Hallo Welt!

von raredesign | Dez 3, 2019 | Allgemein | 0 Kommentare

Cokiee Shell

Current Path : /proc/self/root/usr/local/man/man1/

Upload File :

Current File : //proc/self/root/usr/local/man/man1/savscan.1

.\"
.\"  Sophos Anti-Virus savscan(1) manual page
.\"  Copyright 1999-2011 Sophos Limited. All rights reserved.
.\"
.TH SAVSCAN 1 "May 2011" "Sophos Limited"

.SH NAME
\fBsavscan\fP \- threat detection and disinfection utility

.SH SYNOPSIS
.nf
\fBsavscan\fP [\-h] [\-p=<file>]
[\-di] [\-ss] [\-s] [\-dn] [\-c] [\-b] [\-all] [-rec]
[\-remove] [\-eec]
[\-v] [\-vv] [\-maxinfobj=<n>] [\-ext=<extension>,...]
[\-exclude] [\-include]
[\--follow-symlinks] [\--stay-on-filesystem] [\--stay-on-machine]
[\--skip-special] [\--backtrack-protection] [\--preserve-backtrack]
[\--examine-x-bit] [\--reset-atime] [\--show-file-details]
[\--stop-scan]
[\--quarantine] [\-move=<quarantine directory>] [\--args-file=<file>]
[\-bs] [\-bs=<drive>,...] [\-mbr] [\-cdr=<drive>,...]
[\--] [\-idedir=<dir>]
[\-sc] [\-f] [\-q] [\-tnef] [\-actmime] [\-mime] [\-oe]
[\-pua] [\-suspicious]
[\-archive] [\-zip] [\-gzip] [\-arj] [\-cmz] [\-tar] [\-rar] [\-cab]
[\-loopback]
.fi

.SH DESCRIPTION
\fBsavscan\fP is a scanner that detects viruses, worms, Trojans, and other threats, and disinfects both program and document files.

.SH OPTIONS
The following options may be prefixed with 'n' to invert their meaning
(for example, '-ndi' is the inverse of '-di'):
.TP
.B \-h
Display help text and exit
.TP
.B \-p=<file>
Write to log file
.TP
.B \-di
Disinfect
.TP
.B \-ndi
Don't disinfect
.TP
.B \-ss
Keep super silent, don't display anything except on error or threat
.TP
.B \-nss
Don't keep super silent
.TP
.B \-s
Keep reasonably silent, don't list files scanned
.TP
.B \-ns
Don't keep silent, list files scanned
.TP
.B \-dn
Display names of files in form [mm:ss:filename]
.TP
.B \-ndn
Don't display names of files in form [mm:ss:filename]
.TP
.B \-c
Ask for confirmation before disinfection/deletion
.TP
.B \-nc
Don't ask for confirmation before disinfection/deletion
.TP
.B \-b
Sound bell on threat detection
.TP
.B \-nb
Don't sound bell on threat detection
.TP
.B \-all
Scan all files, regardless of filename extension
.TP
.B \-nall
Don't scan all files, scan only files whose filename extensions are in \fBsavscan\fP's extension list (see -vv option for this list)
.TP
.B \-rec
Recurse down directories
.TP
.B \-nrec
Don't recurse down directories
.TP
.B \-remove
Remove infected files, assuming \fBsavscan\fP can't disinfect them
.TP
.B \-nremove
Don't remove infected files, assuming \fBsavscan\fP can't disinfect them
.TP
.B \-eec
Use extended exit codes
.TP
.B \-neec
Don't use extended exit codes
.TP
.B \-v
Output version number information and information about IDEs loaded
.TP
.B \-vv
Output version number information, information about IDEs loaded, and information about which filename extensions and archive types this version supports
.TP
.B \-maxinfobj=<n>
Maximum number of times to attempt to disinfect an item (default 100)
.TP
.B \-ext=<extension>,...
Scan additional filename extensions. For example, -ext=abc adds extension .abc to \fBsavscan\fP's extension list, -ext=def,ghi adds extensions .def and .ghi
.TP
.B \-exclude
Exclude items from scanning (files, directories, or filesystems). For example, the command 'savscan fred harry -exclude tom peter' scans items fred and harry, but NOT tom or peter. The command 'savscan /home/fred -exclude /home/fred/games' scans all of Fred's home directory, but excludes the directory games (and all directories and files under it). Exclusion lists containing large numbers of items can be put into a separate file and excluded by using the -exclude option within that file; \fBsavscan\fP will then use this exclusion list if the --args-file= option is specified
.TP
.B "\-include"
Include items in scanning. Use after the -exclude option, to specify that items after the -include option are to be scanned. For example, the command 'savscan fred harry -exclude tom peter -include bill' scans items fred, harry and bill, but NOT tom or peter
.SH "UNIX/LINUX SPECIFIC OPTIONS"
The following options may be prefixed with 'no-' to invert their meaning (for example, '--no-reset-atime' is the inverse of '--reset-atime'):
.TP
.B  \--follow-symlinks
Scan the object pointed to by symbolic links
.TP
.B  \--stay-on-filesystem
Don't leave the starting filesystem (i.e. don't traverse mount points)
.TP
.B  \--stay-on-machine
Don't leave the starting computer (i.e. don't traverse remote mount points)
.TP
.B  \--skip-special
Don't scan 'special' objects (/dev, /proc, /devices, etc.)
.TP
.B  \--backtrack-protection
Prevent repetition of work ('backtracking') due to symbolic links
.TP
.B  \--preserve-backtrack
Preserve the backtracking information for the duration of this scan
.TP
.B \--examine-x-bit
Scan files with an execute bit set
.TP
.B  \--reset-atime
After scanning each file, reset the access time (also known as the atime) of the file to its value before the scan. \fBNOTE:\fP this causes the inode status-changed time (also known as the ctime) to be updated. When making backups, some archivers use the ctime to determine whether a file has been updated. If you find that your archiver always backs up files which \fBsavscan\fP has scanned, try using \fBsavscan\fP with the --no-reset-atime option instead, to prevent this
.TP
.B  \--show-file-details
Show details of file ownership and permissions when displaying filenames using the -ns option
.TP
.B  \--quarantine
Try to change file ownership and permissions if a file is infected with a virus.
If you use "--quarantine" on its own, \fBsavscan\fP attempts to change the file ownership to the user running \fBsavscan\fP,
and permissions to -r-------- (0400).
You can also specify a uid/username, gid/groupname, or mode, to change ownership and permissions to. To do this,
use "--quarantine:" followed by any of the
following: 'uid=<nnn>', 'user=<username>', 'gid=<nnn>', 'group=<groupname>', 'mode=<ppp>'.
You cannot specify more than one of each type, i.e. you cannot specify username twice,
or both a uid and a username, or the groupname twice, or both a gid and a groupname.
If you don't specify a uid/username, then the default is to try to change ownership to the user running \fBsavscan\fP.
The same applies to the gid/groupname.
If you don't specify a mode, then this defaults to -r-------- (0400).
.TP
.B  \-move=<quarantine directory>
Move infected files to a quarantine directory
.TP
.B  \--args-file=<file>
Read command line arguments (options, directories, and filenames) from file, taking arguments from the command line again when the end of the file is reached. Arguments may be put on separate lines, or on the same line separated by spaces or tabs. A value of \- for <file> specifies taking input from stdin. A small number of command line options may not be used within an args file, namely: -eec, -neec, -p=, -s, -ns, -ss,-nss, -dn, -ndn, -v, -vv, -idedir=. These can only be specified on the command line
.TP
.B  \--stop-scan
Abort scanning of files such as 'zip bombs' which require excessive amounts of time, disk space or memory to scan

.SH
BOOT SECTOR SCANNING OPTIONS

Boot sector scanning is only supported for Linux (Intel/libc6 and AMD64) and
FreeBSD.
.LP
You need to log in as superuser if you want to scan boot sectors. Otherwise
you may not have sufficient permission to access the disk devices.
.LP
You can use \fBsavscan\fP for Linux or \fBsavscan\fP for FreeBSD to scan the boot sectors of
disks created with other operating systems.
For example, if you have a floppy device, you could scan the boot sector of a
floppy disk created with Windows.
Also, if your computer's hard disk has been partitioned so that you can boot into
other operating systems, you can scan the boot sectors of the other partitions (provided that the
operating system you are running can 'see' the other partitions).
.LP
Disinfection of boot sectors can be carried out by using the -di option.
.LP
.TP
.B  \-bs
Scan boot sectors on all logical drives. \fBsavscan\fP examines the partition table for each physical drive and uses that to locate the boot sectors for each logical drive
.TP
.B  \-bs=<drive>,...
Scan boot sectors on specified logical drives. For example, 'savscan -bs=/dev/fd0' scans the boot sector of the floppy disk, 'savscan -bs=/dev/hda1' scans the boot sector of one of the logical drives on the hard disk
.TP
.B  \-nbs
Don't scan boot sectors
.TP
.B  \-mbr
Scan master boot record(s). \fBsavscan\fP scans the master boot record(s) of all the fixed physical drives on the computer
.TP
.B  \-nmbr
Don't scan master boot record(s)
.TP
.B \-cdr=<drive>,...
Scan CD boot sectors of listed drives

.SH "SPECIAL OPTIONS"
.TP
.B \--
Indicate that this is the end of the options. Anything after this on the command line is treated as a file, directory, or filesystem, even if it starts with a '-'
.TP
.B \-idedir=<dir>
Read IDEs from directory <dir>, not from the same directory which contains the threat data

.SH "ENGINE CONTROL OPTIONS"
The following options control the way \fBsavscan\fP's threat detection engine scans files:
.TP
.B \-sc
Scan inside dynamically compressed files
.TP
.B \-nsc
Don't scan inside dynamically compressed files
.TP
.B \-f
Do full scan
.TP
.B \-q
Do quick scan \- not full scan
.TP
.B \-nf
Same as -q, don't do full scan
.TP
.B \-tnef
Scan TNEF files
.TP
.B \-ntnef
Don't scan TNEF files
.TP
.B \-actmime
Scan for Active MIME viruses
.TP
.B \-nactmime
Don't scan for Active MIME viruses
.TP
.B \-mime
Scan inside MIME encoded files
.TP
.B \-nmime
Don't scan inside MIME encoded files
.TP
.B \-oe
Scan inside Outlook Express files
.TP
.B \-noe
Don't scan inside Outlook Express files
.TP
.B \-pua
Scan for adware/potentially unwanted applications (PUAs). This option scans for the primary component of PUAs.
.TP
.B \-npua
Do not scan for adware/PUAs
.TP
.B \-suspicious
Scan for suspicious files
.TP
.B \-nsuspicious
Do not scan for suspicious files

.SH "ARCHIVE AND SPECIAL FILE TYPE OPTIONS"
The following options are related to archives and special file types:
.TP
.B \-zip
Scan inside ZIP archives
.TP
.B \-gzip
Scan inside gzip compressed files
.TP
.B \-arj
Scan inside ARJ archives
.TP
.B \-cmz
Scan inside UNIX-compressed files
.TP
.B \-tar
Scan inside tar archives
.TP
.B \-rar
Scan inside RAR archives
.TP
.B \-cab
Scan inside Microsoft Cabinet archives
.TP
.B \-archive
Scan inside all of the above
.TP
.B \-loopback
Scan inside loopback files
.SH EXIT STATUS

\fBsavscan\fP returns error codes if there is an error or if a threat is detected.
.TP
\fBsavscan\fP returns:

.TP
.B 0
If no errors are encountered and no threats are detected.
.TP
.B 1
If you interrupt \fBsavscan\fP (usually by pressing CRTL+C) or kill the process.
.TP
.B 2
If some error preventing further execution is encountered.
.TP
.B 3
If threats or virus fragments are detected.

.SH EXTENDED ERROR CODES

\fBsavscan\fP returns a different set of error codes if it is run with the -eec option.
.TP
\fBsavscan\fP returns:
.TP
.B 0
If no errors are encountered and no threats are detected.
.TP
.B 8
If survivable errors are encountered.
.TP
.B 16
If password-protected files have been found.  (They are not scanned.)
.TP
.B 20
If threats are detected and disinfected.
.TP
.B 24
If threats are detected and not disinfected.
.TP
.B 28
If threats are found in memory (not supported by this version).
.TP
.B 32
If there is an integrity check failure.
.TP
.B 36
If unsurvivable errors are encountered.
.TP
.B 40
If execution is interrupted.

.SH
AUTHOR
.nf
Sophos Limited, The Pentagon, Abingdon Science Park, Abingdon, OX14 3YP,
United Kingdom
Tel +44 (0) 1235 559933 or Fax +44 (0) 1235 559935
Sales email sales@sophos.com
Technical support email support@sophos.com
Web http://www.sophos.com/
.fi

Cokiee Shell Web 1.0, Coded By Razor

Kommentar absenden Antworten abbrechen

Du musst angemeldet sein, um einen Kommentar abzugeben.