ESET NOD32 Antivirus’s antivirus module can be launched via the command line – manually (with the “ecls” command) or with a batch (“bat”) file.
The following parameters and switches can be used when running the on-demand scanner from the command line:
| General options: | |
| –help | show help and quit |
| –version | show version information and quit |
| –base-dir=FOLDER | load modules from FOLDER |
| –quar-dir=FOLDER | quarantine FOLDER |
| –aind | show activity indicator |
| –auto | scans all hard drives in the cleaning mode |
| Targets: | |
| –files | scan files (default) |
| –no-files | do not scan files |
| –boots | scan boot sectors (default) |
| –no-boots | do not scan boot sectors |
| –arch | scan archives (default) |
| –no-arch | do not scan archives |
| –max-archive-level=LEVEL | maximum archive nesting LEVEL |
| –scan-timeout=LIMIT | scan archives for LIMIT seconds at maximum. If the scanning time reaches this limit, the scanning of the archive is stopped and the scan will continue to the next file |
| –max-arch-size=SIZE | only scan the first SIZE bytes in archives (default 0 = unlimited) |
| scan email files | |
| –no-mail | do not scan email files |
| –sfx | scan self-extracting archives |
| –no-sfx | do not scan self-extracting archives |
| –rtp | scan runtime packers |
| –no-rtp | do not scan runtime packers |
| –exclude=FOLDER | exclude FOLDER from scanning (example of excluding multiple folders: –exclude <first>,<second>,…) |
| –subdir | scan subfolders (default) |
| –no-subdir | do not scan subfolders |
| –max-subdir-level=LEVEL | maximum subfolder nesting LEVEL (default 0 =unlimited) |
| –symlink | follow symbolic links (default) |
| –no-symlink | skip symbolic links |
| –ext-exclude=EXTENSIONS | exclude EXTENSIONS delimited by colon from scanning |
| Methods: | |
| –adware | scan for Adware/Spyware/Riskware |
| –no-adware | do not scan for Adware/Spyware/Riskware |
| –unsafe | scan for potentially unsafe applications |
| –no-unsafe | do not scan for potentially unsafe applications |
| –unwanted | scan for potentially unwanted applications |
| –no-unwanted | do not scan for potentially unwanted applications |
| –pattern | use signatures |
| –no-pattern | do not use signatures |
| –heur | enable heuristics |
| –no-heur | disable heuristics |
| –adv-heur | enable Advanced heuristics |
| –no-adv-heur | disable Advanced heuristics |
| Cleaning: | |
| –action=ACTION | perform ACTION on infected objects. Available actions: none, clean, prompt |
| –quarantine | copy infected files to Quarantine (supplements ACTION) |
| –no-quarantine | do not copy infected files to Quarantine |
| Logs: | |
| –log-file=FILE | log output to FILE |
| –log-rewrite | overwrite output file (default – append) |
| –log-all | also log clean files |
| –no-log-all | do not log clean files (default) |
The possible exit codes of the scan:
Note
Exit codes greater than 100 mean that the file was not scanned and therefore can be infected.
0 – no threat found
1 – threat found and cleaned
10 – some files could not be scanned (may be threats)
50 – threat found
100 – error