During daily operations, you can run a quick on-demand scan (ODS) for a specific file in an ENSLTP environment. This ODS is accomplished using a right-click scan in Endpoint Security for Windows and VirusScan Enterprise. With ENSLTP, one solution is to create an ODS task and schedule it to "Run immediately." But it requires interaction with the ePolicy Orchestrator (ePO) administrator.
This article describes an alternative solution that creates a local ODS task for a specified file using the command line interface (CLI) feature of ENSLTP, rather than ePO.
Create a shell script as shown below. This script is provided as a customizable example that you can modify according to your needs.
NOTE: Technical Support does
not support the use of custom scripts.
This script runs with two arguments. The first argument is the target file and the second argument is the task name. The script creates an ODS task, gets the created task ID, runs the task, deletes the task, and shows the task report.
$ cat targetscan.sh
#!/bin/bash
TARGET=$1
TASKNAME=$2
/opt/isec/ens/threatprevention/bin/isecav --addodstask --name $TASKNAME --scanpath $TARGET
INDEX=`/opt/isec/ens/threatprevention/bin/isecav --listtask | grep $TASKNAME | awk '{print $1}' | tr -d "|"`
/opt/isec/ens/threatprevention/bin/isecav --runtask --index $INDEX
/opt/isec/ens/threatprevention/bin/isecav --deltask --index $INDEX
cat /opt/isec/ens/threatprevention/var/odsreport/$TASKNAME.log
For example, below is the log if you scan a local test file named
eicar.com.txt where the task name is
170901scan.
$ ./targetscan.sh $PWD/eicar.com.txt 170901scan
ODS Task was successfully added
Task was successfully started
Task was successfully deleted
EVENT = ODS_START | NAME = 170901scan | TIME = 1504224836 | USER = 0
ERROR AMODSScanner [25440] Infection caught File Name: /home/user1/test/eicar.com.txt File Size: 68 Infection Name: EICAR test file Time: 1504224836 Process Name: User Name: root Profile Type: 0
EVENT = ODS_INFECTION | FILENAME = /home/user1/test/eicar.com.txt | VIRUSNAME = EICAR test file | VIRUSTYPE = 6 | ACTION = DELETED
EVENT = ODS_STOP | NAME = 170901scan | TIME = 1504224837 | USER = 0
EVENT = ODS_SUMMARY |
Task Name : 170901scan
Start time : 01/09/17 00:13:56 UTC
End time : 01/09/17 00:13:57 UTC
Total Requests : 1
No of files skipped : 0
No. of Good files : 0
No. of Cache hit : 0
No of Files Excluded : 0
No. of Infections : 1
Timeout : 0
ScanError : 0
No of files cleaned : 0
No of files deleted : 1
Time taken : 1.153279s
Engine version : 5900.7806
DAT version : 8634.0
INFO ScanFactory [25440] ODS Scan Manager is shutting down gracefully
