Page 1 of 1

kaspersky, FProt, Clam and Sophos

Posted: 2008-06-25 18:29
by vampcat
I thought i'd create an anti virus overkill script that perhaps may be useful for someone to use or edit for their own needs.... i'm sure it could do with improving. Let me know what you think. Enjoy!

Code: Select all

@echo off
title Mail Anti Virus Scanner - v1.0

rem ******************************************************
rem Script: 		Multi AV Command Line Scanner
rem			Script for hMail	
rem Creation Date:	09-05-2008
rem Last Modified:	25-06-2008
rem Author:		David White
rem Email:		david.white@gspkcircuits.ltd.uk
rem ******************************************************
rem Description:	Batch file called by hMail to
rem			invoke the Kaspersky, Sophos
rem			FPROT, ClamAV command line scanner
rem ******************************************************
rem This batch file requires the following to be installed
rem 	=> Kaspersky AntiVirus for workstations
rem 	=> Sophos SAV32CLI.EXE
rem 	=> Clam AV
rem 	=> FProt
rem It also requires the following directories
rem 	=> c:\tmp directory
rem 	=> c:\quarantine
rem ******************************************************
rem It is designed to work with hMail MailServer but can
rem also run from the command line with a file path/name 
rem as an argument.
rem The scanners included do NOT delete/disinfect the file
rem they only report with the use of error codes.
rem The batch file does make a copy of the file and places
rem it in the quarantine folder.
rem Resonsibility for disposing of any infected file is
rem of hMail or the user.
rem
rem I would of written this in .vbs but I don't know .vbs! 
rem ******************************************************
rem %1 is the file to scan
rem ******************************************************
rem Notes:
rem 	Kaspersky
rem		Should return a value of 102 if infected 
rem		file found and pass this to hMail
rem Return Codes:	  0 = Operation Successful
rem			  1 = Invalid Setting Value
rem			  2 = Unknown error
rem			  3 = Task Completion error
rem			  4 = Task cancelled
rem			101 = All dangerous processed
rem			102 = Dangerous object detected
rem ******************************************************
rem	Clam
rem 		Should return a value of 1 if infected
rem		found and 0 if clean
rem Return Codes:	  0 = File okay
rem			  1 = File infected
rem ******************************************************
rem 	Fprot
rem		Should return a value of 1 if infected
rem		found and 0 if clean
rem Return Codes:	  0 = File okay
rem			  1 = File infected
rem ******************************************************
rem 	Sophos
rem		Should return a 3 if virus is found
rem Return Codes:	  0 = clean
rem			  1 = interruption
rem			  2 = error
rem			  3 = virus found		
rem *****************************************************

rem *****************************************************
rem Create some variables for logging to a new report
rem directory/file each day.
rem *****************************************************

SET CURRDATE=CURRDATE.TMP

DATE /T > %CURRDATE%

SET  PARSEARG="eol=; tokens=1,2,3,4* delims=/, "

FOR /F %PARSEARG% %%i in (%CURRDATE%) Do SET dmy=%%i%%j%%%k

rem ******************************************************
rem Lets set some scanner options
rem If adding/changing options, it can be done here 
rem ******************************************************

set virus=0
rem ******************************************************
rem The following should be the paths to each of the 
rem used scanners
rem ******************************************************
rem ******************************************************
rem set KAVScanner Options
rem ******************************************************
set KAVScanner="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\avp.com"

rem ******************************************************
rem set CLAMScanner Options
rem ******************************************************
set CLAMScanner="C:\Program Files\ClamWin\bin\clamscan.exe" 

rem ******************************************************
rem set FPROTScanner Options
rem ******************************************************
set FPROTScanner="C:\Program Files\Frisk Software\F-PROT Antivirus for Windows\fpscan.exe"

rem ******************************************************
rem set SOPHOSScanner Options
rem ******************************************************
set SOPHOSScanner="C:\SAV32CLI\SAV32CLI.EXE" 

rem ******************************************************

rem ******************************************************
rem If a log directory for today does not exist, create it
rem ******************************************************

if not exist %dmy%\nul (
	GOTO :makeFolder
) ELSE (
	GOTO :KAVScan
)


rem ******************************************************
rem make a new directory containing the days logs
rem ******************************************************

:makeFolder
MD %dmy%
echo ****************************************************** >> %dmy%\log.txt
echo hMail - AntiVirus log file >> %dmY%\log.txt
echo ****************************************************** >> %dmy%\log.txt
echo Log File created at %time% %date% >> %dmy%\log.txt
echo ****************************************************** >> %dmy%\log.txt
GOTO :KAVScan

rem ******************************************************
rem This procedure kicks off the scanning.
rem -> :KAVScan
rem -> :CLAMScan
rem -> :FPROTScan
rem -> :SOPHOSScan
rem It runs through each of the scanners and sets a 
rem varible to 1 if a virus is found - else it leaves the 
rem variable set to 0
rem ******************************************************
rem ******************************************************
rem Scan file, reporting, maximum size 15mB
rem ******************************************************

:KAVScan
%KAVScanner% SCAN %1 /i0 -es:15

echo  Kaspersky %errorlevel%

if %errorlevel% == 102 GOTO KAVerr102
if %errorlevel% == 1 GOTO KAVerr1
if %errorlevel% == 2 GOTO KAVerr2
if %errorlevel% == 3 GOTO KAVerr3
if %errorlevel% == 4 GOTO KAVerr4
if %errorlevel% == 0 GOTO KAVerr0

rem ******************************************************
rem Kaspersky Error Codes and actions 
rem set KAVRes = 1 if virus found
rem then proceed to :CLAMScan
rem ******************************************************

:KAVerr102
echo KASPER %date% %time% - Scanning file %1 found a suspicious object!!! >> %dmy%\log.txt
set KAVres=1
GOTO CLAMScan

:KAVerr0
echo KASPER %date% %time% - Scanning file %1 completed successfully - no virus found >> %dmy%\log.txt
set KAVres=0
GOTO CLAMScan

:KAVerr1
echo KASPER %date% %time% - Scanning file %1 failed due to an invalid setting >> %dmy%\log.txt
set KAVres=0
GOTO CLAMScan

:KAVerr2
echo KASPER %date% %time% - Scanning file %1 failed due to an unknown error >> %dmy%\log.txt
set KAVres=0
GOTO CLAMScan

:KAVerr4
echo KASPER %date% %time% - Scanning file %1 was cancelled >> %dmy%\log.txt
set KAVres=0
GOTO CLAMScan

:KAVerr101
echo KASPER %date% %time% - Scanning file %1 failed due to an unknown error >> %dmy%\log.txt
set KAVres=0
GOTO CLAMScan

:CLAMScan
%CLAMScanner% --database="C:\Documents and Settings\All Users\.clamwin\db" --detect-pua --unzip="c:\Program Files\WinRar.exe" --quiet  --tempdir="C:\tmp" %1

echo  Clam %errorlevel%

rem ******************************************************
rem ClamAV Error Codes and actions 
rem set CLAMRes = 1 if virus found
rem then proceed to :FPOTScan
rem ******************************************************

if %errorlevel% == 1 GOTO clamErr1
if %errorlevel% == 0 GOTO clamErr0
if %errorlevel% == 56 GOTO clamErr56

:clamErr0
echo CLAM %date% %time% - Scanning file %1 completed successfully - no virus found >> %dmy%\log.txt
set clamres=0
GOTO FPROTScan

:clamErr1
echo CLAM %date% %time% - Scanning file %1 found a suspicious object!!! >> %dmy%\log.txt
set clamres=1
GOTO FPROTScan

:clamerr56
echo CLAM %date% %time% - Scanning file %1 resulted in an error >> %dmy%\log.txt
set clamres=0
GOTO FPROTScan


:FPROTScan
%FPROTScanner%  /heurlevel=3 /adware -v 0 %1
rem ******************************************************
rem FPROT Error Codes and actions 
rem set FPROTRes = 1 if virus found
rem then proceed to :END
rem ******************************************************

echo FPROT %errorlevel%

if %errorlevel% == 0 GOTO FPROTerr0
if %errorlevel% == 1 GOTO FPROTerr1
if %errorlevel% == 16 GOTO FPROTerr16

:FPROTerr0
echo FPROT %date% %time% - Scanning file %1 completed successfully - no virus found >> %dmy%\log.txt
set FPROTRes=0
GOTO SOPHOSScan

:FPROTerr1
echo FPROT %date% %time% - Scanning file %1 found a suspicious object!!! >> %dmy%\log.txt
set FPROTRes=1
GOTO SOPHOSScan

:FPROTerr16
echo FPROT %date% %time% - Scanning file %1 resulted in an error >> %dmy%\log.txt
set FPROTRes=0
GOTO SOPHOSScan

:SOPHOSScan
%SOPHOSScanner% -archive -b -ss -sc %1
rem ******************************************************
rem SOPHOS Error Codes and actions 
rem set SOPHOSRes = 1 if virus found (return code 3)
rem then proceed to :END
rem ******************************************************

echo SOPHOS %errorlevel%

if %errorlevel% == 0 GOTO SOPHOSerr0
if %errorlevel% == 1 GOTO SOPHOSerr1
if %errorlevel% == 2 GOTO SOPHOSerr2
if %errorlevel% == 3 GOTO SOPHOSerr3

:SOPHOSerr0
echo SOPHOS %date% %time% - Scanning file %1 completed successfully - no virus found >> %dmy%\log.txt
set SOPHOSRes=0
GOTO END

:SOPHOSerr1
echo SOPHOS %date% %time% - Scanning file %1 was interrupted >> %dmy%\log.txt
set SOPHOSRes=0
GOTO END

:SOPHOSerr2
echo SOPHOS %date% %time% - Scanning file %1 failed due to an unknown error >> %dmy%\log.txt
set SOPHOSRes=0
GOTO END

:SOPHOSerr3
echo SOPHOS %date% %time% - Scanning file %1 found a suspicious object!!! >> %dmy%\log.txt
set SOPHOSRes=1
GOTO END


:END
rem ******************************************************
rem Here we collate the results of all the scans
rem and then return control of the file back to hMail.
rem If %virus = 1 then we first copy the file to a 
rem quarantine folder for later inspection. We tell
rem hMail it is infected where it will then do its 
rem own processing and delete the file
rem ******************************************************

echo Completed Scan at %time% on %date% >> %dmy%\log.txt
if %KAVRes% == 1 (
	set virus=1
)
if %CLAMRes% == 1 (
	set virus=1			
)
if %FPROTRes% == 1 (
	set virus=1
)
if %SOPHOSRes% == 1 (
	set virus=1
)

if %virus% == 1 (
	copy /Y %1 c:\quarantine\
	echo !****** The file was found to be infected *****!>> %dmy%\log.txt
	echo File copied to quarantine folder for later inspection >> %dmy%\log.txt
	set virus=0
	GOTO virusfound
) ELSE (
	echo $$$ Dude! That file is totally radical! $$$ >> %dmy%\log.txt
	set virus=0
	GOTO novirusfound
)

:virusfound
echo ----------------------------------------------------------- >> %dmy%\log.txt 
exit /B 1

:novirusfound
echo ----------------------------------------------------------- >> %dmy%\log.txt
exit /B 0

rem ******************************************************
rem ********************************************** END :-)