How to use the Command Line Scanner in Symantec Scan Engine 5.x and Protection Engine 7.x for testing purposes
search cancel

How to use the Command Line Scanner in Symantec Scan Engine 5.x and Protection Engine 7.x for testing purposes

book

Article ID: 177240

calendar_today

Updated On:

Products

Protection Engine for Cloud Services Protection for SharePoint Servers Protection Engine for NAS

Issue/Introduction

How to scan a file with the Symantec Scan Engine Command Line Scanner (ssecls) utility?

Resolution

The command line scanner is intended for testing purposes ONLY. It is not intended to be used on a regular basis in a production environment. The command line scanner being used in production is not supported.

  1. In the web interface of Scan Engine 5.x or Protection Engine 7.x ("Scan Engine"), select ICAP as the communication protocol.
  2. To scan files on any Windows, Solaris, or Red Hat Enterprise Linux machine other than the one where Scan Engine is installed, setup the computer for scanning first.
  3. Execute the command line interface (CLI) command to scan the file



To set up a computer to submit files for scanning

  1. Obtain copies of the command-line scanner files from one of the following locations:
    On the computer on which Symantec Scan Engine is installed, the file is located in Program Files (x86)\Symantec\Scan Engine\CmdLineScanner or Program Files\Symantec\Scan Engine\CmdLineScanner.
  2. Copy the entire contents of the CmdLineScanner directory for the appropriate operating system.
  3. On the computer from which the files will be submitted for scanning, place the files in a directory location that is in the command prompt path.



To scan a file

  1. For Linux or Solaris, obtain credentials with unrestricted read access to the local filesystem at the shell prompt
  2. For Windows, login with an account that has unrestricted read access to the local filesystem (normally localsystem), change it from the service logon properties.
  3. If Scan Engine is installed on the same machine, type the following CLI command:
    ssecls /path/file

    ...where path is the complete path to the file and file is the filename of the file you seek to scan
     
  4. If Scan Engine is installed to a different machine, type the following CLI command:
    ssecls -server 127.0.0.1:port /path/file

    ...where 127.0.0.1 is the actual IP address of the machine where Scan Engine is installed, port is the port where Scan Engine listens for ICAP traffic (1344), path is the complete path to the file and file is the filename of the file you seek to scan

If the test is being done at the behest of technical support then please use the verbose switch and also pipe the test results into a text file for sending to technical support, as follows.

ssecls -verbose /path/file > test.txt

(The above command is assuming the test is being done on a local machine and not over  a network.)




References
For more information please refer to the Symantec Implementation Guide, which can be found in the downloads Documentation folder.


Technical Information
Command-line scanner syntax


The command-line scanner uses the following general syntax:

ssecls [-options] ...] The parameter allows the ability specify one or more files or directories to scan. Each file or directory must be separated by spaces. it is possible to use the absolute or relative path. If the specified path is to a file, the file is scanned. If the path is to a directory, all of the files in the directory are scanned. NOTE: Do not use a path with symbolic linking. Symantec Scan Engine does not follow a symbolic link to a file. It is possible to specify any combination of files and directories. It is necessary to separate multiple entries with a space. For example: ssecls [-options] It is possible to specify any mounted file system, mount point, or mapped drive. For example: C:\Work\Scantest.exe /export/home/ Follow the standard formats for the operating system for handling path names in regards to special characters, quotation marks, or wildcard characters. If recursive directory scanning is wanted to scan additional files, it is necessary to use the -recurse option. Command-line scanner usage Only specify files or directories for which the appropriate permissions are in place. To send files, It is necessary to have read access to the files. To repair (replace) or delete files, It is necessary  to have permission to modify or delete the files and have access to the directory where the files are located.  If path is not specified, input data is read from standard input (STDIN) and sent to Symantec Scan Engine for scanning. After the scan, the data (either the original file, if it was clean, or the repaired file) is written to standard output (STDOUT). If a file is infected and cannot be repaired, no data is written to STDOUT. NOTE: DBCS path names in scan requests should not be converted to Unicode (UTF-8) encoding before passing the path to Symantec Scan Engine. Supported options The following describes the options that are supported by the command-line scanner.

Option Descriptions
-server Specify one or more Symantec Scan Engines for scanning files. You must separate multiple entries with a semicolon. If you do not specify a Symantec Scan Engine, the server option defaults to the local host that is listening on the default port. The format for each Symantec Scan Engine is , where IPaddress is the DNS name or IP address of the computer on which Symantec Scan Engine is running, and port is the port number on which Symantec Scan Engine listens. Note: When more than one Symantec Scan Engine is specified, then load balancing and failover features of the API are activated automatically.
-mode Optionally override the default antivirus scanning mode. The scanning modes that you can select are as follows: ? scanrepairdelete: If you do not specify a scanning mode, the scan policy defaults to scanrepairdelete. Symantec Scan Engine tries to repair infected files. Files that cannot be repaired are deleted. This is the recommended setting ? scan: Files are scanned, but no repair is attempted. Infected files are not deleted. ? scanrepair: Symantec Scan Engine tries to repair infected files. Files that cannot be repaired are not deleted.
-verbose Report detailed information about the file that is scanned. When you use this option, a line of output is printed to STDOUT for each file that is scanned. The information includes both the name of the file and the result of the scan, including the final disposition of the file.
-details Report detailed information about infections or violations that are found. When you use this option, a block of text is printed to STDOUT for each file that is scanned. The output text indicates the name of the file that was scanned and the result of the scan. If the file is infected or violates an established policy, the output text also provides information about the violation or infection. Note: If you use the -details option, you do not need to use the -verbose option. The output for the -verbose option is duplicated as part of the output for the -details option.
-timing Report the time that was required to scan a file. When you use this option, a line of output is printed to STDOUT for each file that is scanned. The output includes the name of the file that was scanned and the time that it took Symantec Scan Engine to scan the file.
-recurse Recursively descend into the subdirectories that are inside each path that is specified on the command-line.
-onerror Specify the disposition of a file that has been modified (repaired) by Symantec Scan Engine when an error occurs in replacing the file. The default setting is to delete the file. You can specify one of the following: ? leave: The original (infected) file is left in place. ? delete: The original (infected) file is deleted, even though the replacement data is unavailable.