The Scanner Command Line Switches

/@<file_name> or /@+<file_name> instructs to scan objects listed in the specified file. Each object is specified in a separate line of the list-file. It can be either a full path with the file name or the ?boot string which means that scanning of boot sectors should be performed. For the GUI version of the scanner the file names with mask and directory names should be specified there. The list-file can be prepared manually in any text editor; this can also be done automatically via applications using the scanner to check certain files. After the scanning is completed, the scanner deletes the list-file, if used without the + character.

/AL to scan all files in the given device, or in the given folder, regardless the extensions or the internal format.

/AR to scan files inside the archives. At present, the scanning of archives (without curing) created by the ARJ, ZIP, PKZIP, ALZIP, RAR, LHA, GZIP, TAR, BZIP2, 7-ZIP, ACE, etc. archivers, as well as of MS CAB-archives Windows Cabinet Files (QUANTUM packing is not supported yet) and ISO-images of optical disks (CD and DVD) is available. As it is specified (/AR) the switch instructs to inform a user when an archive with infected or suspicious files is detected. If the switch is supplemented with the D, M or R modifier, other actions are taken: /ARD delete; /ARM move (by default, to the infected.!!! folder); /ARR rename (by default, the first symbol of the extension is replaced by the # character). The switch may end with the N modifier, and in this case the name of the archiver after the name of the archived file will not be printed.

/CU actions with infected files and boot sectors of drives. The curable objects are cured and the incurable files are deleted without additional D, M or R modifiers (if different action is not specified by the /IC switch). Other actions taken towards infected files: /CUD delete; /CUM move (by default, to the infected.!!! folder); /CUR rename (by default, the first symbol of extension is replaced by the # character).

/DA to scan the computer once a day. The next check date is logged into the configuration file and that is why it should be accessible for writing and subsequent rewriting.

/EX to scan files with extensions listed in the configuration file by default, or, if unavailable, these are EXE, COM, DLL, SYS, VXD, OV?, BAT, BIN, DRV, PRG, BOO, SCR, CMD, 386, FON, DO?, XL?, WIZ, RTF, CL*, HT*, VB*, JS*, INF, PP?, OBJ, LIB, PIF, AR?, ZIP, R??, GZ, Z, TGZ, TAR, TAZ, CAB, HLP, MD?, INI, MBR, IMG, CSC, CPL, MBP, SH, SHB, SHS, SHT*, MSG, CHM, XML, PRC, ASP, LSP, MSO, OBD, THE*, EML, NWS, SWF, MPP, TBB.

If an element of the list of scanned objects contains the explicit file extension, and it is used with special characters * and ?, all files specified in this element of the list will be scanned and not only those matching this list of extensions.

/FAST perform an express scan of the system (for more information on the express scan mode see Anti-Virus check)

/FN to load Russian letters to the video display decoder (for Dr.Web for DOS only).

/FULL perform a full scan of all hard drives and removable data carriers (including boot sectors)

/GO batch mode of the program. All questions implying answers from a user are skipped; solutions implying a choice are taken automatically. This mode is useful for automatic scanning of files, for example, during a daily or weekly check of the hard disk.

/HA to perform heuristic scanning of files and search for unknown viruses in them.

/ICR, /ICD or /ICM actions with infected files which cannot be cured: /ICR rename; /ICD delete; /ICM move.

/LNG:<file_name> or /LNG use alternative language resources file (DWL-file) with specified name or path, and if the path is not specified the inbuilt (English) language.

/ML scan files of e-mail format (UUENCODE, XXENCODE, BINHEX and MIME). As it is specified (/ML) the switch instructs to inform a user if an infected or suspicious object is detected in a mail archive. If the switch is supplemented with the D, M or R modifier, other actions are taken: /MLD - delete; /MLM move (by default, to the infected.!!! folder); /MLR rename (by default, the first symbol of extension is replaced by the # character). The switch may end with the N modifier. In this case the Mail archive message will not be printed.

/MW actions with all types of unsolicited programs. As it is specified (/MW) the switch instructs to inform a user. If the switch is supplemented with the D, M, R or I modifier, other actions are taken: /MWD delete; /MWM move (by default, to the infected.!!! folder); /MWR rename (by default, the first symbol of extension is replaced by the # character); /MWI ignore. Actions with certain types of unsolicited programs are specified by the /ADW, /DLS, /JOK, /RSK, /HCK switches.

/NS disable interrupting of computer scanning. With this switch specified, a user will not be able to interrupt scanning by pressing Esc.

/QU the scanner checks the objects specified in the command line (files, disks, folders) and then automatically terminates (for the GUI version of the scanner only).

/RP<file_name> or /RP+<file_name> log to a file the name of which is specified in the switch. If no name is specified, log to a default file. If the "+" character is present, the file is appended. If there is no character, a new one is created.

/SCP:<n> sets the priority of the scanning process, where <n> is a number ranging from 1 to 50.

/SHELL for the GUI version of the scanner. The switch disables the splash screen display, scanning of the memory and autorun files. The earlier saved lists of paths to files and folders scanned by default are not loaded for scanning. This mode allows to use the GUI version of the scanner instead of the console version to scan only those objects which are listed in the command line switchess.

/SPR, /SPD or /SPM actions with suspicious files: /SPR rename; /SPD delete; /SPM move.

/SS save the mode, specified during the current program launch in the configuration file when the program terminates.

/ST sets stealth mode of the GUI version of the scanner. The program operates without any windows opened and self-terminates. But, if during scanning virus objects were detected, the scanner window will be opened after the scanning is completed. Such scanner mode presupposes, that the list of the scanned objects is specified in the command line.

/TM search for viruses in main memory (including Windows system area). Available for Scanner for Windows only.

/TS search for viruses in autorun files (in Autorun directory, system INI-files, Windows registry). Used only in Scanner for Windows.

/UPN disable the output of the names of the programs used for packing, conversion or vaccination of the scanned executable files to the log file by the scanners.

/WA do not terminate the program until any key is pressed, if viruses or suspicious objects are found (for console scanners only).

Certain switches allow the "-" character to be used at the end. In such "negative" form the switch means cancellation of the mode. Such option can be useful if a certain mode is enabled by default, or with the settings specified earlier in the configuration file. Here is the list of the command line switches allowing the "negative" form:
/ADW /AR /CU /DLS /FN /HCK /JOK /HA /IC /ML /MW /OK /PF /PR /RSK /SD /SO /SP/SS /TB /TM /TS /UP /WA

For /CU, /IC and /SP switches the "negative" form cancels any actions specified in the description of these switches. This means that infected and suspicious objects will be reported but no actions will be applied.

For /INI and /RP switches the "negative" form is written as /NI and /NR accordingly.

For /AL and /EX switches the "negative" form is not allowed. However, specifying one of them cancels the other.

If several alternative parameters are found in the command line, the last of them takes effect.