Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 15 replies
  • Subscribers 4 subscribers
  • Views 3786 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

SAV32cli im abgesicherten Modus - nur Quick Scan - keine Auswahl

Lothar Peters

Hallo,

da sav32cli nicht mehr als Standalone verfügbar ist, habe ich Sophos Endpoint Advanced installiert.

 

Früher - als SAV32CLI und vor Allem die IDE Datenbanken noch zum Download standen,

habe ich Sophos mit dem Tool "Multi AV Scanner" von David Lipman benutzt.

NUR der Scanner von Sophos war  in der Lage Alle Infektionen zu finden.

 

Leider ist dass jetzt nicht mehr möglich. Daher habe ich Sophos Endpoint installiert.

 

Wenn ich nun den Scanner "SAV32CLI.exe" im agesicherten Modus anklicke,

startet er automatisch einen Quick Scan - Ohne weitere Auswahlmöglichkeiten.

 

Sophos ist auf "C" unter WIN 7 Ultimate installiert. Es ist eine Dual - Installation.

Auf "E" liegt Win XP Professional - und GENAU DA möchte ich Scannen.

 

Deshalb habe ich versucht, ihn über die Konsole zu starten...

Geht nicht - ich kann ihn nicht starten - egal, was ich eingebe - es kommt:  "wurde nicht gefunden" etc.

 

 

Könnt Ihr mir vielleicht helfen? - viel Ahnung habe ich leider nicht....



This thread was automatically locked due to age.
Parents Reply Children
  • 0 in reply to Jasmin

    Hello Lothar Peters  and I'm not a bot Jasmin,

    while the release notes are quite outdated re version numbers and interaction with "the GUI" (guess there are only a few still alive that remember this GUI and its looks) they are as far as I can tell pretty complete and accurate w.r.t. arguments and switches.
    Note under Operation/Filename extensions: By default, SAV32CLI will scan all local hard drives recursively ..., and its response to sav32cli.exe -h:
    Usage: sweep [options] <path1> <path2>... <pathN> [include/exclude options]

    where <path1>, <path2>... <pathN> may refer to files, directories or filesystems.

    Thus to scan drive E: you'd simply put E: somewhere on the commandline.
    BTW: The command you've shown uses some arcane and undocumented switches. Where did you find them? -did and -didpe are likely redundant when -di is used, not sure what -removef does. From its position in the executable -noc might be a synonym of -nc and thus the negation of -c (that asks for confirmation before disinfection/deletion). If so, then it overrides the -c (which is anyway the default) specified earlier.

    Christian

  • 0 in reply to QC

    Hello Christian,

     

    thank you for your response.

     

    The commands, i found / copied from the tool:  "Multi AV" from David Lipman.

    Allso, i found out, that many of these commands are not listed in the menu from SAV32CLI.exe.

    I just run it - and deleted all the commands, which where not supported.

     

    About all drives:

     

    Do i have to use additional the command:  "-h"  ? - to run all drives?

    - or does the scanner do that anyway? - with or without "-h"  ?

     

    About local drives:

    The scanner is running on C (Win 7 Ultimate)

    I would like to scan ALL drives on my dual installed system.

    It's C (Win 7)   E (XP)  and D

     

    But not only this local drives - i would like to scan ALL drives, which are connected to the PC.

     

    Years ago, i run Multi AV from David Lipman - when the tool script is / was running - when i run Sophos,

    there was the question about:  "Do you want to run a specific drive - Yes or No"

    When i chose for No - the integrated sophos scanner run / scanned All drives - including Network - USB, LAN ect.

     

    Kind Regards

     

    Lothar Peters 

  • 0 in reply to Lothar Peters

    Hi  and  

    I am not aware about the David Lipman tool and how it worked previously.

    AFAIK, SAV32CLI.exe can scan the network mapped drive but you need to mention that drive letter or say need to run scan individually for those drives.

    I am not sure whether -all can scan all local and network mapped drives or not but  can definitely suggest you on this. Also, you can try by mentioning all the drive letters in the scan command which may work.

    Regards,

    Jasmin
    Community Support Engineer | Sophos Support
    Sophos Support VideosKnowledge Base  |  @SophosSupport | Sign up for SMS Alerts |
    If a post solves your question use the 'This helped me' link

  • 0 in reply to Lothar Peters

    Hello Lothar Peters,

    a local drive in this context is any volume or partition on a device that is connected to the PC (whether permanently or removable), presents itself as disk, and has a drive letter assigned. Mapped network drives are non-local. By default (i.e. when you don't specify a path) sav32cli scans all local drives. Volumes/partitions that are not accessed are not scanned.
    For a mapped network drive/share you have to specify the drive letter as path (you can use more than on path, e.g. sav32cli -archive N: M:. You can scan a non-mapped network location by specifying the path directly, e.g. sav32cli  \\server\share\folder\.

    As to -all: This flag refers to file name extensions, not drives. By default sav32cli scans files with no extensions and those with extensions considered as "executable". You can get the list with sav32cli -h -vv. Using -all instructs sav32cli to scan all files regardless of their extension.
    While we are at it: -f (full) requests extensive scanning that might consume considerably more resources and is normally not necessary. It's like skimming and scanning a newspaper vs. reading all of the text. No need to read all of the culture pages if you're interested in trade agreements.

    Auf "E" liegt Win XP Professional
    Keep in mind that a scheduled scan will detect an infection but it can't prevent it.

    Christian

  • 0 in reply to QC

    Hello,

    still, i don't know exactly what to do - how to run it in safe mode.

    I would like to run specific volumes - resp:  volumes AND drives, which are connected via USB.

    (I can read as much as i want - I don't understand all thew "informations" about:  running sav32cli in safe mode - sorry !)

    "You can dothis or that - if you - than you have to this or that or"   ect. ect. ect  - I don#t get it at all..................

     

    May i have an example?  

    My first enty is:  "C:\Programme\Sophos\Sophos Anti-Virus\sav32cli.exe" -

    Could you please complete my entry?  - so, that i can do a REALLY COMPLETE scan to the infected drive: E and the USB drives?

    It,s petty a shame (to Sophos!)  that Sophos don't support david lipman's command line scanner anymore!

    This scanner found EVERYTHING !  and ONLY the part of Sophos found EVERYTHING!

    i wish, that i could change the command line scanner from david lipman!  - change it, so that he could run with my actual

    files from my licensed sophos endpoint!

     

    Anyway:   could you please complete my entry?  my example?

     

    Kind Regards

     

    Lothar Peters

     

    P.S.  i tried to change the MULTI AV scanner (David Lipman)   Multi_AV.exe    "AV-CLS"  - no result - copied all ide's - nada

     

    Here the Link to my Drive Google - Multi AV command line scanner Exe and PDF.

    https://drive.google.com/open?id=1W8bAjlCM8AKRZ7biVV_wnAsbEjPZXii5

     

    Maybe someone can help me, to change the settings to run via my own IDE files from my sophos endpoint 

  • 0 in reply to Lothar Peters

    Hi  

    I will check this my team and shall update you, if there is any option for this. 

    Shweta

    Community Support Engineer | Sophos Technical Support
    Are you a Sophos Partner? | Product Documentation@SophosSupport | Sign up for SMS Alerts
    If a post solves your question use the 'Verify Answer' link.
    The New Home of Sophos Support Videos! - Visit Sophos Techvids
  • 0 in reply to Shweta

    Hi  

    I have discussed this with our escalation team, I would suggest you open a support case for this issue or reach out to your account manager. If you have already raised the case, please PM me the case number.

    Shweta

    Community Support Engineer | Sophos Technical Support
    Are you a Sophos Partner? | Product Documentation@SophosSupport | Sign up for SMS Alerts
    If a post solves your question use the 'Verify Answer' link.
    The New Home of Sophos Support Videos! - Visit Sophos Techvids
  • 0 in reply to Shweta

    It is a shame, that Sophos doe not support David Lipmans command line scanner anymore!

    Resp.  the scanner cant download the IDE files from Sophos.

    I guess, this is because sav32cli can no longer run as standalone.

     

    Long time ago, i was infected  incl. all the Network drives  i had.

    Totally more than 1,5 Terrabyte.

    The includesd scanner where allmost useless / exept Sophos !!!!!!

    The fine detail of David Lipmans command line safe mode scanner was,

    NOT to chose complicated setting!   Just   do you want to scan specific folders   Yes or No.

    Just RUN !  and Sophos found ALL viruses!  Since than, everything was clean!

     

    Todays Scanner    Sophos  Sophos Endpoint advanced   Kasperky  ect. 

    Sorry  useless if i compare them to David Lipmans command line scanner!

    If Sophos could re animate the support for par example David Lipmans scanner

    and make that public !    They would have much mor client !!!!!!!!

     

    Thanks for reading

    a disapointed customer

Unfiltered HTML