This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

SAV32cli im abgesicherten Modus - nur Quick Scan - keine Auswahl

Hallo,

da sav32cli nicht mehr als Standalone verfügbar ist, habe ich Sophos Endpoint Advanced installiert.

 

Früher - als SAV32CLI und vor Allem die IDE Datenbanken noch zum Download standen,

habe ich Sophos mit dem Tool "Multi AV Scanner" von David Lipman benutzt.

NUR der Scanner von Sophos war  in der Lage Alle Infektionen zu finden.

 

Leider ist dass jetzt nicht mehr möglich. Daher habe ich Sophos Endpoint installiert.

 

Wenn ich nun den Scanner "SAV32CLI.exe" im agesicherten Modus anklicke,

startet er automatisch einen Quick Scan - Ohne weitere Auswahlmöglichkeiten.

 

Sophos ist auf "C" unter WIN 7 Ultimate installiert. Es ist eine Dual - Installation.

Auf "E" liegt Win XP Professional - und GENAU DA möchte ich Scannen.

 

Deshalb habe ich versucht, ihn über die Konsole zu starten...

Geht nicht - ich kann ihn nicht starten - egal, was ich eingebe - es kommt:  "wurde nicht gefunden" etc.

 

 

Könnt Ihr mir vielleicht helfen? - viel Ahnung habe ich leider nicht....



This thread was automatically locked due to age.
Parents
  • So: Gelöst - by Myself

     

    Btw: Ich erhielt eine Antwort von "Jasmin" - ist die/dass ein "Bot" ???

    Die Frage stellt sich mir, weil ich auch in englischen Foren Antworten von "Jasmin" bekam.

    - Jedesmal Verweise auf Seiten, die ich schon X-Mal besucht habe....

     

    Wie auch Immer:

    Meine Eingabe in der Konsole ist wie folgt:

    "C:\Programme\Sophos\Sophos Anti-Virus\sav32cli.exe" -all -sc -c -b -remove -dn -f -di -did -dipe -sc -removef -dn -mime -cmz -noc -archive -cab -gzip -P=C:\LOGFILE.TXT

     

    - und schon rennt die Kiste

     

    Danke fürs Lesen

  • Hi  

    Thank you for sharing the command line.

    Fortunately, I am a human being and Sophos Staff.

    Regards,

    Jasmin
    Community Support Engineer | Sophos Support

    Sophos Support VideosKnowledge Base  |  @SophosSupport | Sign up for SMS Alerts |
    If a post solves your question use the 'This helped me' link

  • Hello Jasmin,

    Sorry for the title "Bot".  

     

    Because, you sent me links to SAv32CLI a few times.  

    I visited them long time ago - a few times. 

    I never found a useful discription in there. 

     

    Therefore, i surched and tried by myself. 

     

    Kind Regards

     

    Lothar Peters

  • Hi  

    That's all right. Please let us know if you need any other help.

    Regards,

    Jasmin
    Community Support Engineer | Sophos Support

    Sophos Support VideosKnowledge Base  |  @SophosSupport | Sign up for SMS Alerts |
    If a post solves your question use the 'This helped me' link

  • Yes Jasmin - there is one thing left, which i don't know about - resp: I don' know / can't find commands, which i need (maybe).  

     

    If you take a look at my comands in the line, maybe there is something missing.  

     

    In the Tool from David Lipman, there was the queation integrated about:

     

    " Do you wanna surch a particular drive: Yes or No"

     

    Now, i am not shure about the actual SAV32CLI.  

     

    In the discription (list) of the possible commands, there was nothing about scanning surtend drives.

     

    Because, i have a dual installed system (first = Win 7 Ultimate / second = XP Professional)

    I am not shure about my commands - scanning all drives.  

     

    Btw: Sophos is installed on C = Win 7 Ultimate

     

     

    Kind Regards

     

    Lothar Peters

  • Hi  

    Thank you for this question because of which I got very the release notes of the sav32cli tool.

    I am sure this will be very useful to you. There they mentioned for the scanning of specific drive and also one of the above mentioned KBs also have that information.

    Regards,

    Jasmin
    Community Support Engineer | Sophos Support

    Sophos Support VideosKnowledge Base  |  @SophosSupport | Sign up for SMS Alerts |
    If a post solves your question use the 'This helped me' link

  • Hello Lothar Peters  and I'm not a bot Jasmin,

    while the release notes are quite outdated re version numbers and interaction with "the GUI" (guess there are only a few still alive that remember this GUI and its looks) they are as far as I can tell pretty complete and accurate w.r.t. arguments and switches.
    Note under Operation/Filename extensions: By default, SAV32CLI will scan all local hard drives recursively ..., and its response to sav32cli.exe -h:
    Usage: sweep [options] <path1> <path2>... <pathN> [include/exclude options]

    where <path1>, <path2>... <pathN> may refer to files, directories or filesystems.

    Thus to scan drive E: you'd simply put E: somewhere on the commandline.
    BTW: The command you've shown uses some arcane and undocumented switches. Where did you find them? -did and -didpe are likely redundant when -di is used, not sure what -removef does. From its position in the executable -noc might be a synonym of -nc and thus the negation of -c (that asks for confirmation before disinfection/deletion). If so, then it overrides the -c (which is anyway the default) specified earlier.

    Christian

  • Hello Christian,

     

    thank you for your response.

     

    The commands, i found / copied from the tool:  "Multi AV" from David Lipman.

    Allso, i found out, that many of these commands are not listed in the menu from SAV32CLI.exe.

    I just run it - and deleted all the commands, which where not supported.

     

    About all drives:

     

    Do i have to use additional the command:  "-h"  ? - to run all drives?

    - or does the scanner do that anyway? - with or without "-h"  ?

     

    About local drives:

    The scanner is running on C (Win 7 Ultimate)

    I would like to scan ALL drives on my dual installed system.

    It's C (Win 7)   E (XP)  and D

     

    But not only this local drives - i would like to scan ALL drives, which are connected to the PC.

     

    Years ago, i run Multi AV from David Lipman - when the tool script is / was running - when i run Sophos,

    there was the question about:  "Do you want to run a specific drive - Yes or No"

    When i chose for No - the integrated sophos scanner run / scanned All drives - including Network - USB, LAN ect.

     

    Kind Regards

     

    Lothar Peters 

  • Hi  and  

    I am not aware about the David Lipman tool and how it worked previously.

    AFAIK, SAV32CLI.exe can scan the network mapped drive but you need to mention that drive letter or say need to run scan individually for those drives.

    I am not sure whether -all can scan all local and network mapped drives or not but  can definitely suggest you on this. Also, you can try by mentioning all the drive letters in the scan command which may work.

    Regards,

    Jasmin
    Community Support Engineer | Sophos Support

    Sophos Support VideosKnowledge Base  |  @SophosSupport | Sign up for SMS Alerts |
    If a post solves your question use the 'This helped me' link

  • Hello Lothar Peters,

    a local drive in this context is any volume or partition on a device that is connected to the PC (whether permanently or removable), presents itself as disk, and has a drive letter assigned. Mapped network drives are non-local. By default (i.e. when you don't specify a path) sav32cli scans all local drives. Volumes/partitions that are not accessed are not scanned.
    For a mapped network drive/share you have to specify the drive letter as path (you can use more than on path, e.g. sav32cli -archive N: M:. You can scan a non-mapped network location by specifying the path directly, e.g. sav32cli  \\server\share\folder\.

    As to -all: This flag refers to file name extensions, not drives. By default sav32cli scans files with no extensions and those with extensions considered as "executable". You can get the list with sav32cli -h -vv. Using -all instructs sav32cli to scan all files regardless of their extension.
    While we are at it: -f (full) requests extensive scanning that might consume considerably more resources and is normally not necessary. It's like skimming and scanning a newspaper vs. reading all of the text. No need to read all of the culture pages if you're interested in trade agreements.

    Auf "E" liegt Win XP Professional
    Keep in mind that a scheduled scan will detect an infection but it can't prevent it.

    Christian

  • Hello,

    still, i don't know exactly what to do - how to run it in safe mode.

    I would like to run specific volumes - resp:  volumes AND drives, which are connected via USB.

    (I can read as much as i want - I don't understand all thew "informations" about:  running sav32cli in safe mode - sorry !)

    "You can dothis or that - if you - than you have to this or that or"   ect. ect. ect  - I don#t get it at all..................

     

    May i have an example?  

    My first enty is:  "C:\Programme\Sophos\Sophos Anti-Virus\sav32cli.exe" -

    Could you please complete my entry?  - so, that i can do a REALLY COMPLETE scan to the infected drive: E and the USB drives?

    It,s petty a shame (to Sophos!)  that Sophos don't support david lipman's command line scanner anymore!

    This scanner found EVERYTHING !  and ONLY the part of Sophos found EVERYTHING!

    i wish, that i could change the command line scanner from david lipman!  - change it, so that he could run with my actual

    files from my licensed sophos endpoint!

     

    Anyway:   could you please complete my entry?  my example?

     

    Kind Regards

     

    Lothar Peters

     

    P.S.  i tried to change the MULTI AV scanner (David Lipman)   Multi_AV.exe    "AV-CLS"  - no result - copied all ide's - nada

     

    Here the Link to my Drive Google - Multi AV command line scanner Exe and PDF.

    https://drive.google.com/open?id=1W8bAjlCM8AKRZ7biVV_wnAsbEjPZXii5

     

    Maybe someone can help me, to change the settings to run via my own IDE files from my sophos endpoint 

  • Hi  

    I will check this my team and shall update you, if there is any option for this. 

    Shweta

    Community Support Engineer | Sophos Technical Support
    Are you a Sophos Partner? | Product Documentation@SophosSupport | Sign up for SMS Alerts
    If a post solves your question use the 'Verify Answer' link.
    The New Home of Sophos Support Videos! - Visit Sophos Techvids
Reply Children
  • Hi  

    I have discussed this with our escalation team, I would suggest you open a support case for this issue or reach out to your account manager. If you have already raised the case, please PM me the case number.

    Shweta

    Community Support Engineer | Sophos Technical Support
    Are you a Sophos Partner? | Product Documentation@SophosSupport | Sign up for SMS Alerts
    If a post solves your question use the 'Verify Answer' link.
    The New Home of Sophos Support Videos! - Visit Sophos Techvids
  • It is a shame, that Sophos doe not support David Lipmans command line scanner anymore!

    Resp.  the scanner cant download the IDE files from Sophos.

    I guess, this is because sav32cli can no longer run as standalone.

     

    Long time ago, i was infected  incl. all the Network drives  i had.

    Totally more than 1,5 Terrabyte.

    The includesd scanner where allmost useless / exept Sophos !!!!!!

    The fine detail of David Lipmans command line safe mode scanner was,

    NOT to chose complicated setting!   Just   do you want to scan specific folders   Yes or No.

    Just RUN !  and Sophos found ALL viruses!  Since than, everything was clean!

     

    Todays Scanner    Sophos  Sophos Endpoint advanced   Kasperky  ect. 

    Sorry  useless if i compare them to David Lipmans command line scanner!

    If Sophos could re animate the support for par example David Lipmans scanner

    and make that public !    They would have much mor client !!!!!!!!

     

    Thanks for reading

    a disapointed customer