Sophos Anti-Virus for Win32 Command Line Interface (SAV32CLI) release notes --------------------------------------------------------------------------- Product version : 4.23.0 Virus engine version : 2.51.0 Threat data version : 4.23, November 2007 www.sophos.com Contents -------- New in this version Operation Command line options Archive types Error codes New in this version ------------------- * The virus engine and threat data have been updated. Operation --------- Note: SAV32CLI runs on Windows NT or later computers only. For command line scanning of Windows 95 or later computers you should use SWEEP.EXE from the C:\Program Files\Sophos SWEEP directory. * Required files By default, SAV32CLI looks for copies of the following files: SAVI.DLL, OSDP.DLL, VEEX.DLL and VDL.DAT, in the same directory as itself to perform its scan. If one or more files is missing from this directory it will use the scanning engine and threat data of a locally installed version of Sophos Anti-Virus via the Sophos Anti-Virus Interface (SAVI). Note: all the files listed above must be present, either in a local installation of Sophos Anti-Virus or in the same folder as SAV32CLI.EXE itself. * SAV32CLI and the GUI When SAV32CLI has been used the GUI will show an entry in the SAVI page for "SWEEP CLI for Win32/Intel" or "SWEEP CLI for Win32/Alpha". Note that any configuration changes made through the GUI will be ignored at run time by SAV32CLI. * Filename extensions By default, SAV32CLI will scan all local hard drives recursively using the standard extension list, which is displayed if you enter SAV32CLI -vv Files with no extensions are also scanned by default. To prevent extensionless files from being scanned, use the command line switch: -next=. Additional extensions can be added using the command line option: -ext=XXX,YYY,... or removed using -next=XXX,YYY,... * Multiple areas Multiple areas to scan can be specified on the command line, e.g. SAV32CLI -zip d:\winnt\system32 d:\winnt\profiles This command line will recursively scan the specified areas, including zip archives. * Wildcards SAV32CLI accepts standard wildcards, e.g. SAV32CLI C:\*.HLP will scan all files with .HLP extension on the C: drive, or SAV32CLI D:\R?????.D?? will scan all files matching the pattern, such as README.DOC or, RASCFG.DLL on the D: drive. * Exclusion handling * About exclusion handling You can now specify which items you would like Sophos Anti-Virus to avoid scanning. Use the command line option -exclude to specify that any items (files or directories) that follow the option on the command line must be excluded from scanning. After using the option -exclude, you can use the option -include to specify that items that follow this option on the command line must be scanned. For example SAV32CLI fred harry -exclude tom peter -include bill scans items fred, harry and bill, but NOT tom or peter. The option -exclude can be used for files or directories under another directory. For example SAV32CLI \fred -exclude \fred\games scans all of the fred directory, but excludes the directory games (and all directories and files under it). * Exclusions and wildcard handling in Sophos Anti-Virus You can use wildcards with exclusions. For example SAV32CLI \fred -exclude *tom scans \fred excluding all files or directories whose name contains any number of characters ending in tom (e.g. \fred\tom is excluded; \fred\tom.txt is not). SAV32CLI \fred -exclude ?tom scans \fred excluding all files or directories whose name contains any character followed by and ending in tom (e.g. \fred\atom and \fred\ktom are excluded; \fred\tom is not). * Combining wildcards You can use more than one wildcard at a time. For example SAV32CLI \harry -exclude *fr?d* scans \harry excluding all files or directories whose name contains the letters f, r, any character, d (e.g. \harry\fred, \harry\afreddy, \harry\frodo are excluded; \harry\frica is not). * Speed considerations for wildcard handling Although excluding certain files from scanning may save time, some time is spent matching the wildcards to names of files or directories. Command line options -------------------- -exclude : Exclude items from scanning (see section entitled "Operation") -idedir= : Specify an alternative directory for virus identity (IDE) files -include : Include items in scanning (see section entitled "Operation") --stop-scan : Abort scanning of "zip bombs" The following options may be prefixed with 'n' to invert their meaning (for example, '-nsc' is the inverse of '-sc'). [*] indicates the option is the default: -sc [*] : Scan inside dynamically compressed executables -f [ ] : Full scan -di [ ] : Disinfect infected items -s [*] : Run silently (do not list files swept) -c [*] : Ask for confirmation before disinfection/deletion -b [*] : Sound bell on virus detection -all [ ] : Scan all files -rec [*] : Do recursive scan -remove [ ] : Remove infected objects -dn [ ] : Display names of files as they are scanned -ss [ ] : Don't display anything except on error or virus -eec [ ] : Use extended error codes -ext=XXX, .. : Specify additional extensions to scan -v : Display complete version information -vv : Display complete version and IDE information -h : Display this help and exit -p= : Write to log file -mbr [ ] : Scan master boot records on all hard disks -bs=X,. [ ] : Scan boot sector of each drive listed -mac [ ] : Scan for Macintosh viruses -cdr=X, .[ ] : Scan boot sector in bootable image of each CD drive listed The following options are related to archives and other special file types: -zip [ ] : Scan inside ZIP archives -gzip [ ] : Scan inside GZIP compressed files -arj [ ] : Scan inside ARJ archives -cmz [ ] : Scan inside Unix-compressed files -tar [ ] : Scan inside TAR archives -rar [ ] : Scan inside RAR archives -cab [ ] : Scan inside Microsoft Cabinet files -archive [ ] : All of the above (see below for a full list) -loopback [ ] : Scan inside loopback-type files -mime [ ] : Scan files encoded in MIME format -oe [ ] : Scan Microsoft Outlook Express mailbox files (you must also use the -mime option with this option) -tnef [ ] : Scan inside TNEF files Archive types ------------- The following archive types are supported: Archive name Command line option Extension(s) Arj -arj ARJ Cmz -cmz Z, TAZ Gzip -gzip GZ, TGZ Rar -rar RAR Tar -tar TAR Zip -zip ZIP Lha -lha LHA, LZH MSCompress -mscmp ??_ SfxArchives -sfx EXE MacBinary -mbin BIN BinHex -bhex HQX Uue -uue UUE BZip2 -bzip2 BZ2, TBZ, TBZ2 Compressed help -itss CHM, HXS RPM -rpm RPM Unix archive -uar A Microsoft Cabinet -cab CAB, XSN To scan all archive types, use -archive. To scan a particular archive type, use one of the command line options listed above. -n or -no in front of the command line option disables scanning of that archive type. For example, to scan all archive types except zip, use -archive -nzip. Scanning of InstallShield CAB files is not enabled by default. To enable scanning of these files use -opt=ISCabinet (NB case-sensitive). Error codes ----------- SAV32CLI returns the following error codes: 0 If no errors are encountered and no viruses are found. 1 If the user interrupts the execution by pressing Esc. 2 If some error preventing further execution is discovered. 3 If viruses or virus fragments are discovered. Extended error codes A different set of error codes will be returned if SAV32CLI is run with the -EEC command line option: 0 If no errors are encountered and no viruses are found. 8 If survivable errors have occurred. 16 If password-protected files have been found and not decrypted. 20 If viruses have been found and disinfected. 24 If viruses have been found and not disinfected. 28 If viruses have been found in memory. 32 If there has been an integrity check failure. 36 If unsurvivable errors have occurred. 40 If execution has been interrupted.