I'm happy to announce the availability of our new Panda Antivirus Command-Line scanner (PAVCL) version 9.5.1.00. This new engine incorporates interesting features over previous versions specially focused on detecting and deactivating active rootkits and improved heuristic detection of new and unknown malware:
* Engine version 1.5.1 integration.
* Reboot driver. Disinfection during reboot of active rootkits. Needs to run with admin priviledge.
* Integration of Heuristic engine 7.0.7 with improved performance. Defaults to medium sensitivity.
* Suspicious detection counter in both console and logs.
* Digitally signed executables.
* New log in CSV format (pavcl.log).
The new log format is as follows:
[Date];[Complete_path];[File_name_in_compressed];[Malware_name];[Detection_ID];[Action_taken];
[Sub_action];[Additional_information];[Status_ok_or_error];
As always we have a signature file available from the blog for testing purposes which is NOT updated on a regular basis. For production and critical scanning systems make sure to contact us for a regular signature feed.
Download the new PAVCL 9.5.1.00 from download.com:
Return codes are available for integrations of PAVCL with automated scanning systems. PAVCL returns a numeric value of 4 bytes to indicate the type of program exit, the type of operation performed and the number of malware detected. For more info on this contact me.
This version is compatible with Windows 2000, 2003, XP (32 and 64 bits) and Vista (32 and 64 bits).
Panda Security specializes in the development of endpoint security products and is part of the WatchGuard portfolio of IT security solutions. Initially focused on the development of antivirus software, the company has since expanded its line of business to advanced cyber-security services with technology for preventing cyber-crime.
44 comments
Pedro,
the command line don’t work on my pc.
Cheers
Can Home users download this file for Panda IS 2008?
what has changed in activescan 2.0
please discribe whats changed
Lucass, make sure you’re running with admin priviledges. Contact me via email if you’re still having problems.
Jonte, I’m guessing you’re referring to the signature file. Yes you can use it, but the Panda IS 2009 have a much improved system combining local signatures and in-the-cloud signatures for an even greater detection rate. More info at http://research.pandasecurity.com/archive/Panda-Internet-Security-2009-BETA.aspx
Jon, you can read on what’s new in ActiveScan 2.0 at http://research.pandasecurity.com/archive/Panda-ActiveScan-2.0.aspx
in activescan 2.0 you updated the active scan 2.0 files yesterday I noticed it detects alot more malware as Suspicious then before
what has been changed to detect more unknown malware
please explain in detail
please do a blog entry or reply
thanks
You’re 100% right jon. The difference is basically how Collective Intelligence is implemented. Initial versions of ActiveScan 2.0 downloaded to each PC a limited part of the “knowledge” (signatures) generated by Collective Intelligence. With the version we uploaded a couple of days ago each file you scan gets checked against the total knowledge of Collective Intelligence in real time. This means that you’re connected in real time against our CI servers and scanning is done “in-the-cloud” instead of locally on the PC. More information about Collective Intelligence here:
http://research.pandasecurity.com/archive/Technology-Paper_3A00_-From-AV-to-Collective-Intelligence.aspx
Why the parameter of “-nomem” deleted?
Is that the developer made a mistake?
Is that the new CSV format log does not support for a single file scanning?
The below is the log result of single file scan, I cannot see that it is a CSV log!
—————————————————
Date : 06/07/2008
Time : 22:20:43
File checked : C:AV.exe
Suspicious file
Panda CommandLineSecure 9.05.01 (c) Panda 2008
Time employed for scan ………….: 00:00:02
Number of files scanned …………: 1
Number of files infected ………..: 0
Number of suspicious files ………: 1
Copyright Panda Security 2008
Ray, -nomem was there for older DOS-based platforms. As we don’t support that anymore we took it out.
Andrew, there’s two files that are generated, a PAVCL.LOG (csv format) and a PAVCL.RPT (the one you posted). Check PAVCL.LOG for the csv formatted output.
Pedro,
I have tested “-rpt:pavcl.cvs”, it would output both pavcl.log and pavcl.cvs. If I just used “-rpt:pavcl.log”, it would output pavcl.log only.
Sorry, I made a mistake. For -rpt:pavcl.csv, it would generate a pavcl.log and a pavcl.cvs. The pavcl.log was cvs format. But -rpt:pavcl.log was not.
Sometimes when i scan a file with Virustotal Panda found “Suspicious file”, but my “own” Panda found notething. Why?
Jonte
This page is doesn’t work http://pandasecurity.lin3sdev.com/homeusers/security-info/default.aspx?lst=ac&sitepanda=particulares
please fix this active threats page soon
also there is no Description for this threat
Trj/CI.A
please try to fix these problems
thank you
love jon
Jonte, make sure heuristics is turned on and set to high on your on-demand scan.
Jon, thanks for the heads-up. We’re working on fixing this.
when i use activescan 2.0 it detects a folder as a generic trojan the folder is called F-Secure SDBot.gen8
please try to fix this false postive
Tried it but cannot replicate Jon. Can you provide more details, such as content (files) within the folder, a HijackThis and Panda Anti-Rootkit log?
Here is the activescan 2.0 log
This folder is empty
03257437 Generic Trojan
Virus/Trojan E:UserspcDesktopcheatsconfermed infectedFSecure SDBot.gen8
SUSPECTS
E:UserspcDesktopcheatsconfermed infectedF-Secure SDBot.gen8
I send a sample of the folder though activescan
I hope this helps
And the Binnary of .Tar, .Rpm?
😉 SYSOP
This version only comes in win32 flavour. The latest linux versions are available here:
http://research.pandasecurity.com/archive/Free-commandline-scanner.aspx
What is the LATEST version of PAVCL for LINUX ?
thanx.
Look at the comment above catteau. Linux version available here:
http://research.pandasecurity.com/archive/Free-commandline-scanner.aspx
Nice, clean and a great change under the actual technology.
Perfect the linux version for networks affected.
Only, an option for run under solaris. (perfect for scan networks with a high risk)
Best regards
Can you shed some light as for why the signature file that comes with the new command line version has more signatures (3,441,666 / June 30, 2008) than the signatures that I download when I sign in with the license purchased (1,846,697 / Nov 6, 2008)? Thank you!
Yes Harold, we have different signature files for different purposes. Normally our products which have in-the-cloud scanning from Collective Intelligence include a smaller signature file which includes the most important threats. The rest are queried online. We call this the real-time-wildlist-signature. Then there’s the mega-signature which corresponds to a full signature file.
Thank you Pedro! So, for me to have a broader range of singatures it is better to download the ones from :”http://research.pandasecurity.com/blogs/images/pav.zip”, correct? The other question I have is in regards to sending the signatures definition date to a log file. How do I do that? I tried redirecting the output with “pavcl.exe -info > log.txt” and “pavcl.exe -info -rpt:log.txt”, but it didn’t work.
Harold the sig on the blog is not updated every day. Its only updated once every week or so as this is a free sig I provide for testing purposes. If you need a regularly updated sig download it from the following location:
http://acs.pandasoftware.com/member/pavsig3/pav.zip
This is the full signature and you’ll need an active username/password to access it.
In order to log the date of the sig file, you can simply log the date stamped on the pav.sig file on disk.
Pedro,
Is this new commandLine scanner a different product, or a replacement for the free commandline scanner you’ve posted here:
http://research.pandasecurity.com/archive/Free-commandline-scanner.aspx
?
Thanks.
Barry, same product just a newer version. The download link is the same so regardless of where you download from you’ll get the latest version.
How do i apply to get username/password to get regularly updated sig download it from the following location:
http://acs.pandasoftware.com/member/pavsig3/pav.zip
Thanks
Devaud, simply purchase a license to one of our products and you’ll get a username and password valid for downloading regularly updated sigs. For example from here:
https://shop.pandasecurity.com/cgi-bin/pp?prd=409938
Hello Pedro,
Please, could you tell us if return codes had changed or is the same binary combination as version 9.4.x?
Thanks
Hey Jose, should be the same.
Did the pav.sig for this (http://acs.pandasoftware.com/member/pavsig3/pav.zip) change this week? It seems the pav.sig went from being 100MB to 60MB this week. It used to be a ‘megasig’ and now it’s the same file as the normal pav.sig in the desktop client. Are we missing something?
Yes Gary you’re right. It now redirects to http://acs.pandasoftware.com/member/pavsig/pav.zip which is the regular pav.sig for corporate products. We’ve discontinued the megapavsig for the moment.
Oh, shame, so what’s the advantage of using the command line scanner now over just the normal Panda Desktop scanner if they both use the same sig? Is the megapavsig going to return?
We’re working on the replacement of the megapavsig Gary, which will be much more complete than what you’ve seen until now. I’ll announce it here when it’s ready.
Dear Friends, a little 9-year old girl is crying out for our help. Olga is sick with cancer and urgently needs 100,000 Euro for bone marrow transplantation. Her parents do not have this money, but hope that kind and mercifull people somewhere in the world still exist.
In order to continue her life, a little 9-year old Ukrainian girl Olga Netyukhailo desperately and urgently needs your help.
Olga was diagnosed Acute lymphoblastic leukemia (blood cancer) and currently needs 100 000 Euros for bone marrow transplantation from unrelated donor.
This type of surgery cannot be made in Ukraine, therefore, Olga’s parents brought a girl to Israel. Olga is hospitalized in “Hadassah” hospital (Jerusalem) and is staying there since December 2008. During these 3 month girl has been prepared for surgery – getting chemotherapy and waited for remission. But in addition to cancer, it was discovered that Olga’s lungs are infected with fungus, which makes the treatment more complicated.
http://www.saveolga.tk/
http://www.youtube.com/user/SaveOlga
thank you!!! for your work
when will you guys update the command line scanner
Hi,
I am so thrilled to find a command line virus scanner of the calibre of Panda's product. I am wondering if anyone can tell me if it is possible to run entire from a WRITE-PROTECTED USB drive.
My shallow knowledge of this product failed to let me run this successfully. I have tried using -rpt: to redirect the log file. But from ProcMon it has indicated that it created a few files with KRN_DATA & PSK_MNU suffix.
Is it possible to redirect them from the execution location?
I frequently use WRITE-PROTECTED USB to launch trojan and virus hunting programs.
Thanks for the fine product.
Leon
@Leon, the KRN* and PSK* data files are created the first time you run PAVCL. You might want to run it first in a directory that is not write-protected, and then copy the entire content to your write-protected USB. That ought to bypass the data files issue.
Still I think it'll need to write to the log file. Try playing with the -nor and -rpt: switches to bypass that as well.
Is this product supposed to replace the anti-rootkit solution?
I am taking a security class where we get to play with malware/virus/rootkits and test different solutions and approaches. I decided to test the Panda anti-rootkit solution on a system that had a rootkit. The program found the rootkit and was able to eliminate it. It didnt eliminate the registry entries that the rootkit made tho, it would be nice if it did. Some other people tested other solutions that were able to clean the registry as well as eliminate the rootkit. Is that possible with Panda Antirootkit? It might be a thing to look at. I consider Panda to be ahead of the rest as far as protection is concerned, but i have to confess this was disappointing. Any ideas? Suggestions?
Thanks
Cesar
Hi there,
do you plan to update the Panda Antivirus Command Line scanner for Windows 7?
And if yes, will you integrate updates to the antirootkit scanner?
Another question:
Is the Anti-Rootkit Scanner built into this version 9.5.1 better than the standalone Panda AntiRootkit 1.08?
And does it have the same options and features for scanning for rootkits? Or even more?
regards,
iNsuRRecTiON
@iNsuRRecTiON, it should already run under Windows 7. Just make sure that PAVCL.EXE is marked to run as administrator.
Regarding Pavcl 9.5.1 vs PavArk 1.08, actually PavArk has more detection techniques as it is a standalone tool that can take much more time and perform more in-depth checks, even during boot. Pavcl is basically the same engine as we incorporate in our regular products where we cannot put these same type of checks as it would impact performance too much. This is also the same reason why other AV vendors have stand-alone Anti-Rootkit utilities.