Page 1 of 1

Using Sophos Emergency Command Line Scanner

Posted: March 12th, 2010, 6:17 pm
by wd
Sav32cli is a command line anti-virus engine that is provided for free by Sophos. Expand downloaded files for Sav32Cli and then download and expand the most recent definitions. The default installation location is C:\sav32cli (if badly infected go to a clean pc to get these files and burn them to a cd)

Download Sav32Cli
Download The Most Recent Self-Extractor Definition

Reboot and enter Save Mode with Command Prompt by repeatedly tapping F6 as the computer boots. In the command prompt, type the following and hit enter:

Code: Select all

cd c:\sav32cli
To start an anti-virus scan, simply type the following:

Code: Select all

Other switches may prove useful. The following options may be prefixed with 'n' to invert their meaning (for example, '-nsc' is the inverse of '-sc').

[*] indicates the option is the default:

-sc [*] : Scan inside dynamically compressed executables
-f [ ] : Full scan
-di [ ] : Disinfect infected items
-s [*] : Run silently (do not list files swept)
-c [*] : Ask for confirmation before disinfection/deletion
-b [*] : Sound bell on virus detection
-all [ ] : Scan all files
-rec [*] : Do recursive scan
-remove [ ] : Remove infected objects
-dn [ ] : Display names of files as they are scanned
-ss [ ] : Don't display anything except on error or virus
-eec [ ] : Use extended error codes
-ext=XXX, .. : Specify additional extensions to scan
-v : Display complete version information
-vv : Display complete version and IDE information
-h : Display this help and exit
-p= : Write to log file
-mbr [ ] : Scan master boot records on all hard disks
-bs=X,. [ ] : Scan boot sector of each drive listed
-mac [ ] : Scan for Macintosh viruses
-cdr=X, .[ ] : Scan boot sector in bootable image of each CD drive listed

The following options are related to archives and other special file types:

-zip [ ] : Scan inside ZIP archives
-gzip [ ] : Scan inside GZIP compressed files
-arj [ ] : Scan inside ARJ archives
-cmz [ ] : Scan inside Unix-compressed files
-tar [ ] : Scan inside TAR archives
-rar [ ] : Scan inside RAR archives
-cab [ ] : Scan inside Microsoft Cabinet files
-archive [ ] : All of the above (see below for a full list)
-loopback [ ] : Scan inside loopback-type files
-mime [ ] : Scan files encoded in MIME format
-oe [ ] : Scan Microsoft Outlook Express mailbox files (you must also
use the -mime option with this option)
-tnef [ ] : Scan inside TNEF files


Code: Select all


Code: Select all


Code: Select all