< Day Day Up > |
vscanx |
vscanx [ options ] [ directory file ]
Used to scan files and directories for possible viruses.
The following options can be used with the vscanx command:
Use a set of heuristics to check clean files for possible viruses.
Attempt to remove any viruses found from an infected file.
Delete any infected files discovered during the scan.
Display the help file for vscanx .
Move any infected files to a specified directory . This option is useful for cordoning off infected files so you can analyze them later.
Recursively scan through any subdirectories in the scan location. Note: if you attempt to recursively scan a directory with a lot of files, you could encounter a Segmentation Fault error. If you see this error message, try scanning the subdirectories individually.
Scan only executable files, such as .bat , .com , .exe , and more.
Display a summary of the results, similar to what is shown in Virex's Results window if you uncheck the "Show detailed results information" checkbox in its Preferences.
Display detailed information about the performed scan.
Display Virex's version number.
Again, these are only a few of vscanx 's options; please consult its manpage for a complete listing and detailed descriptions.
The following examples will show you various uses of vscanx :
$ vscanx --virus-list Virus names stored in /usr/local/vscanx/extra.dat: Virus names stored in /usr/local/vscanx/ names .dat: Aardvark, ABCD, ABCD.b, Aircop, Aircop.e, Alar.mp, Alcon, Alfa.mp.3072, Alive, Alla.mp, Altex.mp, Amjads, Ancev, Andrew, Andris, Andropinis.mp.518, Anticad.1, Anticad.mp.4096, Anticad.mp, Anticmos, Anticmos.e, Anticmos.f, Antiexe, AntiWin95, Exebug, AP, APE.mp, April, Aragon, Daboys, ...
$ vscanx -r --summary ~/Documents Summary report on /Users/chuck/Documents/* File(s) Total files: ........... 5525 Clean: ................. 5525 Not scanned: ........... 0 Possibly Infected: ..... 0
The output shows the location of the file in the filesystem, and gives you a report on the files found in the directory, similar to that found in the graphical Virex application.
$ vscanx --summary -m ~/infected ~/Desktop /Users/chuck/Desktop/EICAR.COM Found: EICAR test file NOT a virus. File has been relocated . Summary report on /Users/chuck/Desktop/* File(s) Total files: ........... 15 Clean: ................. 14 Not scanned: ........... 0 Possibly Infected: ..... 1 Moved: ................. 1 MacChuck:~ chuck$ cd infected MacChuck:~/infected chuck$ ls Users MacChuck:~/infected chuck$ cd Users MacChuck:~/infected/Users chuck$ ls chuck MacChuck:~/infected/Users chuck$ cd chuck MacChuck:~/infected/Users/chuck chuck$ ls Desktop MacChuck:~/infected/Users/chuck chuck$ cd Desktop MacChuck:~/infected/Users/chuck/Desktop chuck$ ls EICAR.COM
In the case of this example, vscanx discovered the EICAR.COM test file on my Desktop and flagged it as a file that was possibly infected, and then moved the file to the ~/infected directory. You can see that vscanx also recreated the path to the infected file within the ~/infected directory, as noted by all the ls and cd commands issued. Eventually, the EICAR.COM file ended up in ~/infected/Users/chuck/Desktop .
|
By default, Virex runs only when you tell it to, which can be one of three ways:
When you first log in and the .VirexLogin process runs, causing Virex to launch
When you manually double-click on the Virex application
When you run vscanx on the command line
These options don't help much if you want to regularly have your system checked for viruses every day on a system you rarely shut down. However, since vscanx is a command-line process, you can make it run whenever you'd like, with the help of cron . (If you're new to Unix, cron is a program that you can use to have commands run at specified times.)
For example, to schedule vscanx to run every day at 12:15 p.m., follow these steps:
Launch the Terminal application ( /Applications/Utilities ).
At the prompt, enter the following command:
$ crontab -e
This command opens your crontab file in edit mode (thus the -e option).
If you haven't edited your crontab file before, you will see an empty file in the Terminal window. Also, if you haven't changed your default editor, you will be using vi (as described earlier) to edit the crontab file.
Type the letter "i" (without the quotation marks) to place vi in Insert mode (you should see the word INSERT displayed at the bottom of the Terminal window).
Now type in the following line:
15 12 * * * /usr/local/vscanx -v -r -m ~/infected --summary > ~/Desktop/
vscanxreport.txt /Users/ username
Make sure this is all on one line without any line breaks (meaning, don't hit Return to carry this over to another line). There's a lot going on in that line, so let's break it apart into smaller chunks to help you understand exactly what the command will do:
The first part of the entry 15 12 * * * tells cron what time and day to run the command. In this case, we haven't specified a day, only the time (15 minutes after the 12th hour , so 12:15 p.m.).
Next, we tell cron to issue the vscanx command by giving cron its entire path: /usr/local/vscanx .
Next, some options: -v for verbose output; -r to scan recursively through directories and subdirectories; -m ~/infected to tell vscanx to place any infected files into the ~/infected directory; and, --summary to issue a summary report for the scan.
The next part, > ~/Desktop/vscanxreport.txt , uses a redirect (the > symbol) and tells vscanx to take all of its output and summary, and save that to a file named vscanxreport.txt on the Desktop. That way, when vscanx completes its task, you can look for this file on your Desktop and see how the virus scan went.
After you have entered all of that command on one line, hit the Escape key (Esc) to take the vi editor out of Insert mode. (You should see the word INSERT disappear from the bottom of the Terminal window.)
Now save the changes to your crontab file by typing the command :wq and hitting the Return key. As described earlier, the colon (:) is used to place vi into Command mode, the w tells vi to write (or save) the file, and the q tells vi to quit.
After you hit the Return key, the changes are saved to your crontab file.
Now the next time 12:15 p.m. rolls around, cron invokes this entry from your crontab file and runs vscanx in the background, hopefully while you're out eating lunch . When you come back, you should see the vscanxreport.txt file on your Desktop, which you can read through at your leisure.
To learn more about cron and the crontab file, see their respective manpages ( man cron and man crontab ).
< Day Day Up > |