/? – display short help on the program and launch scanning.
/@<file_name> or /@+<file_name> instructs to scan objects listed in the specified file. Each object is specified in a separate line of the list-file. It can be either a full path with the file name or the boot string which means that scanning of boot sectors should be performed. For the GUI-version of the scanner the file names with mask and directory names should be specified there. The list-file can be prepared manually in any text editor; it can also be made automatically by applications using the scanner to check certain files. After the scanning is made, the scanner deletes the list-file, if used without the + character.
/AL – to scan all files in the given device, or in the given folder, regardless the extensions or the internal format.
/AR – to scan files inside the archives. At present, the scanning of archives (without curing) created by the ARJ, ZIP, PKZIP, ALZIP, RAR, LHA, GZIP, TAR, BZIP2, 7-ZIP, ACE, etc. archivers, as well as of MS CAB-archives – Windows Cabinet Files and ISO-images of optical disks (CD and DVD) is available. As it is specified (/AR) the switch instructs to inform a user if an archive with infected or suspicious files is detected. If the switch is supplemented with the D, M or R modifier, other actions are taken: /ARD – delete; /ARM – move (by default, to the infected.!!! directory); /ARR – rename (by default, the first character of extension is replaced by the # character). The switch may end with the N modifier, and in this case the name of the archiver after the name of the archived file will not be printed.
/CN – to set action for containers (HTML, RTF, PowerPoint) with infected or suspicious objects. As specified (/CN) the switch instructs to report such containers to a user. If D, M or R modifiers are added to the switch, a different action is applied: /CND – delete; /CNM – move (by default, to the infected.!!! directory); /CNR – rename (by default, the first character of extension is replaced by the # character). The switch may end with the N modifier, and in such case a message with the container type will not be printed.
/CU – actions with infected files and boot sectors of drives. The curable objects are cured and the incurable files are deleted without additional D, M or R modifiers (if different action is not specified by the /IC parameter). Other actions taken towards infected files: /CUD – delete; /CUM – move (by default, to the infected.!!! directory); /CUR – rename (by default, the first character of extension is replaced by the # character).
/DA – to scan the computer once a day. The next check date is logged into the configuration file and that is why it should be accessible for writing and subsequent rewriting.
/EX – to scan files with extensions listed in the configuration file by default, or, if unavailable, these are EXE, COM, DLL, SYS, VXD, OV?, BAT, BIN, DRV, PRG, BOO, SCR, CMD, 386, FON, DO?, XL?, WIZ, RTF, CL*, HT*, VB*, JS*, INF, PP?, OBJ, LIB, PIF, AR?, ZIP, R??, GZ, Z, TGZ, TAR, TAZ, CAB, HLP, MD?, INI, MBR, IMG, CSC, CPL, MBP, SH, SHB, SHS, SHT*, MSG, CHM, XML, PRC, ASP, LSP, MSO, OBD, THE*, EML, NWS, SWF, MPP, TBB.
|
If an element of the list of scanned objects contains the explicit file extension, and it is used with special characters * and ?, all files specified in this element of the list, and not only those matching this list of extensions, will be scanned. |
/FAST perform an express scan of the system (for more information on the express scan mode see Scan Types.)
/FULL perform a full scan of all hard drives and removable data carriers (including boot sectors).
/GO – batch mode of the program. All questions implying answers from a user are skipped; solutions implying a choice are taken automatically. This mode is useful for automatic scanning of files, for example, during a daily (or weekly) check of the hard disk.
/HA – to perform heuristic scanning of files and search for unknown viruses in them.
/ICR, /ICD or /ICM – what to do with infected files which cannot be cured, /ICR – rename, /ICD – delete, /ICM – move.
/INI:<path> – use alternative configuration file with specified name or path.
/LITE perform a basic scan of random access memory, boot sectors of all disks and startup objects.
/LNG:<file_name> or /LNG – use alternative language resources file (DWL file) with specified name or path, and, if the path is not specified, – the inbuilt (English) language.
/ML – scan files of e-mail format (UUENCODE, XXENCODE, BINHEX and MIME). As it is specified (/ML) the switch instructs to inform a user if an infected or suspicious object is detected in a mail archive. If the switch is supplemented with the D, M or R modifier, other actions are taken: /MLD – delete; /MLM – move (by default, to the infected.!!! directory); /MLR – rename (by default, the first character of extension is replaced by the # character). The switch may end with the N modifier. In this case the "Mail archive" message will not be displayed.
/MW – actions with all types of unsolicited programs. As it is specified (/MW) the switch instructs to inform a user. If the switch is supplemented with the D, M, R or I modifier, other actions are taken: /MWD – delete; /MWM – move (by default, to the infected.!!! directory); /MWR – rename (by default, the first character of extension is replaced by the # character); /MWI – ignore. Actions with some types of unsolicited programs are specified by the /ADW, /DLS, /JOK, /RSK, /HCK switches.
/NI – not to use parameters specified in drweb32.ini configuration file.
/NR – do not create a log file.
/NS – disable interrupting of a computer scanning. With this switch specified, a user will not be able to interrupt scanning by pressing [Esc].
/OK – display full list of scanned objects and mark the uninfected with Ok.
/PF – prompt on, if multiple floppies are scanned.
/PR – prompt for confirmation before action.
/QU – the scanner checks the objects specified in the command line (files, disks, directories) and then automatically terminates (for the GUI version of the scanner only).
/RP<file_name> or /RP+<file_name> – log to a file the name of which is specified in the switch. If no name is specified, log to a default file. If the + character is present, the file is appended. If there is no character, a new one is created.
/SCP:<n> – sets the priority of the scanning process, where <n> is a number ranging from 1 to 50.
/SD – scan subdirectories.
/SHELL – for the GUI version of the scanner. The switch disables the splash screen display, scanning of the memory and autorun files. This mode allows to use the GUI version of the scanner instead of the console version to scan only those objects which are listed in the command line parameters.
/SL – scan symbolic links (for Console Scanner only).
/SO – enables sounds.
/SPR, /SPD or /SPM – what to do with suspicious files, /SPR – rename, /SPD – delete, /SPM – move.
/SS – save the mode specified during the current program launch in the configuration file when the program terminates.
/ST – sets stealth mode of the GUI version of the scanner. The program operates without any windows opened and self-terminates. But, if during scanning virus objects were detected, the scanner window will be opened after the scanning made. Such scanner mode presupposes, that the list of the scanned objects is specified in the command line.
/TB – scan boot sectors and master boot records (MBR) of the hard drive.
/TM – search for viruses in main memory (including Windows system area, available for scanners for Windows only).
/TS – search for viruses in autorun files (in Autorun directory, system ini-files, Windows registry). It is used only in scanners for Windows.
/UPN – disable the output of names of file packers used for packing the scanned executable files to the log file.
/WA – do not terminate the program until any key is pressed, if viruses or suspicious objects are found (for console scanners only).
Certain parameters allow the "-" character to be used at the end. In such "negative" form the parameter means cancellation of the mode. Such option can be useful if this mode is enabled by default, or with the settings specified earlier in the configuration file. Here is the list of the command line parameters allowing "negative" form: /ADW, /AR, /CU, /DLS, /FAST, /FULL, /HA, /HCK, /IC, /JOK, /ML, /MW, /OK, /PF, /PR, /RSK, /SD, /SL, /SO, /SP, /SS, /TB, /TM, /TS, /WA..
For /CU, /IC and /SP parameters the "negative" form cancels any actions specified in the description of these parameters. This means that infected and suspicious objects will be reported but no actions will be applied.
For /INI and /RP parameters the "negative" form is written as /NI and /NR accordingly.
For /AL and /EX the "negative" form is not allowed. However, specifying one of them cancels the other.
If several alternative parameters are found in the command line, the last of them takes effect.