Supported command-line options for C-based command-line scanner

Supported options for the C-based command-line scanner describes the options that the command-line scanner supports.
Supported options for the C-based command-line scanner
Option
Description
-server
Specify one or more Symantec Protection Engines for scanning files.
You must separate multiple entries with a semicolon. If you do not specify a Symantec Protection Engine, the server option defaults to the local host that listens on the default port.
The format for each Symantec Protection Engine is <IPaddress:port>, where IPaddress is the DNS name or IP address of the computer on which Symantec Protection Engine is running, and port is the port number on which Symantec Protection Engine listens.
When more than one Symantec Protection Engine is specified, the load balancing and failover features of the API are activated automatically.
-mode
Optionally override the default antivirus scanning mode.
The scanning modes that you can select are as follows:
  • Scanrepairdelete
    If you do not specify a scanning mode, the scan policy defaults to scanrepairdelete. Symantec Protection Engine tries to repair infected files. Files that cannot be repaired are deleted. This configuration is the recommended setting.
  • Scan
    Files are scanned, but no repair is tried. Infected files are not deleted.
  • Scanrepair
    Symantec Protection Engine tries to repair infected files. Files that cannot be repaired are not deleted.
Symantec Protection Engine version 8.1 does not support repair of infected files.
-verbose
Report detailed information about the file that is scanned.
When you use this option, a line of output is printed to STDOUT for each file that is scanned. The information includes both the name of the file and the result of the scan, including the final disposition of the file.
-details
Report detailed information about the infections or violations that are found.
When you use this option, a block of text is printed to STDOUT for each file that is scanned. The output text indicates the name of the file that was scanned and the result of the scan. If the file is infected or violates an established policy, the output text also provides information about the violation or infection.
If you use the -details option, you do not need to use the -verbose option. The output for the -verbose option is duplicated as part of the output for the -details option.
-timing
Report the time that was required to scan a file.
When you use this option, a line of output is printed to STDOUT for each file that is scanned. The output includes the name of the file that was scanned and the time that it took Symantec Protection Engine to scan the file.
-recurse
Recursively descend into the subdirectories that are inside each path that is specified on the command line.
-onerror
Specify the disposition of a file that has been modified by Symantec Protection Engine when an error occurs when Symantec Protection Engine replaces a file.
The default setting is to delete the file. You can specify one of the following:
  • Leave
    The original (infected) file is left in place.
  • Delete
    The original (infected) file is deleted, even though the replacement data is unavailable.
-exclude
Specify a path of rule file to exclude certain files from scanning. You can exclude files by name from being scanned.
-maxsize
Specify maximum file size in bytes to exclude the files that exceed a limit from being scanned.
Files that exceed the maximum file size limit are not sent to Symantec Protection Engine for scanning.
-log
The command-line scanner redirects the console output to a log file. When the scan finishes, Symantec Protection Engine writes a summary to the log file (if you are running in log mode) and the screen. The summary shows the number of files that were scanned and the number of viruses found.
-api
The command-line scanner now includes services for supporting Symantec Insight , better categorization of threats, and unscannable file handling features.
You can specify one of the following options:
  • 0: Scan file with legacy API's.
    This is the default value.
  • 1: Scan file with enhanced threat categorization API's.
  • 2: Scan file with Insight API's.
-disableinsight
Disable the Symantec Insight feature.
This service is applicable only if -api = 2.
-digitallysigned
Specify if the file is digitally signed.
This service is applicable only if -api = 2.
You can specify one of the following options:
  • 0: File is not digitally signed.
  • 1: File is digitally signed.
-SHA256
Specify the SHA256 value of the file.
This service is applicable only if -api = 2.
-MD5Hash
Specify the MD5 value of the file.
This service is applicable only if -api = 2.
-SourceIP
Specify the source IP of the file.
This service is applicable only if -api = 2.
-SourceURL
Specify the source URL of the file.
This service is applicable only if -api = 2.
-aggressionlevel
Set the scanning aggression level.
This service is applicable only if -api = 2.
You can specify one of the following options:
  • 0: Known Bad
  • 1: Low
  • 2: Medium
    This is the default value.
  • 3: High
-reportinsightinfo
Enable or disable the Insight information for the file.
This service is applicable only if -api = 2.
You can specify one of the following options:
  • 0: Symantec Protection Engine does not provide reputation information in ICAP response.
  • 1: Symantec Protection Engine provides information in ICAP response for Insight convicted files.