Difference between revisions of "StripADS"
(→Usage: added var types) |
|||
(7 intermediate revisions by the same user not shown) | |||
Line 1: | Line 1: | ||
− | Scans for an ADS attached to an existing file. | + | {{SbiCmdInfo |
+ | |SYNTAX = StripADS | ||
+ | |PENAME = SpybotSD.exe | ||
+ | |PEVERSION = 1.4 or later | ||
+ | |GROUP = Files | ||
+ | |MINUPDATE = n/a | ||
+ | |ADVFILEPARAMS = yes (fourth) | ||
+ | |ADVREGPARAMS = no | ||
+ | |ADVBUILDPARAMS = yes (fourth) | ||
+ | |ADVSPECIALPARAMS = no | ||
+ | }}Scans for an ADS attached to an existing file. | ||
==Usage== | ==Usage== | ||
− | StripADS: | + | StripADS:<description(string)>,<filename(string)>,<adsname(string)>[,advanced file parameters[,advanced file parameters for ads stream]] |
===Examples=== | ===Examples=== | ||
− | + | StripADS:"<$FILE_EXE>","<$WINDIR>\*.exe",":malware:$DATA","","filesize=29383,md5=1234567890ABCDEFFEDCBA0987654321" | |
+ | |||
+ | This faked example would detect an alternative data stream named ''malware'' attached to any ''.exe'' file in the Windows folder that has a size of 197352 bytes and the specified MD5 hash. | ||
===Description=== | ===Description=== | ||
This command can be used to remove ADS streams from files. | This command can be used to remove ADS streams from files. | ||
− | # It starts, as usual, with a description parameter. [[Description templates]] are welcomed here for a localized end user experience. | + | # It starts, as usual, with a description parameter. [[Description templates]] are welcomed here for a localized end user experience. Wildcards, or after version 1.5.2 generic [[AlgoPrefix|Algo-Prefixes]], are allowed here. {{AlgoPrefix}} |
− | # Specify the name and path of the file that has the ADS attached. Use [[Path templates|path templates]] if possible. | + | # Specify the name and path of the file that has the ADS attached. Use [[Path templates|path templates]] if possible. Wildcards, or after version 1.5.2 generic [[AlgoPrefix|Algo-Prefixes]], are allowed here. {{AlgoPrefix}} {{PathTemplates}} |
− | # Specify the name of the attached ADS. | + | # Specify the name of the attached ADS. {{PathTemplates}} |
# Use [[Advanced file parameters|advanced file parameters]] to clearly identify the file. | # Use [[Advanced file parameters|advanced file parameters]] to clearly identify the file. | ||
# Use [[Advanced file parameters|advanced file parameters]] to clearly identify the attached stream. | # Use [[Advanced file parameters|advanced file parameters]] to clearly identify the attached stream. | ||
+ | |||
+ | ===Scan Results=== | ||
+ | * The ADS ''file''. | ||
==See also== | ==See also== | ||
* [[Advanced file parameters]] | * [[Advanced file parameters]] | ||
+ | * [[AlgoPrefix]] | ||
* [[Description templates]] | * [[Description templates]] | ||
* [[Path templates]] | * [[Path templates]] | ||
===Similar commands=== | ===Similar commands=== | ||
+ | * [[File]] | ||
+ | * [[NTFile]] | ||
[[Category:SBI Commands]] | [[Category:SBI Commands]] | ||
− |
Latest revision as of 16:40, 22 February 2008
StripADS | |
Group | Files |
Main Application | Version 1.4 or later |
Required Update | n/a |
File Parameters | yes (fourth) |
Registry Parameters | no |
Build Parameters | yes (fourth) |
Special Parameters | no |
Scans for an ADS attached to an existing file.
Usage
StripADS:<description(string)>,<filename(string)>,<adsname(string)>[,advanced file parameters[,advanced file parameters for ads stream]]
Examples
StripADS:"<$FILE_EXE>","<$WINDIR>\*.exe",":malware:$DATA","","filesize=29383,md5=1234567890ABCDEFFEDCBA0987654321"
This faked example would detect an alternative data stream named malware attached to any .exe file in the Windows folder that has a size of 197352 bytes and the specified MD5 hash.
Description
This command can be used to remove ADS streams from files.
- It starts, as usual, with a description parameter. Description templates are welcomed here for a localized end user experience. Wildcards, or after version 1.5.2 generic Algo-Prefixes, are allowed here. AP
- Specify the name and path of the file that has the ADS attached. Use path templates if possible. Wildcards, or after version 1.5.2 generic Algo-Prefixes, are allowed here. AP PT
- Specify the name of the attached ADS. PT
- Use advanced file parameters to clearly identify the file.
- Use advanced file parameters to clearly identify the attached stream.
Scan Results
- The ADS file.