=c:/test/test.zip --go

                please help me with this i really dont understand whay .

                • 5. Re: how can i scan folder with Stinger command line?
                  rmetzger

                  orel86 wrote:

                   

                  i alredy use this --scanpath parameter and what i got is that the stinger start scan from c:/ and after he scan c:/ just after this he continued to what i want hin to scan even if i do --scanpath=c:/test/test.zip --go

                  please help me with this i really dont understand whay .

                  1) use \ not /.

                       C:/ is not the same as C:\ in Windows.

                       C:/Test specifies C: with a parameter /Test

                       C:\Test specifies a directory, C:\Test.

                  2) You are specifying a File (I believe) not a Path. --scanpath=C:\test would Scan the entire C:\Test directory. Test.zip is not part of a Path, unless you specifically created a directory under Test called Test.zip. Then the entire directory of Test.zip would be scanned.

                   

                  If you are trying to scan a file (or archive), Stinger Is Not the right tool.

                   

                  I strongly recommend using the better tool, Command Line Scanner

                   

                  Here is a list of Command Line Scanner Options, from the latest release, issued days ago.

                   

                  Command Line scanner wrote:

                   

                  McAfee VirusScan Command Line for Win32 Version: 6.0.4.564

                  Copyright (C) 2013 McAfee, Inc.

                  (408) 988-3832 LICENSED COPY - June 24 2013

                   

                  Usage: scan [object1] [object2...] [option1] [option2...]

                   

                     /?                        : Display this help screen.

                     /AD                       : Scan all drives (not removable media).

                     /ADL                      : Scan all local drives (not removable media).

                     /ADN                      : Scan all network drives.

                     /AFC=<cache size>         : Set the Size(in MB) of the Internal Cache Used When Decompressing Archive Files.

                     /ALL                      : Scan all files regardless of filename extension.

                     /ALLOLE                   : Treat all files as compound/OLE regardless of extension.

                     /ANALYZE                  : Turn on heuristic analysis for programs and macros.

                     /APPEND                   : Append to report file rather than overwriting.

                     /APPENDBAD                : Append to bad file rather than overwriting.

                     /ASCII                    : Display filenames as ASCII text.

                     /BADLIST=<filename>       : Filename and path for bad list log file.

                     /BOOT                     : Scan boot sector and master boot record Only.

                     /CHECKLIST=<filename>     : Scan list of files contained in <filename>.

                     /CLEAN                    : Attempt to clean infected files.

                     /CONTACTFILE=<filename>   : Display contents of <filename> when a virus is found.

                     /DAM                      : Remove all macros from infected MS Office files.

                     /DEL                      : Delete infected files except archive files.

                     /DOHSM                    : Scan migrated files(hierarchical storage management).

                     /DRIVER=<dir>             : Directory specifying location of DAT files.

                     /EXCLUDE=<filename>       : Do not scan files/directories listed in <filename>.

                     /EXTENSIONS               : Scan defaults & user extension list.

                     /EXTLIST                  : List file-extensions scanned by default.

                     /EXTRA=<filename>         : Specify the full path and file name of any extra.dat file.

                     /FAM                      : Find all macros - not just infected macros. Used with /DAM will remove all macros.

                     /FDC                      : Force digital signature check.

                     /FREQUENCY=<hours>        : Do not scan <hours> after the previous scan.

                     /HELP                     : Displays this help

                     /HTML=<filename>          : Create and specify a HTML report file.

                     /LOAD=<filename>          : Load options from <filename>.

                     /LOUD                     : Include all scanned files in the /REPORT file.

                     /MAILBOX                  : Scan inside plain text mailboxes.

                     /MANALYZE                 : Turn on macro heuristics.

                     /MANY                     : Scan many floppy diskettes.

                     /MAXFILESIZE=<size>       : Examine Only those files smaller than the specified size(in MB).

                     /MEMSIZE=<size>           : File size(in KB) to load into memory for scanning limited by a maximum file size defaulting to 1MB.

                     /MIME                     : Scan inside MIME, UUE, XXE and BinHex files.

                     /MOVE=<dir>               : Move infected file into directory <dir>, preserving path.

                     /NOBKSEM                  : Prevent scanning of files that are normally protected.

                     /NOBOOT                   : Do not scan boot sectors.

                     /NOBREAK                  : Disable Ctrl-C / Ctrl-Break during scanning.

                     /NOCOMP                   : Do not scan self extracting executables by default.

                     /NOD                      : Don't switch into /ALL mode when repairing.

                     /NODDA                    : Do not scan boot sectors.

                     /NODECRYPT                : Don't scan password-protected MS Office documents.

                     /NODOC                    : Do not scan MS Office files.

                     /NOEXPIRE                 : Disable data files expiration date notice.

                     /NOJOKES                  : Do not alert on joke files.

                     /NOMEM                    : Do not scan memory for viruses.

                     /NORECALL                 : Do not move files from remote storage into local storage after scanning.

                     /NORENAME                 : Do not rename infected files that cannot be cleaned.

                     /NOSCRIPT                 : Do not scan files that contain HTML, JavaScript, Visual Basic, or Script Component Type Libraries.

                     /PANALYZE                 : Turn on program heuristics.

                     /PAUSE                    : Pause at end of each screen page.

                     /PLAD                     : Preserve the last-accessed time and date for files that are scanned.

                     /PROGRAM                  : Scan for potentially unwanted applications.

                     /RECURSIVE                : Examine any subdirectories in addition to the specified target directory.

                     /REPORT=<filename>        : Report names of viruses found into <filename>.

                     /RPTALL                   : Include all scanned files in the /REPORT file.

                     /RPTCOR                   : Include corrupted files in /REPORT file.

                     /RPTERR                   : Include errors in /REPORT file.

                     /RPTOBJECTS               : Reports number of objects at all levels scanned in summary.

                     /SECURE                   : Equivalent to Analyse, doall, unzip.

                     /SHOWCOMP                 : Report any files that are packaged.

                     /SILENT                   : Disable all screen output.

                     /STREAMS                  : Scan inside NTFS streams (NT & DATAPOL Only).

                     /SUB                      : Examine any subdirectories in addition to the specified target directory.

                     /THREADS=<nn>             : Set scan thread count.

                     /TIMEOUT=<seconds>        : Set the maximum time to spend scanning any one file.

                     /UNZIP                    : Scan inside archive files, such as those saved in ZIP, LHA, PKarc, ARJ, TAR, CHM, and RAR.

                     /VERSION                  : Display the scanner's version number.

                     /VIRLIST                  : Display virus list.

                     /WINMEM[=<pid>]           : If pid given scans the Windows Process with Process ID <pid> otherwise scans all Windows Processes.

                     /XMLPATH=<filename>       : Filename and path for XML log file.

                   

                     * Mandatory

                  Clearly, Far More Configurable and Tunable than Stinger.

                   

                  Please use the VirusScan Command Line Scanner, if you are licensed to do so. (Contact your license holder for a valid Grant Number.)

                  Use your valid Grant Number here: http://www.mcafee.com/us/downloads/downloads.aspx

                  Enter the product listed, such as: 'McAfee Endpoint Protection Suite' or whatever product you are licensed to use.

                  Listed under 'Endpoint Security' locate 'VirusScan Command Line Scanners'

                  Within, you should find multiple Operating Systems availabe for running the scans, including Windows (latest versions) along with documentation.

                   

                  To make the Command Line Scanners work, you need to download the latest version of the Dat files. Extract the file to the same directory as you extracted the Command Line Scanner.

                   

                  Good luck.

                  Ron Metzger

                   

                  Message was edited by: rmetzger on 6/24/13 1:53:32 PM EDT
                  • 6. Re: how can i scan folder with Stinger command line?
                    orel86

                    thanks for the answare i download the tool and download the dat dile iusing for now the trail version to test the product before buying it to see if it is good for me and do what i need,

                     

                    anyway i try to scan any files and nothing happend it told me that the files is clean and no virus and this is no true in other antivirus tools it find virus,

                    if i try to do scan.exe /unzip it scan inside azip file and fined a virus(i trys it on a Eicar.zip file) but if i insert CDRom with a virus and do scan.exe d:/ noting happend just this:

                    Summary Report on d:\

                    File(s)

                            Total files:...................     0

                            Clean:.........................     0

                            Not Scanned:...................     0

                            Possibly Infected:.............     0

                     

                     

                    Master Boot Record(s):.................     0

                            Possibly Infected:.............     0

                    Boot Sector(s):........................     0

                            Possibly Infected:.............     0

                     

                     

                     

                     

                    Time: 00:00.00

                     

                     

                    ot is only work when i add aswitch on /unzip (if it is .zip file) and the result of a zip file is this :

                     

                    C:\Users\user1\Desktop\NewCMD>scan.exe /unzip C:\Users\user1\Documents\test

                    McAfee VirusScan Command Line for Win32 Version: 6.0.4.564

                    Copyright (C) 2013 McAfee, Inc.

                    (408) 988-3832 EVALUATION COPY - ?T?? ?T 30 2013

                     

                     

                    AV Engine version: 5600.1067 for Win32.

                    Dat set version: 7121 created Jun 29 2013

                    Scanning for 668525 viruses, trojans and variants.

                     

                     

                    C:\Users\user1\Documents\test\eicar.zip\eicar.com ... Found: EICAR test file NOT a virus.

                     

                     

                     

                     

                    Summary Report on C:\Users\user1\Documents\test

                    File(s)

                            Total files:...................     1

                            Clean:.........................     0

                            Not Scanned:...................     0

                            Possibly Infected:.............     1

                     

                     

                     

                     

                     

                     

                    Time: 00:00.00

                     

                     

                     

                     

                    Thank you for choosing to evaluate VirusScan Command Line from McAfee.

                    This  version of the software is for Evaluation Purposes Only and may be

                    used  for  up to 30 days to determine if it meets your requirements.  To

                    license  the  software,  or to  obtain  assistance during the evaluation

                    process,  please call (408) 988-3832.  If you  choose not to license the

                    software,  you  need  to remove it from your system.  All  use  of  this

                    software is conditioned upon compliance with the license terms set forth

                    in the README.TXT file.

                     

                     

                     

                    i try this swiches to :

                      /PROGRAM

                      /RECURSIVE

                     

                     

                    what can i do??? i try any swich that the /help can afford to me and nothing hapent i i try to scan .exe .TMP  file, .exe file and so on

                    ther is any swich that can help??

                     

                     

                    sory for the long story need a quick help

                     

                    Message was edited by: orel86 on 6/30/13 6:50:59 AM CDT
                    • 7. Re: how can i scan folder with Stinger command line?
                      rmetzger

                      orel86 wrote:

                      ot is only work when i add aswitch on /unzip (if it is .zip file) and the result of a zip file is this :

                       

                      C:\Users\user1\Desktop\NewCMD>scan.exe /unzip C:\Users\user1\Documents\test

                      McAfee VirusScan Command Line for Win32 Version: 6.0.4.564

                      Copyright (C) 2013 McAfee, Inc.

                      (408) 988-3832 EVALUATION COPY - ?T?? ?T 30 2013

                       

                       

                      AV Engine version: 5600.1067 for Win32.

                      Dat set version: 7121 created Jun 29 2013

                      Scanning for 668525 viruses, trojans and variants.

                       

                       

                      C:\Users\user1\Documents\test\eicar.zip\eicar.com ... Found: EICAR test file NOT a virus.

                       

                      Summary Report on C:\Users\user1\Documents\test

                      File(s)

                              Total files:...................     1

                              Clean:.........................     0

                              Not Scanned:...................     0

                              Possibly Infected:.............     1

                       

                      Time: 00:00.00

                       


                      i try this swiches to :

                        /PROGRAM

                        /RECURSIVE

                       

                       

                      what can i do??? i try any swich that the /help can afford to me and nothing hapent i i try to scan .exe .TMP  file, .exe file and so on

                      ther is any swich that can help??

                      Looks like it found EICAR within your zip file. The 'description' of what was found is: Found: EICAR test file NOT a virus. This is an accurate description of what was actually found. Eicar is a test 'virus' and not an actual virus. But the test Passed, it found the test virus as you would want.

                       

                      I think you are going to have to experiment with your batch files or command line options with a great deal of testing.

                       

                      Remember specify directories with the \ character, and not / character, in Windows. The / character is used to start parameters.

                       

                      Here is a batch file I use to scan a drive or directory specified on the command line (Cln.Bat):

                       

                           @echo off

                           Scan.exe %* /ANALYZE /ALL /CLEAN /DAM /NC /NOEXPIRE /PLAD /PROGRAM /SUB /STREAMS /UNZIP /WINMEM /THREADS=4 /TIMEOUT=15 /APPENDC:\McAfee\Log.log /EXCLUDE=Exclude.lst

                       

                      From the command line:

                           Cln.Bat D:

                       

                      Note that C:\McAfee is a directory that needs to exist before running Cln.Bat. Also, Exclude.lst is a list of exclusions for files that should be skipped during the scan. It should be located in the same directory as Scan.exe.

                       

                      Exclude.lst might look like this:

                       

                      PsExec.*

                      PsKill.*

                      TightVNC*.*

                      VNChooks.*

                      VNCviewer.*

                      WinVNC*.*

                      **\VNChooks*.*

                      **\VNCviewer*.*

                      **\UltraVNC*.*

                      **\TightVNC*.*

                       

                      My example of Exclude.lst tells (when listed in my Cln.Bat with the /Exclude=Exclude.lst parameter) to ignore the list of files and directories\files. I told scan to ignore 2 of Sysinternals utilities (PSExec and PSKill) which were sometimes identified as PUPs, as well as some of the VNC remote desktop software, also found as PUPs. This is just an example.

                       

                      Hopefully this gives you a starting point from which you can begin developing a full blown solution that meets your needs.

                       

                      Give it a try.

                      Ron Metzger

                       

                      on 6/30/13 8:10:34 PM EDT
                      • 8. Re: how can i scan folder with Stinger command line?
                        orel86

                        you are not understand me i think,

                        what is the %*  on your script mean?

                         

                          Scan.exe %* /ANALYZE /ALL......


                        i know Eicar is a test virus, what i wanted to show is that the zip file is work and found viruses but other extentions  not work and not found viruses

                        take another example:

                        this is not work:

                        C:\Users\user1\Desktop\NewCMDMcafee>  Scan.exe d:\ /ANALYZE /ALL

                        McAfee VirusScan Command Line for Win32 Version: 6.0.4.564

                        Copyright (C) 2013 McAfee, Inc.

                        (408) 988-3832 EVALUATION COPY - ?T?? ?T 30 2013

                         

                         

                        AV Engine version: 5600.1067 for Win32.

                        Dat set version: 7121 created Jun 29 2013

                        Scanning for 668525 viruses, trojans and variants.

                         

                         

                         

                         

                         

                         

                        Summary Report on d:\

                        File(s)

                                Total files:...................     4

                                Clean:.........................     4

                                Not Scanned:...................     0

                                Possibly Infected:.............     0

                         

                         

                        Master Boot Record(s):.................     0

                                Possibly Infected:.............     0

                        Boot Sector(s):........................     0

                                Possibly Infected:.............     0

                         

                         

                         

                         

                        Time: 00:00.05

                         

                         

                         

                        ther is a comand that not specifies for extention? for example the /unzip parameter specifie .zip extention  ther is general parameter that scan everything?

                         

                        and what is wierder that ther is no configuration file

                        if i want to scan for example a CDRom with exe ,tmp,zip ant doc and txt files how can i scan it? i really confused.. in other cmd scanners i just need to write the path and thats it.

                         

                        Message was edited by: orel86 on 7/1/13 12:23:25 AM CDT
                        • 9. Re: how can i scan folder with Stinger command line?
                          rmetzger

                          Orel

                           

                          %* is used from inside a batch file to represent all the 'parameters' you entered into the command line.

                           

                          Try this simplified version, from the command line, to scan the CD ROM drive on D:

                           

                          Scan.exe D:\ /ANALYZE /ALL /CLEAN /DAM /NC /NOEXPIRE /PLAD /PROGRAM /SUB /UNZIP /WINMEM

                           

                          Ron Metzger

                           

                          Message was edited by: rmetzger on 7/1/13 9:47:55 PM EDT
                          1 2 Previous Next