May 19, 2008
Tip and Trick Editorial

How to Set or Integrate ESET NOD32 AntiVirus and Smart Security 3.0 as Virus Scanner to Use in Various Programs

ESET Smart Security (ESS) 3.0 and ESET NOD32 AntiVirus (EAV) 3.0 (get free ESET Smart Security) or later versions have changed radically from version 2.7 or older, which has an .exe executable to carry out the virus scanning, cleaning and removal process. In, ESS and EAV 3.0, ESET virus detection service runs as a Windows service to provide real-time file system protection that scan any files accessed, executed, received, downloaded, transferred, or opened, including files within compressed archives and when archive is extracted or unpacked.

Some application programs that deal with downloaded files such as Windows Live Messenger (aka MSN Messenger) which can receive buddies’ transferred files, allow user to set a anti-virus program to scan the files for viruses. File archiver and data compression utility has such security feature too to scan files stored inside the archive for viruses and malware. For example, WinRAR has a VirusScan button or command that allows user to select or specify a virus scanner with its parameter.

Prior to version 3 of ESET NOD32 AntiVirus and ESET Smart Security (version 2.x), ESET AntiVirus module has a program file “nod32.exe” that does the virus scanning job. Thus, nod32.exe can be pointed to from any program that can configure an external third-party anti-virus protection program to launch or run nod32.exe as virus scanning service. However, in EAV or ESS 3, nod32.exe no longer exists, and there is no other replacement executable that can be used to scan files and folders for virus infection.

The only alternative is ECLS Command-Line Scanner (ecls.exe). ECLS is actually a virus scanner for DOS without an GUI (graphical user interface). However, for user who insists that the realtime security protection provided by ESET ESS or EAV antivirus service which scan all files on point of access (receive from download) or decompress (extract from archive), plus web-access protection which scan the HTTP traffic before the data is actually been written to disk, is not enough, ECLS can be used as an alternative to set as virus scanner to use to scan files and folders received by instant messaging (IM) client or unzip from file decompression utility.

To set a program to use ESET NOD32 AntiVirus 3 or ESET NOD32 Smart Security 3 ECLS Command-Line Scanner component to scan files for viruses, use the following command as the virus scanner parameter or properties (including the quotation mark):

“C:\Program Files\ESET\ESET NOD32 Antivirus\ecls.exe” “[path to the saved or downloaded file folder]” /base-dir=”C:\Program Files\ESET\ESET Smart Security” /subdir /symlink /no-log-all /aind /auto /files /boots /arch /mail /sfx /rtp /adware /unsafe /unwanted /pattern /heur /adv-heur /action=clean /quarantine

[path to the saved or downloaded file folder] is optional, but may have to specify if ECLS is not scanning the correct file. Change and replace with actual full path to the folder which saves and stores the file downloaded or transfered or extracted. For example, in Windows Live Messenger, simply copy the full path from “Save received file in this folder” text box (e.g. C:\Users\user_name\Documents\My Received Files) to replace the value. In other program such as WinRAR, a variable is provided, such as %f in the case of WinRAR, see example below.

Note: In Windows Live Messenger, the anti-virus program can be configured at Tool -> Options -> File Transfer and in the text box of Scan files for viruses using. On the same tab there is option to specify which folder to save the received files.

For ESET Smart Security 3 user, the path to ecls.exe has to be changed to “C:\Program Files\ESET\ESET Smart Security\ecls.exe”.

Command above will enable all scanning options (of course, you can always change, add or remove any switches that you don’t want, except base-dir) for files, SFX auto self-extracting archive, boot sector, email file, archive, runtime packer and sub-folders. Beside, ecls.exe uses advanced heuristics scanning and signature database, and follow all symbolic links to detect virus, worm, Trojan, adware, spyware, potentially unsafe or unwanted applications. For more details on the switches and what other options are available as the switches, type ecls /help at ESET installation folder at command prompt window (i.e. “C:\Program Files\ESET\ESET Smart Security\ecls.exe” /help)

The /base-dir switch specifies the working directory for ECLS (ecls.exe) and should not be removed in any case to avoid “scanner Initialization failed” error.

For WinRAR or probably some other software, the identifier for switches (which is / slash) may have to change to double dash (–) for the ECLS to work properly. In this case, enter the following values on “Scan archive for viruses” dialog in WinRAR (including quotation mark).

Virus scanner name: “C:\Program Files\ESET\ESET Smart Security\ecls.exe”
Virus scanner parameters: “%f” –base-dir=”C:\Program Files\ESET\ESET Smart Security” –subdir –symlink –no-log-all –aind –auto –files –boots –arch –mail –sfx –rtp –adware –unsafe –unwanted –pattern –heur –adv-heur –action=clean –quarantine<--strong>

N.B: To avoid “WARNING! The scanner was run in the account of a limited user!” warning message, the calling program has to be run as administrator in elevation mode in Windows Vista. Else, to avoid such trouble, disable UAC.

Pin It on Pinterest

Share This

Share this post with your friends!