Hello,
Downloaded latest DATS, put them in the files dir. Try to run scangui and get Can't find file B:\scan.txt. Tried at command line scan.exe and I get "The program has been altered.
Please replce it with a good copy."
FYI after I copied the extracted SDAT into 'files' I copied over a scan.exe from a freshly downloaded Mcafee cmd line scanner, v6.
What gives? I REALLY NEED THIS!!! HELP!!
Full Version: Mcafee not working both GUI and cmd line
Hi
The previous version of Mcafee sdatzzz.exe contained 2 generations of virus definitions, products using V1 have been declared obsolete
and only v2 definition files are now included.
Until recently I deleted the V2 definition files (to save about 60MB of space)
The front end ScanGUI.exe (which called scan.exe) is now obsolete
(the replacement scan.exe is a dummy file)
The command line scanner can be downloaded if you have a valid mcafee licence
we will have to find a replacement AV program to use
regards
Mike Barnes
The previous version of Mcafee sdatzzz.exe contained 2 generations of virus definitions, products using V1 have been declared obsolete
and only v2 definition files are now included.
Until recently I deleted the V2 definition files (to save about 60MB of space)
The front end ScanGUI.exe (which called scan.exe) is now obsolete
(the replacement scan.exe is a dummy file)
The command line scanner can be downloaded if you have a valid mcafee licence
we will have to find a replacement AV program to use
regards
Mike Barnes
hello again,
just wanted to say please remove your e-mail address as it gets picked up by
web spiders and then they spam you .
also AV 9 has a plugin for Bart it is as good as MAcaffee.
http://www.911cd.net/forums//index.php?showtopic=23439
and is free for personal use.
Regards Ben
just wanted to say please remove your e-mail address as it gets picked up by
web spiders and then they spam you .
also AV 9 has a plugin for Bart it is as good as MAcaffee.
http://www.911cd.net/forums//index.php?showtopic=23439
and is free for personal use.
Regards Ben
definate bummer, this was a nice tool to have in bartPE.
now i'm left with just Sophos as a easy to update viri scanner.
what else are you guys using that is small/light?
i like to keep my PE on a 512USB key so it's compatible with some older motherboard si still have to maintain that won't boot with bigger keys.
now i'm left with just Sophos as a easy to update viri scanner.
what else are you guys using that is small/light?
i like to keep my PE on a 512USB key so it's compatible with some older motherboard si still have to maintain that won't boot with bigger keys.
Cureit, but sometimes there are problems to update.
ClamWin is about 40 MB and portable. McAfee's Stinger is small. CureIt needs a 96MB RAMdrive and TrendMicro's SysClean needs a 128MB RAMdrive.
If you have online access with the older MBs you can use several online scanners.
If you have online access with the older MBs you can use several online scanners.
thanks guys. i like cureit but it can be tricky to launch with those nag screens.
i also have been burned with it expiring on me when i wanted to use it.
(even if the defs were old in McAfee it at least still ran)
i've been using clamwin in parted which has been ok.
anythign else?
eithe rway, the end of McAfee in Bart is kinda sad.
i also have been burned with it expiring on me when i wanted to use it.
(even if the defs were old in McAfee it at least still ran)
i've been using clamwin in parted which has been ok.
anythign else?
eithe rway, the end of McAfee in Bart is kinda sad.
QUOTE (araczek @ Apr 22 2010, 03:15 PM) 
Hello,
Downloaded latest DATS, put them in the files dir. Try to run scangui and get Can't find file B:\scan.txt. Tried at command line scan.exe and I get "The program has been altered.
Please replce it with a good copy."
FYI after I copied the extracted SDAT into 'files' I copied over a scan.exe from a freshly downloaded Mcafee cmd line scanner, v6.
What gives? I REALLY NEED THIS!!! HELP!!
Downloaded latest DATS, put them in the files dir. Try to run scangui and get Can't find file B:\scan.txt. Tried at command line scan.exe and I get "The program has been altered.
Please replce it with a good copy."
FYI after I copied the extracted SDAT into 'files' I copied over a scan.exe from a freshly downloaded Mcafee cmd line scanner, v6.
What gives? I REALLY NEED THIS!!! HELP!!
I've used the v6 command line scanner and it does work in BARTPE. Your probably missing some files based on the error message or have a bad copy.
Have you tested with just the files included with mcafee command line scanner v6 without making any changes.
The only real problem i've run into with the new version is it tries to verify mcscan32.dll with CRL.VERISIGN.NET over the net. There is a long delay if you have networking enable or not and it eventually gives the following error and start scanning normally.
mcscan32.dll has failed its integrity check.
I can also say using updated signatures does work.
QUOTE (mbarnes @ Apr 22 2010, 07:13 PM)
The front end ScanGUI.exe (which called scan.exe) is now obsolete
(the replacement scan.exe is a dummy file)
The command line scanner can be downloaded if you have a valid mcafee licence.
(the replacement scan.exe is a dummy file)
The command line scanner can be downloaded if you have a valid mcafee licence.
There is a trial version also.
QUOTE (Malice @ May 1 2010, 01:00 AM)
The only real problem i've run into with the new version is it tries to verify mcscan32.dll with CRL.VERISIGN.NET over the net. There is a long delay if you have networking enable or not and it eventually gives the following error and start scanning normally.
mcscan32.dll has failed its integrity check.
mcscan32.dll has failed its integrity check.
Dear :
https://mysupport.mcafee.com/Eservice/artic...&id=KB67845
After an update, run the following command once to decompress the newly downloaded DATs and accelerate the time for subsequent initializations.
scan /DECOMPRESS
hello
I found myself struggling against the same problems...
>the v2DAT does not work with v1scan.exe
>the Bart-GUI-Wrapper does not work
In my special case...
I use the scan-engine on a stand-alone-client...
The updates are performed manually once in the week!
My BartPE is based on the chip-rettungs-dvd(XPE), which uses a ramdrive.
I'm working on a solution to overcome the problems stated above and my conclusions are:
problem1
>the new v2scan.exe must be able to write a runtime.dat from approximatly the size of the avvscan.dat on a writeable media
>>executing v2scan from a readonly-media fails
>>executing v2scan from a ramdrive from commandline works fine
>>by copying the v2scan from cd to ramdrive, a crc-error occures !!!
>>my override is:
a)zip the whole files-directory from the plugins-directory
b)copying the zip to the ramdrive and extracting the zip there
c)executing the v2scan on the ramdrive
problem2
>on http://www.paehl.de/news/?p=247 you can get a new free GUI-wrapper for the v2scan
>>requires the v2scan and the DAT in the same directory otherwise a download is performed
>>in conclusion with problem1, the dpvirscan-GUI has to be on the ramdrive
>>works fine, produces a html-summary of the scan-results !
summary:
>the size of the ramdrive is important, don't forgett the runtime.dat
>the switch scan /decompress leads to the runtime.dat with lower time-consumption on subsequent executions
>v2scan and dpvirscan-GUI are working fine together
>manually update is possible
my bottleneck is:
>how can I define a autorun_mcafee.cmd which is executed (copies and unpack the zip to the ramdrive)...
>before the [Software.AddReg]-Hive looks for the presence of the dp_virscan.exe on the ramdrive ???
>>I want to point from the [Software.AddReg]-Hive directly to the ramdrive like:
0x2,"Sherpya\XPEinit\Desktop","McAfee","%ramdrv%\programs\mcafee\dp_virscan.exe||%ramdrv%\programs\mcafee\McAfee.ico"
I want to implement this in my stand-alone-solution in case for rebooting the client.
Otherwise the users will not be able to use mcafee-scan...
After all the troubles in the last weeks...
I'm looking forward...
McAfee Commandlinescanner with the new dpvirscan-GUI is working fine !!!
I found myself struggling against the same problems...
>the v2DAT does not work with v1scan.exe
>the Bart-GUI-Wrapper does not work
In my special case...
I use the scan-engine on a stand-alone-client...
The updates are performed manually once in the week!
My BartPE is based on the chip-rettungs-dvd(XPE), which uses a ramdrive.
I'm working on a solution to overcome the problems stated above and my conclusions are:
problem1
>the new v2scan.exe must be able to write a runtime.dat from approximatly the size of the avvscan.dat on a writeable media
>>executing v2scan from a readonly-media fails
>>executing v2scan from a ramdrive from commandline works fine
>>by copying the v2scan from cd to ramdrive, a crc-error occures !!!
>>my override is:
a)zip the whole files-directory from the plugins-directory
b)copying the zip to the ramdrive and extracting the zip there
c)executing the v2scan on the ramdrive
problem2
>on http://www.paehl.de/news/?p=247 you can get a new free GUI-wrapper for the v2scan
>>requires the v2scan and the DAT in the same directory otherwise a download is performed
>>in conclusion with problem1, the dpvirscan-GUI has to be on the ramdrive
>>works fine, produces a html-summary of the scan-results !
summary:
>the size of the ramdrive is important, don't forgett the runtime.dat
>the switch scan /decompress leads to the runtime.dat with lower time-consumption on subsequent executions
>v2scan and dpvirscan-GUI are working fine together
>manually update is possible
my bottleneck is:
>how can I define a autorun_mcafee.cmd which is executed (copies and unpack the zip to the ramdrive)...
>before the [Software.AddReg]-Hive looks for the presence of the dp_virscan.exe on the ramdrive ???
>>I want to point from the [Software.AddReg]-Hive directly to the ramdrive like:
0x2,"Sherpya\XPEinit\Desktop","McAfee","%ramdrv%\programs\mcafee\dp_virscan.exe||%ramdrv%\programs\mcafee\McAfee.ico"
I want to implement this in my stand-alone-solution in case for rebooting the client.
Otherwise the users will not be able to use mcafee-scan...
After all the troubles in the last weeks...
I'm looking forward...
McAfee Commandlinescanner with the new dpvirscan-GUI is working fine !!!
@Malice
During this long delay scan.exe is building the runtime.dat file (about 60MB).
About the message mcscan32.dll has failed its integrity check: McAfee writes in KB66765
...
The 5400 AV-Engine is digitally signed by a Verisign certificate. The Command Line Scanner for Windows (scan.exe) performs a certificate check on the Engine when it runs.
...
I think, in BartPE it's not possible to make this certificate check. If you verify the properties of a digitally signed file like mscan32.dll (right-click the file and select properties)
you cannot view the signature because the tab 'Digital Signature' is not present.
In KB66763 McAfee writes
...
As of the 5400 release, the Windows engine is digitally signed with a public key certificate issued by VeriSign Inc. This change allows point products to verify the engine DLL origin and integrity using standard Win32 API calls.
...
It seems that this Win32 API doesn't exist/work in BartPE.
It would be nice if someone could make this API working!
fuwi
QUOTE (Malice @ May 1 2010, 02:00 AM)
The only real problem i've run into with the new version is it tries to verify mcscan32.dll with CRL.VERISIGN.NET over the net. There is a long delay if you have networking enable or not and it eventually gives the following error and start scanning normally.
mcscan32.dll has failed its integrity check.
mcscan32.dll has failed its integrity check.
During this long delay scan.exe is building the runtime.dat file (about 60MB).
About the message mcscan32.dll has failed its integrity check: McAfee writes in KB66765
...
The 5400 AV-Engine is digitally signed by a Verisign certificate. The Command Line Scanner for Windows (scan.exe) performs a certificate check on the Engine when it runs.
...
I think, in BartPE it's not possible to make this certificate check. If you verify the properties of a digitally signed file like mscan32.dll (right-click the file and select properties)
you cannot view the signature because the tab 'Digital Signature' is not present.
In KB66763 McAfee writes
...
As of the 5400 release, the Windows engine is digitally signed with a public key certificate issued by VeriSign Inc. This change allows point products to verify the engine DLL origin and integrity using standard Win32 API calls.
...
It seems that this Win32 API doesn't exist/work in BartPE.
It would be nice if someone could make this API working!
fuwi
This is the result of checking mcscan32.dll with sigcheck.exe under BartPE (Invalid Signature):
And this is the result under normal XP:
fuwi
QUOTE
F:\test>sigcheck -e -i
Sigcheck v1.66 - File version and signature viewer
Copyright © 2004-2010 Mark Russinovich
Sysinternals - www.sysinternals.com
F:\test\sigcheck.exe:
Verified: Invalid Signature
Signing date: 16:26 26.02.2010
Publisher: Sysinternals - www.sysinternals.com
Description: File version and signature viewer
Product: Sysinternals Sigcheck
Version: 1.66
File version: 1.66
F:\test\mcscan32.dll:
Verified: Invalid Signature
Signing date: 14:03 11.01.2010
Publisher: McAfee, Inc.
Description: AV Scanning Engine
Product: McScan
Version: 5.4.00
File version: 5.4.00
F:\test>
Sigcheck v1.66 - File version and signature viewer
Copyright © 2004-2010 Mark Russinovich
Sysinternals - www.sysinternals.com
F:\test\sigcheck.exe:
Verified: Invalid Signature
Signing date: 16:26 26.02.2010
Publisher: Sysinternals - www.sysinternals.com
Description: File version and signature viewer
Product: Sysinternals Sigcheck
Version: 1.66
File version: 1.66
F:\test\mcscan32.dll:
Verified: Invalid Signature
Signing date: 14:03 11.01.2010
Publisher: McAfee, Inc.
Description: AV Scanning Engine
Product: McScan
Version: 5.4.00
File version: 5.4.00
F:\test>
And this is the result under normal XP:
QUOTE
Sigcheck v1.66 - File version and signature viewer
Copyright © 2004-2010 Mark Russinovich
Sysinternals - www.sysinternals.com
D:\PEBuilder\zz_other_tools\sigcheck\sigcheck.exe:
Verified: Signed
Catalog: D:\PEBuilder\zz_other_tools\sigcheck\sigcheck.exe
Signers:
Microsoft Corporation
Microsoft Code Signing PCA
Microsoft Root Authority
Signing date: 02:28 27.02.2010
Publisher: Sysinternals - www.sysinternals.com
Description: File version and signature viewer
Product: Sysinternals Sigcheck
Version: 1.66
File version: 1.66
D:\PEBuilder\zz_other_tools\sigcheck\mcscan32.dll:
Verified: Signed
Catalog: D:\PEBuilder\zz_other_tools\sigcheck\mcscan32.dll
Signers:
McAfee, Inc.
VeriSign Class 3 Code Signing 2004 CA
Class 3 Public Primary Certification Authority
Signing date: 16:32 29.07.2009
Publisher: McAfee, Inc.
Description: AV Scanning Engine
Product: McScan
Version: 5.4.00
File version: 5.4.00
Copyright © 2004-2010 Mark Russinovich
Sysinternals - www.sysinternals.com
D:\PEBuilder\zz_other_tools\sigcheck\sigcheck.exe:
Verified: Signed
Catalog: D:\PEBuilder\zz_other_tools\sigcheck\sigcheck.exe
Signers:
Microsoft Corporation
Microsoft Code Signing PCA
Microsoft Root Authority
Signing date: 02:28 27.02.2010
Publisher: Sysinternals - www.sysinternals.com
Description: File version and signature viewer
Product: Sysinternals Sigcheck
Version: 1.66
File version: 1.66
D:\PEBuilder\zz_other_tools\sigcheck\mcscan32.dll:
Verified: Signed
Catalog: D:\PEBuilder\zz_other_tools\sigcheck\mcscan32.dll
Signers:
McAfee, Inc.
VeriSign Class 3 Code Signing 2004 CA
Class 3 Public Primary Certification Authority
Signing date: 16:32 29.07.2009
Publisher: McAfee, Inc.
Description: AV Scanning Engine
Product: McScan
Version: 5.4.00
File version: 5.4.00
fuwi
Sounds like i'm not the only one bummed about losing McAfee in BartPE.
I'm trying some of these Anti-Vir in the UBCD. Nice that there are a bunch there, but they all have to be updated before the build. UBCD is full of a bunch of stuff i don't need.
I'm tryng to slim it down but the anti-viri stuff in there all seems pretty weak comapred to how quickly and easily Sophos and McAfee worked in BartPE!!!
I'd love to get Cure-IT working again but the latest update for it is tryign to extract/expand before it launches. it doesn't do this in native windows when i click the .exe. So this must be some ram drive function that i need to figure out....
I'm trying some of these Anti-Vir in the UBCD. Nice that there are a bunch there, but they all have to be updated before the build. UBCD is full of a bunch of stuff i don't need.
I'm tryng to slim it down but the anti-viri stuff in there all seems pretty weak comapred to how quickly and easily Sophos and McAfee worked in BartPE!!!
I'd love to get Cure-IT working again but the latest update for it is tryign to extract/expand before it launches. it doesn't do this in native windows when i click the .exe. So this must be some ram drive function that i need to figure out....
QUOTE (skomp @ May 6 2010, 05:59 PM)
I'd love to get Cure-IT working again but the latest update for it is tryign to extract/expand before it launches.
I have noted it tries to extract only when setup.exe is a failed donwload.
QUOTE (oscar @ May 7 2010, 12:40 AM)
I have noted it tries to extract only when setup.exe is a failed donwload.
interesting. but not my same experience.
i just download the latest 2adh49c3.exe from the drweb site, it runs fine within XP
so i know the download/exe is good.
my plugin is pretty much that .exe and my curreit.inf (below)
when i click on the menu itemm then it tells me the installation files are crrupt and then it launches a WIRAR SELF extractor that tries to unzip it into the B:\RARSFX0 folder.
It decompresses a few files and then i get a'disk is full'
so is it that i'm runnign out of room on the RAM drive apparently as the program is trying to decompress itself there?
CODE
; PE Builder v3 plug-in INF file
; Created by oscar
; 05/april/2007
[Version]
Signature= "$Windows NT$"
[PEBuilder]
Name="CureIT"
Enable=1
[WinntDirectories]
a=Programs\cureit,2
[SourceDisksFiles]
2adh49c3.exe=a,2adh49c3.exe,1
;[Software.AddReg]
;0x2,"Sherpya\XPEinit\Desktop","FireFox","%SystemDrive%\Programs\Firefo;x\FirefoxPortable.exe"
;0x2,"Sherpya\XPEinit\Programs","FireFox","%SystemDrive%\Programs\Firef;ox\FirefoxPortable.exe"
[Append]
nu2menu.xml, cureit_nu2menu.xml
; Created by oscar
; 05/april/2007
[Version]
Signature= "$Windows NT$"
[PEBuilder]
Name="CureIT"
Enable=1
[WinntDirectories]
a=Programs\cureit,2
[SourceDisksFiles]
2adh49c3.exe=a,2adh49c3.exe,1
;[Software.AddReg]
;0x2,"Sherpya\XPEinit\Desktop","FireFox","%SystemDrive%\Programs\Firefo;x\FirefoxPortable.exe"
;0x2,"Sherpya\XPEinit\Programs","FireFox","%SystemDrive%\Programs\Firef;ox\FirefoxPortable.exe"
[Append]
nu2menu.xml, cureit_nu2menu.xml
And as I have noted it requires a 96MB RAMdrive, or larger. What size do you use? And what have you loaded to the RAMdrive before you try to run CureIt? While the size is important how much of it is free is the main thing.
My CureIt plugin's files:
CureIt.inf
CureIt_ne2Menu.xml
CureIt.cmd
CureIt.htm
My CureIt plugin's files:
CureIt.inf
CODE
; CureIt.inf by oscar 12/doc/2009
; PE Builder v3 plug-in INF file for CureIt
; Modified Ed_P April 09
[Version]
Signature= "$Windows NT$"
[PEBuilder]
Name="CureIt Antivirus"
Enable=1
Help="CureIt.htm"
Config="files\cureitupdater.cmd"
[WinntDirectories]
a="Programs\CureIt",2
[SourceDisksFiles]
files\setup.exe=a,,1
files\cureitget.exe=a,,1
files\*.cmd=a,,1
[Append]
nu2menu.xml, cureIt_nu2menu.xml
[Software.Addreg]
;0x2,"Sherpya\XPEinit\Programs","Malware\CureIt\Scan","%Systemdrive%\Programs\cureit\setup.exe"
;0x2,"Sherpya\XPEinit\Programs","Malware\CureIt\Update","%Systemdrive%\Programs\cureit\cureitget.exe"
; PE Builder v3 plug-in INF file for CureIt
; Modified Ed_P April 09
[Version]
Signature= "$Windows NT$"
[PEBuilder]
Name="CureIt Antivirus"
Enable=1
Help="CureIt.htm"
Config="files\cureitupdater.cmd"
[WinntDirectories]
a="Programs\CureIt",2
[SourceDisksFiles]
files\setup.exe=a,,1
files\cureitget.exe=a,,1
files\*.cmd=a,,1
[Append]
nu2menu.xml, cureIt_nu2menu.xml
[Software.Addreg]
;0x2,"Sherpya\XPEinit\Programs","Malware\CureIt\Scan","%Systemdrive%\Programs\cureit\setup.exe"
;0x2,"Sherpya\XPEinit\Programs","Malware\CureIt\Update","%Systemdrive%\Programs\cureit\cureitget.exe"
CureIt_ne2Menu.xml
CODE
<!-- Nu2Menu entry for CureIt -->
<NU2MENU>
<MENU ID="Antivirus">
<MITEM TYPE="POPUP" MENUID="CureIt">CureIt</MITEM>
</MENU>
<MENU ID="CureIt">
<MITEM TYPE="ITEM" DISABLED="@Not(@FileExists(@GetProgramDrive()\Programs\CureIt\cureitget.exe))" CMD="RUN" FUNC="@GetProgramDrive()\Programs\CureIt\cureitget.exe">CureIt Update (Dr. Web)</MITEM>
<MITEM TYPE="ITEM" DISABLED="@Not(@FileExists(@GetProgramDrive()\Programs\CureIt\setup.exe))" CMD="RUN" FUNC="@GetProgramDrive()\Programs\CureIt\CureIt.cmd">CureIt (Dr. Web) -needs 96MB RAMdrive-</MITEM>
</MENU>
</NU2MENU>
<NU2MENU>
<MENU ID="Antivirus">
<MITEM TYPE="POPUP" MENUID="CureIt">CureIt</MITEM>
</MENU>
<MENU ID="CureIt">
<MITEM TYPE="ITEM" DISABLED="@Not(@FileExists(@GetProgramDrive()\Programs\CureIt\cureitget.exe))" CMD="RUN" FUNC="@GetProgramDrive()\Programs\CureIt\cureitget.exe">CureIt Update (Dr. Web)</MITEM>
<MITEM TYPE="ITEM" DISABLED="@Not(@FileExists(@GetProgramDrive()\Programs\CureIt\setup.exe))" CMD="RUN" FUNC="@GetProgramDrive()\Programs\CureIt\CureIt.cmd">CureIt (Dr. Web) -needs 96MB RAMdrive-</MITEM>
</MENU>
</NU2MENU>
CureIt.cmd
CODE
@echo off&title CureIt Setup&COLOR 17
echo.
echo Setting up the RAMdrive
xcopy %systemdrive%\Programs\CureIt\*.exe %temp%\CureIt\ > nul
%temp%
cd CureIt
start /wait setup.exe
echo Clearing the RAMdrive
cd ..
rd CureIt /s /q
exit
echo.
echo Setting up the RAMdrive
xcopy %systemdrive%\Programs\CureIt\*.exe %temp%\CureIt\ > nul
%temp%
cd CureIt
start /wait setup.exe
echo Clearing the RAMdrive
cd ..
rd CureIt /s /q
exit
CureIt.htm
CODE
<html>
<head></head>
<title>Dr.Web CureIt! plugin by oscar -</title>
<body>
<i>PE Builder v3 plugin</i>
<hr>
<h1>FREE Dr.Web CureIt! </h1>
This is a FREE anti-virus and anti-spyware scanner based on the Dr.Web engine
which will help you quickly scan and cure, if necessary, a computer operated by
MS Windows 95OSR2/ 98/Me/NT 4.0/2000/XP without installation of the Dr.Web
Anti-virus.<br>
<br>
<br>
<br>
<p>How to update Dr.Web CureIt!<br><br>
The plugin does include the CureitGet.exe automatic
updating utility.
Nevertheless, you should download the newest Dr.Web CureIt! package before you build a new iso running <b>cureitupdater.exe</b>
from the plugin folder.<br>
<br>
Dr.Web CureIt! automatically detects the language of the OS which is installed
to and sets the scanner interface accordingly (if the local language is not
supported, English is enabled). .<br>
<br>
<br>
</p>
<hr>
<i>PE Builder
Copyright (c) 2002-2006 Bart Lagerweij. All rights reserved.</i><br>
</body>
</html>
<head></head>
<title>Dr.Web CureIt! plugin by oscar -</title>
<body>
<i>PE Builder v3 plugin</i>
<hr>
<h1>FREE Dr.Web CureIt! </h1>
This is a FREE anti-virus and anti-spyware scanner based on the Dr.Web engine
which will help you quickly scan and cure, if necessary, a computer operated by
MS Windows 95OSR2/ 98/Me/NT 4.0/2000/XP without installation of the Dr.Web
Anti-virus.<br>
<br>
<br>
<br>
<p>How to update Dr.Web CureIt!<br><br>
The plugin does include the CureitGet.exe automatic
updating utility.
Nevertheless, you should download the newest Dr.Web CureIt! package before you build a new iso running <b>cureitupdater.exe</b>
from the plugin folder.<br>
<br>
Dr.Web CureIt! automatically detects the language of the OS which is installed
to and sets the scanner interface accordingly (if the local language is not
supported, English is enabled). .<br>
<br>
<br>
</p>
<hr>
<i>PE Builder
Copyright (c) 2002-2006 Bart Lagerweij. All rights reserved.</i><br>
</body>
</html>
Hi
I got the McAfee command line scanner V6 running using the scan GUI mentioned above
http://www.paehl.de/news/?p=247
Only two minor problems:-
Norton Anti Virus thinks it is malware & quarantines it
and I can only get it to do one scan (drive or folder), then I have to exit the GUI & restart for the next scan
The delay while waiting for the scan to start is not too long
It is assumed that a HTML browser (such as Firefox, Opera, IE, Off by one ...) has been set up to display the HTM format log file
It needs about 75 meg free in ramdrive
regards
Mike Barnes
I got the McAfee command line scanner V6 running using the scan GUI mentioned above
http://www.paehl.de/news/?p=247
Only two minor problems:-
Norton Anti Virus thinks it is malware & quarantines it
and I can only get it to do one scan (drive or folder), then I have to exit the GUI & restart for the next scan
The delay while waiting for the scan to start is not too long
It is assumed that a HTML browser (such as Firefox, Opera, IE, Off by one ...) has been set up to display the HTM format log file
It needs about 75 meg free in ramdrive
regards
Mike Barnes
QUOTE (Ed_P @ May 7 2010, 07:32 PM)
And as I have noted it requires a 96MB RAMdrive, or larger. What size do you use?
Thanks Ed, that was the problem - my RAM drive was at 32.
I was using an old ramdisk.inf that should have been updated!!!
cureit works like a charm now!
still would love to have McAfee workign again.........
Excellent news. 
Thanks for the update.
In the future you may want to consider replacing the default RAM drive plugin with something more extensive, like the ImDisk based one. The Trend Micro SysClean AV plugin for example needs a 128MB RAM drive on my system. My default RAM drive size is 64MB but ImDisk supports changing it's size on the fly so I can accommodate apps like CureIt and SysClean.
Thanks for the update.In the future you may want to consider replacing the default RAM drive plugin with something more extensive, like the ImDisk based one. The Trend Micro SysClean AV plugin for example needs a 128MB RAM drive on my system. My default RAM drive size is 64MB but ImDisk supports changing it's size on the fly so I can accommodate apps like CureIt and SysClean.
QUOTE (fuwi @ May 6 2010, 09:30 AM)
@Malice
During this long delay scan.exe is building the runtime.dat file (about 60MB).
About the message mcscan32.dll has failed its integrity check: McAfee writes in KB66765
...
The 5400 AV-Engine is digitally signed by a Verisign certificate. The Command Line Scanner for Windows (scan.exe) performs a certificate check on the Engine when it runs.
...
I think, in BartPE it's not possible to make this certificate check. If you verify the properties of a digitally signed file like mscan32.dll (right-click the file and select properties)
you cannot view the signature because the tab 'Digital Signature' is not present.
In KB66763 McAfee writes
...
As of the 5400 release, the Windows engine is digitally signed with a public key certificate issued by VeriSign Inc. This change allows point products to verify the engine DLL origin and integrity using standard Win32 API calls.
...
It seems that this Win32 API doesn't exist/work in BartPE.
It would be nice if someone could make this API working!
fuwi
During this long delay scan.exe is building the runtime.dat file (about 60MB).
About the message mcscan32.dll has failed its integrity check: McAfee writes in KB66765
...
The 5400 AV-Engine is digitally signed by a Verisign certificate. The Command Line Scanner for Windows (scan.exe) performs a certificate check on the Engine when it runs.
...
I think, in BartPE it's not possible to make this certificate check. If you verify the properties of a digitally signed file like mscan32.dll (right-click the file and select properties)
you cannot view the signature because the tab 'Digital Signature' is not present.
In KB66763 McAfee writes
...
As of the 5400 release, the Windows engine is digitally signed with a public key certificate issued by VeriSign Inc. This change allows point products to verify the engine DLL origin and integrity using standard Win32 API calls.
...
It seems that this Win32 API doesn't exist/work in BartPE.
It would be nice if someone could make this API working!
fuwi
Adding /NC to the commandline of scan.exe disables the certificate check on the engine, see https://kc.mcafee.com/corporate/index?page=...&id=kb68314
I've tested this in BartPE, works, no more "mcscan32.dll has failed its integrity check" message!
fuwi
QUOTE
skomp said:
"now i'm left with just Sophos as a easy to update viri scanner."
"now i'm left with just Sophos as a easy to update viri scanner."
I find that the Sophos scanner is very good with the proper switches of course. In my tests, it is superior to the McAfee scanner in detection and removal. Although I will add that the "Artemis" cloud function is not available in the portable scanner.
QUOTE (fuwi @ Jun 15 2010, 11:38 AM)
Adding /NC to the commandline of scan.exe disables the certificate check on the engine, see https://kc.mcafee.com/corporate/index?page=...&id=kb68314
I've tested this in BartPE, works, no more "mcscan32.dll has failed its integrity check" message!
fuwi
I've tested this in BartPE, works, no more "mcscan32.dll has failed its integrity check" message!
fuwi
great news. how did you go about adding that /NC to the GUI interface in bart?
or are you just using this command line?
i tried putting that /NC option in the MISC box in the bart GUI and no luck.
would love to get McASfee running again in Bart PE.....
Hi skomp
you have to give up using the old BartPE plugin scangui.exe
The latest version (1.3) of the new GUI dp_virusscan at http://www.paehl.de/news/?p=247 includes the /NC in a tick box so it is added by default
regards
Mike Barnes
you have to give up using the old BartPE plugin scangui.exe
The latest version (1.3) of the new GUI dp_virusscan at http://www.paehl.de/news/?p=247 includes the /NC in a tick box so it is added by default
regards
Mike Barnes
QUOTE (skomp @ Jul 12 2010, 06:28 PM)
great news. how did you go about adding that /NC to the GUI interface in bart?
or are you just using this command line?
i tried putting that /NC option in the MISC box in the bart GUI and no luck.
or are you just using this command line?
i tried putting that /NC option in the MISC box in the bart GUI and no luck.
Try using a hex editor:
First upx.exe -d scangui.exe
Then Hexedit scangui.exe, find and replace scan.exe scan /NC
thanks guys, i'll try a couple of these suggestions and see if i can get it going again.
perhaps i can make a plug-in if i'm sucessful.
always nice to have more, i don't like to rely on a single scanner.
noticed that Paehl has DRWEBB on that site, this is a great one to have in the arsenal.
perhaps i can make a plug-in if i'm sucessful.
always nice to have more, i don't like to rely on a single scanner.
noticed that Paehl has DRWEBB on that site, this is a great one to have in the arsenal.
As far as I have managed to precise the search for the
famous now command line scanner scan.exe ,
it's newest version is inside the vscl-w32-6.0.1-l.zip file .
The full marketing name of the newest version of the scanner is :
Mc Afee VirusScan Command Line Scanner 6.0.1 .
Does anybody know if it can be bought seperately , i.e.
without buying the whole McAfee AV ?
I want to use it only as a Bart's PE plugin .
famous now command line scanner scan.exe ,
it's newest version is inside the vscl-w32-6.0.1-l.zip file .
The full marketing name of the newest version of the scanner is :
Mc Afee VirusScan Command Line Scanner 6.0.1 .
Does anybody know if it can be bought seperately , i.e.
without buying the whole McAfee AV ?
I want to use it only as a Bart's PE plugin .
Hi M_E_G
If you register with McAfee you can download a time limited trial version to see if it is worth purchasing.
I have not had any marketing e-mails from them yet
regards
Mike Barnes
If you register with McAfee you can download a time limited trial version to see if it is worth purchasing.
I have not had any marketing e-mails from them yet
regards
Mike Barnes
New McAfee VirusScan Plugin for those who have have a licensed copy of the VirusScan® Command Line for Windows from McAfee
(version 6.0.1, Version 6.0.3 or newer)
http://www.911cd.net/forums//index.php?showtopic=23999
fuwi
(version 6.0.1, Version 6.0.3 or newer)
http://www.911cd.net/forums//index.php?showtopic=23999
fuwi
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.