Knowledge Center

VirusScan Enterprise for Linux commands and options
Technical Articles ID:   KB73316
Last Modified:  7/27/2017


McAfee VirusScan Enterprise for Linux  (VSEL) 2.0.x, 1.9.x


VSEL command line commands and options:
 Command  Description
Starts VSEL processes, which include:
  • nailsd - Scan Manager and Scheduler
  • scanner - anti-virus software: scanner and cleaner
  • mon - interface communications
  • nailswebd - web server
  • nailslogd - configuration, log/alerting
  • ods - On-Demand Scanner
  • nails-update - Updater
NOTE: The lshook and linuxshield kernel modules are also loaded if OAS is enabled.
/etc/init.d/nails stop Stops all VSEL services.
/etc/init.d/nails restart Performs a stop, and then a start.
/etc/init.d/nails reload Reloads the configuration information. This is required only if manual changes are made to configuration files rather than by using the browser interface.
/etc/init.d/nails status Provides status on the running services.
<INSTALL_DIR>/bin/nails --help Displays brief information about all nails commands.
<INSTALL_DIR>/bin/nails --version Displays information about the product version.
<INSTALL_DIR>/bin/nails dump [--verbose] Diagnostic report. This is the same report that is produced by clicking Diagnostic Report on the Scanning Summary page of the browser interface.
The --verbose flag provides more detail, but this greatly increases the size of the report and the time to generate the report.
The output of the command should be redirected to a file.
<INSTALL_DIR>/bin/nails on-access –disable Disables on-access scanning.
<INSTALL_DIR>/bin/nails on-access --enable Enables on-access scanning.
<INSTALL_DIR>/bin/nails on-access --flush Clears the cache of scanned files, forcing the on-access scanner to re-scan files when they are next accessed.
<INSTALL_DIR>/bin/nails on-access –queue Displays information about files currently being processed by the on-access scanner.
<INSTALL_DIR>/bin/nails on-access --status Displays the status of the on-access scanner, whether enabled or disabled.
<INSTALL_DIR>/bin/nails passwd Changes the password for the nails user.
<INSTALL_DIR>/bin/nails quarantine --list [--verbose] Displays information about the files in the on-access quarantine directory.
The metafiles in the quarantine directory provide information that can be used to restore the file.
<INSTALL_DIR>/bin/nails quarantine --recover <meta-file> [<destination-file>] Uses information in the .metafile to recover a file and move the file to its original location, or to the <destination-file>.
Use this command only when a non-infected file has been incorrectly quarantined.
The recovered file might be quarantined again when accessed unless an exclusion has been set up for the recovered file.
<INSTALL_DIR>/bin/nails task --list Lists tasks created at the browser-based interface.
<INSTALL_DIR>/bin/nails task --run taskid Runs the specified task immediately.
<INSTALL_DIR>/bin/nails task --stop taskid Stops the specified task.
/opt/NAI/LinuxShield/bin/khm_setup –c Compiles kernel modules manually using RKMS.
/opt/NAI/LinuxShield/bin/khm_setup –t Tests kernel modules compiled using RKMS. Logs are stored under /opt/NAI/LinuxShield/src/logs.
/opt/NAI/LinuxShield/bin/khm_setup –e <archive path with name> Exports kernel modules to the given path.
/opt/NAI/LinuxShield/bin/khm_setup –i <kernel module archive path> Imports kernel modules from the given path.
cat /opt/NAI/LinuxShield/etc/HF-Version Determine which hotfixes are installed (if any)

  • etc/init.d/nails

    # /etc/init.d/nails stop
    /opt/NAI/LinuxShield/apache/bin/apachectl stop: nailswebd stopped
    stopping the McAfeeVSEForLinux monitor process 2299
    waiting for 2 seconds for the McAfeeVSEForLinux monitor to stop
    stopping the McAfeeVSEForLinux daemon process 2283
    waiting for 2 seconds for McAfeeVSEForLinux to stop

    # /etc/init.d/nails start
    starting the McAfeeVSEForLinux daemon...
    started pid: 3370
    starting the McAfeeVSEForLinux monitor gateway...
    started pid: 3383
    /opt/NAI/LinuxShield/apache/bin/apachectl startssl: nailswebd started

  • # /etc/init.d/nails status
    the McAfeeVSEForLinux daemon is running: process information follows

    root 3370 0.0 0.1 6416 1716 ? Ss 13:57 0:00 /opt/NAI/LinuxShield/libexec/nailsd -c /var/opt/NAI/LinuxShield/etc/nailsd.cfg

    the McAfeeVSEForLinux monitor gateway is running: process information follows

    root 3383 0.0 0.2 22284 2892 ? Ss 13:57 0:00 /opt/NAI/LinuxShield/libexec/mon -p /var/opt/NAI/LinuxShield/etc/monitor.cfg

    the McAfeeVSEForLinux Apache server is running:

        PID = 3393
        no. of HTTP servers = 3
    process information follows:
        3393 ? Ss 0:00 /opt/NAI/LinuxShield/apache/bin/nailswebd -d /opt/NAI/LinuxShield/apache -DSSL

  • /opt/NAI/LinuxShield/bin/nails

    # /opt/NAI/LinuxShield/bin/nails --version

    Virus definition files 8106.0000
    Virus scanning engine 5800.7501
    Virus scanning engine API 5800.7501
    Apache 2.4.2 (Unix)
    OpenSSL 1.0.1s 1 Mar 2016
    sqlite 2.8.17

    # cat /opt/NAI/LinuxShield/etc/HF-Version

    # /opt/NAI/LinuxShield/bin/nails on-access --disable
    reload completed ok

    # /opt/NAI/LinuxShield/bin/nails on-access --enable
    reload completed ok

    # /opt/NAI/LinuxShield/bin/nails on-access --status

    # /opt/NAI/LinuxShield/bin/nails quarantine --list
    /quarantine/Q8388610.270288.93560.000.meta: /root/Desktop/eicar.com.txt

    # /opt/NAI/LinuxShield/bin/nails quarantine --list --verbose
    /quarantine/Q8388610.270288.93560.000.meta: Thu Jul 20 05:01:29 2017 UTC Owner 0 Group 0 Mode 0644 /root/Desktop/eicar.com.txt

    # /opt/NAI/LinuxShield/bin/nails task --list
    LinuxShield configured tasks:
        1 "LinuxShield Update" (Idle)
        2 "Temp-quick" (Stopped)

    # /opt/NAI/LinuxShield/bin/nails task --run 1

    # /opt/NAI/LinuxShield/bin/nails task --stop 1
    The task has been instructed to stop.

    # /opt/NAI/LinuxShield/bin/nails task --list
    LinuxShield configured tasks:
        1 "LinuxShield Update" (Stopping)
        2 "Temp-quick" (Stopped)

    • The '--list' command option above shows the status of task such as Idle, Stopped, Running, Stopping, or Completed.
    • In the command example for quarantine --list --verbose, the file root/Desktop/eicar.com.txt was quarantined at Jul 20 05:01:29 2017 UTC and saved as /quarantine/Q8388610.270288.93560.000.meta file.

Rate this document

Glossary of Technical Terms

 Highlight Glossary Terms

Please take a moment to browse our Glossary of Technical Terms.