StripADS: Difference between revisions
Jump to navigation
Jump to search
No edit summary |
(→Usage: added var types) |
||
| (5 intermediate revisions by the same user not shown) | |||
| Line 1: | Line 1: | ||
Scans for an ADS attached to an existing file. | {{SbiCmdInfo | ||
|SYNTAX = StripADS | |||
|PENAME = SpybotSD.exe | |||
|PEVERSION = 1.4 or later | |||
|GROUP = Files | |||
|MINUPDATE = n/a | |||
|ADVFILEPARAMS = yes (fourth) | |||
|ADVREGPARAMS = no | |||
|ADVBUILDPARAMS = yes (fourth) | |||
|ADVSPECIALPARAMS = no | |||
}}Scans for an ADS attached to an existing file. | |||
==Usage== | ==Usage== | ||
StripADS: | StripADS:<description(string)>,<filename(string)>,<adsname(string)>[,advanced file parameters[,advanced file parameters for ads stream]] | ||
===Examples=== | ===Examples=== | ||
StripADS:"<$FILE_EXE>","<$WINDIR>\*.exe",": | StripADS:"<$FILE_EXE>","<$WINDIR>\*.exe",":malware:$DATA","","filesize=29383,md5=1234567890ABCDEFFEDCBA0987654321" | ||
This faked example would detect an alternative data stream attached to any ''.exe'' file in the Windows folder that has a size of 197352 bytes and the specified MD5 hash. | This faked example would detect an alternative data stream named ''malware'' attached to any ''.exe'' file in the Windows folder that has a size of 197352 bytes and the specified MD5 hash. | ||
===Description=== | ===Description=== | ||
| Line 28: | Line 38: | ||
===Similar commands=== | ===Similar commands=== | ||
* [[File]] | |||
* [[NTFile]] | |||
[[Category:SBI Commands]] | [[Category:SBI Commands]] | ||
Latest revision as of 16:40, 22 February 2008
| StripADS | |
| Group | Files |
| Main Application | Version 1.4 or later |
| Required Update | n/a |
| File Parameters | yes (fourth) |
| Registry Parameters | no |
| Build Parameters | yes (fourth) |
| Special Parameters | no |
Scans for an ADS attached to an existing file.
Usage
StripADS:<description(string)>,<filename(string)>,<adsname(string)>[,advanced file parameters[,advanced file parameters for ads stream]]
Examples
StripADS:"<$FILE_EXE>","<$WINDIR>\*.exe",":malware:$DATA","","filesize=29383,md5=1234567890ABCDEFFEDCBA0987654321"
This faked example would detect an alternative data stream named malware attached to any .exe file in the Windows folder that has a size of 197352 bytes and the specified MD5 hash.
Description
This command can be used to remove ADS streams from files.
- It starts, as usual, with a description parameter. Description templates are welcomed here for a localized end user experience. Wildcards, or after version 1.5.2 generic Algo-Prefixes, are allowed here. AP
- Specify the name and path of the file that has the ADS attached. Use path templates if possible. Wildcards, or after version 1.5.2 generic Algo-Prefixes, are allowed here. AP PT
- Specify the name of the attached ADS. PT
- Use advanced file parameters to clearly identify the file.
- Use advanced file parameters to clearly identify the attached stream.
Scan Results
- The ADS file.