How to scan a file with the Symantec Scan Engine Command Line Scanner (ssecls) utility?
The command line scanner is intended for testing purposes ONLY. It is not intended to be used on a regular basis in a production environment. The command line scanner being used in production is not supported.
- In the web interface of Scan Engine 5.x or Protection Engine 7.x ("Scan Engine"), select ICAP as the communication protocol.
- To scan files on any Windows, Solaris, or Red Hat Enterprise Linux machine other than the one where Scan Engine is installed, setup the computer for scanning first.
- Execute the command line interface (CLI) command to scan the file
To set up a computer to submit files for scanning
- Obtain copies of the command-line scanner files from one of the following locations:
On the computer on which Symantec Scan Engine is installed, the file is located in Program Files (x86)\Symantec\Scan Engine\CmdLineScanner or Program Files\Symantec\Scan Engine\CmdLineScanner.
- Copy the entire contents of the CmdLineScanner directory for the appropriate operating system.
- On the computer from which the files will be submitted for scanning, place the files in a directory location that is in the command prompt path.
To scan a file
- For Linux or Solaris, obtain credentials with unrestricted read access to the local filesystem at the shell prompt
- For Windows, login with an account that has unrestricted read access to the local filesystem (normally localsystem), change it from the service logon properties.
- If Scan Engine is installed on the same machine, type the following CLI command:
...where path is the complete path to the file and file is the filename of the file you seek to scan
- If Scan Engine is installed to a different machine, type the following CLI command:
ssecls -server 127.0.0.1:port /path/file
...where 127.0.0.1 is the actual IP address of the machine where Scan Engine is installed, port is the port where Scan Engine listens for ICAP traffic (1344), path is the complete path to the file and file is the filename of the file you seek to scan
If the test is being done at the behest of technical support then please use the verbose switch and also pipe the test results into a text file for sending to technical support, as follows.
ssecls -verbose /path/file > test.txt
(The above command is assuming the test is being done on a local machine and not over a network.)
For more information please refer to the Symantec Implementation Guide, which can be found in the downloads Documentation folder.
Command-line scanner syntax
The command-line scanner uses the following general syntax:
|-server||Specify one or more Symantec Scan Engines for scanning files. You must separate multiple entries with a semicolon. If you do not specify a Symantec Scan Engine, the server option defaults to the local host that is listening on the default port. The format for each Symantec Scan Engine is
|-mode||Optionally override the default antivirus scanning mode. The scanning modes that you can select are as follows: ? scanrepairdelete: If you do not specify a scanning mode, the scan policy defaults to scanrepairdelete. Symantec Scan Engine tries to repair infected files. Files that cannot be repaired are deleted. This is the recommended setting ? scan: Files are scanned, but no repair is attempted. Infected files are not deleted. ? scanrepair: Symantec Scan Engine tries to repair infected files. Files that cannot be repaired are not deleted.|
|-verbose||Report detailed information about the file that is scanned. When you use this option, a line of output is printed to STDOUT for each file that is scanned. The information includes both the name of the file and the result of the scan, including the final disposition of the file.|
|-details||Report detailed information about infections or violations that are found. When you use this option, a block of text is printed to STDOUT for each file that is scanned. The output text indicates the name of the file that was scanned and the result of the scan. If the file is infected or violates an established policy, the output text also provides information about the violation or infection. Note: If you use the -details option, you do not need to use the -verbose option. The output for the -verbose option is duplicated as part of the output for the -details option.|
|-timing||Report the time that was required to scan a file. When you use this option, a line of output is printed to STDOUT for each file that is scanned. The output includes the name of the file that was scanned and the time that it took Symantec Scan Engine to scan the file.|
|-recurse||Recursively descend into the subdirectories that are inside each path that is specified on the command-line.|
|-onerror||Specify the disposition of a file that has been modified (repaired) by Symantec Scan Engine when an error occurs in replacing the file. The default setting is to delete the file. You can specify one of the following: ? leave: The original (infected) file is left in place. ? delete: The original (infected) file is deleted, even though the replacement data is unavailable.|
Imported Document Id