For those interested in a command-line version of the Panda Engine here's one you can use. Specially interesting is the switch to turn on/off the Genetic Heuristic Engine (GHE from now on). The most useful ones for scanning samples on disk are:
-nob Do not scan boot sectors
-nos Deactivate sounds
-cmp Scan compressed files
-aex Scan all extensions
-rpt: Create report file (ex. -rpt:c:pavclreport.txt)
-heu:1 Activate heuristic scanning paranoid mode
-nomem Do not scan memory
Here you can find the win32 version 9.0.0.7 with advanced tracing and logging. Of course this is available for research purposes only. Contact me if you want the linux version or wish to use this for a not-for-profit public service purpose with sig updates.
Panda Security specializes in the development of endpoint security products and is part of the WatchGuard portfolio of IT security solutions. Initially focused on the development of antivirus software, the company has since expanded its line of business to advanced cyber-security services with technology for preventing cyber-crime.
21 comments
I can't get this to work, running pavcl.exe c: -aex -mem -del
and it you scans the memory and then exits. What am I doing wrong?
Pedro, when running it from a folder named c:pavcl32 with the cmd line you suggested it scans the memory and then exits. If I run it from a folder that has spaces and swedish characters in the name it won’t run at all, it just exits to the cmd line. The DOS version of pavcl runs just fine. Using WinXP SP2.
Using the -mem switch will only scan objects loaded in memory (no files). Use the following to scan files on disk: pavcl.exe -aex -cmp -nob -heu:1 c:path
Go ahead and send me the swedish path you’re using to pbustamante [at] pandasoftware.com
false postive without heuristic on
Dialer.IQQ n c:Program FilesCommon FilesAdobeUpdater5AdobeUpdaterInstallMgr.exe
Thanks. Please provide file version details to pbustamante[at]pandasoftware.com so we can fix it.
sorry for the false postive i was using older definitions
question heu: parameters
IAre these setting correct heuristic setting
heu:1 = high heuristic detection
heu:2 =medium heuristic detection
heu:3 = low heuristic detection
Yep, correct.
how do i scan only a folder and the files inside it
sample
C:Documents and SettingsPCMy Documents
tell me the parameters with a sample
The following will do it:
pavcl -nob -nos -cmp -aex -no2 -heu:1 "C:Documents and SettingsPCMy Documents"
Remember to enclose paths with spaces within quotes. For clarification:
-nob: do not scan boot sector
-nos: deactivate sounds
-cmp: scan compressed files
-aex: scan all extensions
-no2: only detect, don't disinfect
-heu:1 high heuristic settings
Optionally you might not want to use the -no2 parameter if you want to clean the infected files it finds.
where do i get the latest virus defintions for the command-line version of the Panda Engine ?
Im confused about the total number of threats
I downloaded latest definitions and run engine and it says there are 463,200 detected threats
but i look under the new totalscan and it is 755,483 detected threats
please explain these in detail
thank you
On one of the comments above there’s a link to sig updates, but only for testing purposes. For commercial products with regular release sigs visit our main website (www.pandasoftware.com).
Regarding the difference in sigs between the file-based sig and NanoScan/TotalScan sigs, there’s no short answer. I’ll be writing a paper detailing what we call “Collective Intelligence” and how it allows us to detect much more than with traditional AV technologies. In the meantime I suggest reading the NanoScan FAQs for some insight.
Lucass, somehow I lost your comment, but it’s not an error with pavcl. You need to enclose path names with spaces in quotes, such as
pavcl -cmp -aex “c:this is a directory”
This is common with pretty much all cmd applications.
No problem for my post.
Thanks for your clarification, much appreciated
Regards
PS:When release a new(stable) version of platinum 2007? the new version of command line scanner is available in beta version?
For Panda Internet Security 2007 version 11.01.80 which is also Vista compatible check out http://www.pandasoftware.com/beta. Regarding the new command-line scanner based on the 1.4.3 engine I will probably release it here tomorrow.
Thanks.
The version 11.01.80 in this moment is a beta version
(i have in my virtual machine) and have(no offense) a some bugs in the backup modules, in the firewall warning are missing some infos:
Port and ip address
Truprevent engine is “dead”(in this version) ,i’ve tested a new malwares but truprevent don’t block any malicious behaviour.
Cheers
Hello lucass. Please get in touch with beta[at]pandasoftware.com to let them know about these issues so we can fix them. Thanks!
please update the scan engine in ACTIVESCAN PRO soon
The new engine in so much better in detection
thank you
Hello Jon. We’re building totalscan.com to be the new activescan on steroids. I suggest you use totalscan from now on.
Where I can get data bases updates ?
Well I keep one at http://research.pandasoftware.com/blogs/images/pav.zip but I only update it every
now and then. If you’re looking for a full subscription with daily updates, tech support and such, I recommend you visit our main website.