... | COMMAND LINE OPTIONS
To start Dr.Web, use the following command line:
<program> [disk:][path] [options]
where program - executable module name (DrWebWCL); disk: - logical drive of a hard disk, floppy drive, network drive, CD-ROM, or * (all local logical drives); path - location of files to be checked; it may contain path to the directory on local/network drive (or network directory) and, optionally, filename (or filename mask).
The command line may contain several [disk:][path] parameters delimited with blanks. In this case, the program will sequentially scan the specified objects.
Command line options (delimited with blanks)
/@[+]<file> - check objects listed in <file>. Each object must be identified on a separate line containing a full pathname (to check file) or the "?boot" keyword (to check boot sectors). The list file can be created with any text editor. When scan is completed, Dr.Web deletes the list file, unless "+" is included in the option; /ADW[I|D|M|R] - determine the actions for detected adware: I - ignore; D - delete, M - move (by default, to the INFECTED.!!! directory), R - rename (by default, the extension's first character is changed to "#"); /AL - scan all files on a given drive or directory; /AR[D|M|R][N] - check all files inside archives (ARJ, CAB, GZIP, LZH, RAR, TAR, ZIP...). Use the optional parameters to specify how archives with infected (or suspicious) objects should be treated as a whole: D - delete, M - move (by default, to the INFECTED.!!! directory), R - rename (by default, the extension's first character is changed to "#"); the N option suppresses the archive type after the name of the archive file; /CN[D|M|R][N] - determine how containers (HTML, RTF, PowerPoint,..) with infected (or suspicious) objects should be treated as a whole: D - delete, M - move (by default, to the INFECTED.!!! directory), R - rename (by default, the extension's first character is changed to "#"); the N option suppresses the container type after the name of the container file; /CU[D|M|R] - cure infected objects and delete incurable files. Or use the optional parameters to specify how infected filed should be treated: D - delete, M - move (by default, to the INFECTED.!!! directory), R - rename (by default, the extension's first character is changed to "#"); /DA - run Dr.Web only once in a day. For this option, the configuration file, (INI-file) containing the date of the next scanning session must be present; /DLS[I|D|M|R] - determine the actions for detected dialers: I - ignore; D - delete, M - move (by default, to the INFECTED.!!! directory), R - rename (by default, the extension's first character is changed to "#"); /EX - scan files that have extensions associated with executable modules and MS Office documents (COM, EXE, SYS, BAT, CMD, DRV, BIN, DLL, OV?, BOO, PRG, VXD, 386, SCR, FON, DO?, XL?, WIZ, RTF, CL*, HT*, VBS, JS*, INF, A??, ZIP, R??, PP?, HLP, OBJ, LIB, MD?, INI, MBR, IMG, CSC, CPL, MBP, SH, SHB, SHS, SHT*,MSG, CHM, XML, PRC, ASP, LSP, MSO, OBD, THE*, EML, NWS, TBB); /GO - run without asking you what to do next (in such situations as not enough disk space for unpack operation, invalid parameters in the command line, Dr.Web infected by unknown virus, etc.). This option might be useful, say, for automatic check of incoming e-mail; /HA - enable the heuristic analyzer that can detect unknown viruses; /HCK[I|D|M|R] - determine the actions for detected hack tools: I - ignore; D - delete, M - move (by default, to the INFECTED.!!! directory), R - rename (by default, the extension's first character is changed to "#"); /IC[D|M|R] - determine how to treat incurable files: D - delete, M - move (by default, to the INFECTED.!!! directory), R - rename (by default, the extension's first character is changed to "#"); /INI:<path> - use an alternative configuration file (INI-file); /JOK[I|D|M|R] - determine the actions for detected joke programs: I - ignore; D - delete, M - move (by default, to the INFECTED.!!! directory), R - rename (by default, the extension's first character is changed to "#"); /LNG[:<path>] - use an alternative language file (DWL-file), or built-in (english) language; /ML[D|M|R][N] - check files of mail format (UUENCODE, XXENCODE, BINHEX, MIME,...). Use the optional parameters to specify how mail files with infected (or suspicious) objects should be treated as a whole: D - delete, M - move (by default, to the INFECTED.!!! directory), R - rename (by default, the extension's first character is changed to "#"); the N option suppresses the mail type after the name of the mail file; /MW[I|D|M|R] - determine the actions for all types of malware programs (i.e. adware, dialers, hack tools, jokes, riskware): I - ignore; D - delete, M - move (by default, to the INFECTED.!!! directory), R - rename (by default, the extension's first character is changed to "#"); /NI - ignore the settings in the configuration file (DRWEB32.INI); /NM - skip memory test; /NS - run non-stop (no interruption by pressing ESC); /OK - write a full list of scanned objects and display "OK" next to clean objects; /PF - display the "Scan another diskette?" prompt after checking a floppy disk; /PR - prompt to confirm an action on an infected or suspicious file; /RP[+]<file> - write the scan results to a file (by default, <program>.LOG), <file> is the full pathname of a report file. If the plus sign is included, the recent report will be appended to the report file; otherwise the report file will be overwritten; /RSK[I|D|M|R] - determine the actions for detected riskware: I - ignore; D - delete, M - move (by default, to the INFECTED.!!! directory), R - rename (by default, the extension's first character is changed to "#"); /SCP:<n> - specify the priority of the scanning process over other processes in the system (n - number from 1 to 50; default value is 25); /SD - scan subdirectories; /SL - scan symlinks; /SO - play sounds; /SP[D|M|R] - determine how to treat suspicious files: D - delete, M - move (by default, to the INFECTED.!!! directory), R - rename (by default, the extension's first character is changed to "#"); /SS - save current settings when the program terminates; /TB - scan boot sectors and master boot record; /TM - scan memory for viruses (including Windows system memory); /TS - scan startup files; /UPN - disable the output of names of file packers used for packing the scanned executable files to the log file; /WA - wait after scan is finished if viruses or suspicious objects were found; /? - display help.
If DBWEB32.INI is not present or not used, the default options are: /AL /AR /HA /ML /PR /SD /SL /TB /TM /TS
Some options can be postfixed with the "-" character. This "negation" form disables the respective function or mode. It might be useful if the mode is enabled by default or via settings in the INI-file.
The negation form can be applied to the following command-line options: /ADW /AR /CU /DLS /FN /HCK /JOK /HA /IC /ML /MW /OK /PF /PR /RSK /SD /SL /SO /SP /TB /TM /TS /UP /WA
Note that the negation form of /CU, /IC and /SP cancels all actions enabled by these options. It means that information about infected and suspicious objects will appear in the report file only.
/AL, /EX and /FM cannot be used in the negation form. However, any of these options disables the other two. |