McAfee VCLCDE-AA-DA Product Guide - Page 24

Using heuristic analysis, Producing reports, Table 3-2,

Get McAfee VCLCDE-AA-DA - VirusScan Command Line Scanner Standard PDF manuals and user guides View all McAfee VCLCDE-AA-DA manuals
Add to My Manuals
Save this manual to your list of manuals

Page 24 highlights

VirusScan® Command Line 5.20.0 Product Guide 3 Using the Command-Line Scanner Using heuristic analysis Using heuristic analysis A scanner uses two techniques to detect viruses - signature matching and heuristic analysis. A virus signature is simply a binary pattern that is found in a virus-infected file. Using information in the DAT files, the scanner searches for those patterns. However, this approach cannot detect a new virus because its signature is not yet known, therefore the scanner uses another technique - heuristic analysis. Programs, documents or e-mail messages that carry a virus often have distinctive features. They might attempt unprompted modification of files, invoke mail clients, or use other means to replicate themselves. The scanner analyzes the program code to detect these kinds of computer instructions. The scanner also searches for "legitimate," non-virus-like behavior, such as prompting the user before taking action, and thereby avoids raising false alarms. In an attempt to avoid detection, some viruses are encrypted. Each computer instruction is simply a binary number, but the computer does not use all the possible numbers. By searching for unexpected numbers inside a program file, the scanner can detect an encrypted virus. By using these techniques, the scanner can detect both known viruses and many new viruses and variants. Options that use heuristic analysis include /ANALYZE, /MANALYZE, and /PANALYZE. See Table 3-2, Scanning options on page 25. Producing reports The scanner can report its results in a log file that you create and name. In this example, the scanner creates its report in a log file called WEEK40.TXT, which appears in your current working directory. To create a report: 1 If you do not already have the VirusScan program directory listed in your path statement, change to the directory where you stored your VirusScan program files. 2 At the command prompt, type: SCAN /ADN /REPORT WEEK40.TXT The scanner scans all network drives and generates a text file of the results. The contents of the report are identical to the text you see on-screen as the scanner is running. 3 To create a running report of the scanner's actions, use the /APPEND option to add any results of the scan to a file. At the command prompt, type: SCAN /ADN /APPEND /REPORT WEEKLY.TXT The scanner scans all network drives, and appends the results of the scan to the existing file, WEEKLY.TXT. 24

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
24
VirusScan
®
Command Line 5.20.0 Product Guide
Using the Command-Line Scanner
Using heuristic analysis
3
Using heuristic analysis
A scanner uses two techniques to detect viruses — signature matching and heuristic
analysis.
A
virus signature
is simply a binary pattern that is found in a virus-infected file. Using
information in the DAT files, the scanner searches for those patterns. However, this
approach cannot detect a new virus because its signature is not yet known, therefore
the scanner uses another technique —
heuristic analysis
.
Programs, documents or e-mail messages that carry a virus often have distinctive
features. They might attempt unprompted modification of files, invoke mail clients, or
use other means to replicate themselves. The scanner analyzes the program code to
detect these kinds of computer instructions. The scanner also searches for
“legitimate,” non-virus-like behavior, such as prompting the user before taking action,
and thereby avoids raising false alarms.
In an attempt to avoid detection, some viruses are encrypted. Each computer
instruction is simply a binary number, but the computer does not use all the possible
numbers. By searching for unexpected numbers inside a program file, the scanner can
detect an encrypted virus. By using these techniques, the scanner can detect both
known viruses and many new viruses and variants. Options that use heuristic analysis
include
/ANALYZE
,
/MANALYZE
,
and
/PANALYZE
. See
Table 3-2
,
Scanning options
on
page 25
.
Producing reports
The scanner can report its results in a log file that you create and name. In this example,
the scanner creates its report in a log file called
WEEK40.TXT
, which appears in your
current working directory.
To create a report:
1
If you do not already have the VirusScan program directory listed in your path
statement, change to the directory where you stored your VirusScan program files.
2
At the command prompt, type:
SCAN /ADN /REPORT WEEK40.TXT
The scanner scans all network drives and generates a text file of the results. The
contents of the report are identical to the text you see on-screen as the scanner is
running.
3
To create a running report of the scanner’s actions, use the
/APPEND
option to add
any results of the scan to a file. At the command prompt, type:
SCAN /ADN /APPEND /REPORT WEEKLY.TXT
The scanner scans all network drives, and appends the results of the scan to the
existing file,
WEEKLY.TXT
.