Difference between revisions of "File"

From SpybotWiki
Jump to: navigation, search
Line 1: Line 1:
''File'' is the regular command to detect any files on your system.
+
{{SbiCmdInfo
 +
|SYNTAX = File
 +
|PENAME = SpybotSD.exe
 +
|PEVERSION = 1.3
 +
|GROUP = Files
 +
|MINUPDATE = n/a
 +
|ADVFILEPARAMS = yes (third)
 +
|ADVREGPARAMS = no
 +
|ADVBUILDPARAMS = yes (third)
 +
|ADVSPECIALPARAMS = no
 +
}}''File'' is the regular command to detect any files on your system.
  
 
==Usage==
 
==Usage==

Revision as of 13:05, 22 February 2008

File
Group Files
Main Application Version 1.3
Required Update n/a
File Parameters yes (third)
Registry Parameters no
Build Parameters yes (third)
Special Parameters no

File is the regular command to detect any files on your system.

Usage

File:<description>,<filename>[,advanced file parameters]

Examples

File:"<$FILE_DATA>","<$WINDIR>\Malware.txt","filesize=182,md5=83C36C493D7A254F9DE2ED63B3F92548"
File:"<$FILE_DATA>","<wc>C:\Temp\Malware.*","filesize>=180,md5=83C36C493D7A254F9DE2ED63B3F92548"
File:"<$FILE_DATA>","<regexpr>C:\Temp\Mal[a-z]{4}.*","filesize<=190,md5=83C36C493D7A254F9DE2ED63B3F92548"

Description

This command defines where to look for files. It accepts three parameters:

  1. The first parameter is a simple description, used for the GUI to display to the user only. Instead of using plain text, it is recommended to use description templates, which are displayed in a localized version by the scanner GUI.
  2. The second parameter defines the file name and path. In the standard form, it supports wildcards and path templates, but you can also use Algo-Prefixes to vary the filename matching algorithm, e.g. to use regular expressions. Please note that any pattern apply to the file name only! The file path cannot be varied, but if you specify advanced parameters, the On-Access scanner will simply ignore the path. AP PT
  3. The third parameter allows you to define more criteria to look for in a file, since the file name itself is rarely unique (just think about all those misleading malware files that attempt to use standard Windows filenames). There is a huge range of advanced file parameters, with different costs, some cached, some not. Using less costly parameters like filesize first is quite recommended to filter the amount of files that are left for the later parameters.

If you are dealing with Rootkits, you also need to take a look at NTFile, a brother of this command that uses deeper rooted functions to locate a file and is able to detect files hidden to the standard Win32 API.

Scan Results

  • The file identified by the parameters.

See also

Similar commands