Difference between revisions of "StripADS"
(→Examples) |
|||
Line 5: | Line 5: | ||
===Examples=== | ===Examples=== | ||
− | StripADS:"<$FILE_EXE>","<$WINDIR>\*.exe",": | + | StripADS:"<$FILE_EXE>","<$WINDIR>\*.exe",":malware:$DATA","","filesize=197352,md5=23812A64B891E8230F8283D51044886C" |
− | This faked example would detect an alternative data stream attached to any ''.exe'' file in the Windows folder that has a size of 197352 bytes and the specified MD5 hash. | + | This faked example would detect an alternative data stream named ''malware'' attached to any ''.exe'' file in the Windows folder that has a size of 197352 bytes and the specified MD5 hash. |
===Description=== | ===Description=== |
Revision as of 13:09, 18 February 2008
Scans for an ADS attached to an existing file.
Usage
StripADS:[description],[path & filename],[ads name],<advanced file parameters>,<advanced file parameters for ads stream>
Examples
StripADS:"<$FILE_EXE>","<$WINDIR>\*.exe",":malware:$DATA","","filesize=197352,md5=23812A64B891E8230F8283D51044886C"
This faked example would detect an alternative data stream named malware attached to any .exe file in the Windows folder that has a size of 197352 bytes and the specified MD5 hash.
Description
This command can be used to remove ADS streams from files.
- It starts, as usual, with a description parameter. Description templates are welcomed here for a localized end user experience. Wildcards, or after version 1.5.2 generic Algo-Prefixes, are allowed here. AP
- Specify the name and path of the file that has the ADS attached. Use path templates if possible. Wildcards, or after version 1.5.2 generic Algo-Prefixes, are allowed here. AP PT
- Specify the name of the attached ADS. PT
- Use advanced file parameters to clearly identify the file.
- Use advanced file parameters to clearly identify the attached stream.
Scan Results
- The ADS file.