This should be a simple problem to solve but it seems not to be...
- I have a hard disk containing a full Server 2008 file system which I want to fully scan using Sophos Anti-Virus for Windows
- The drive is mounted as a normal disk, not as a system drive, it's drive letter is usually something like e:\
- I want to be able to scan it from the command-line (I'm using sav32cli.exe)
The flags I'm passing to sav32cli are:
-sc -dn -no-stop-scan -f -rec -all -eec -cab -loopback -oe -b -tnef -suspicious -include -archive
So an example command might be:
c:\Program Files\...\sav32cli.exe -sc -dn -no-stop-scan -f -rec -all -eec -cab -loopback -oe -b -tnef -suspicious -include -archive e:\
The problem I encounter when doing this is:
- A Windows7 / Server2008 file system contains junction points (eg c:\Documents and Settings) which point to other folders on the disk. (As far as I can tell junction points are the Windows equivalent of Unix symlinks.) When Sophos sav32cli is asked to scan this disk using the flags above it follows these junction points and ends up scanning many files more than once and also follows some symlinks to start scanning the c:\ drive
- To prevent the scanner following symlinks I added the --no-follow-symlinks flag, this is not one of the flags listed when I run the scanner with --help. This flag has no effect.
- To prevent the scanner scanning files more than once I added the --backtrack-protection flag, this is not one of the flags listed when I run the scanner with --help. This flag causes the scanner to only scan the pagefile.sys file.
My questions:
- Are these additional two flags only supported on the Linux versions of the AV client but haven't been disabled from the Windows version?
- Am I using the flags incorrectly?
- How does the backtrack-protection flag work? Does it cause the scanner to think it's scanned the file system once already so it doesn't need to scan it again? How can I reset it's 'backtrack state'?
Thanks in advance,
Tom
This thread was automatically locked due to age.
