Difference between revisions of "StripADS"

From SpybotWiki
Jump to: navigation, search
(Description)
(Usage: added var types)
 
(6 intermediate revisions by the same user not shown)
Line 1: Line 1:
Scans for an ADS attached to an existing file.
+
{{SbiCmdInfo
 +
|SYNTAX = StripADS
 +
|PENAME = SpybotSD.exe
 +
|PEVERSION = 1.4 or later
 +
|GROUP = Files
 +
|MINUPDATE = n/a
 +
|ADVFILEPARAMS = yes (fourth)
 +
|ADVREGPARAMS = no
 +
|ADVBUILDPARAMS = yes (fourth)
 +
|ADVSPECIALPARAMS = no
 +
}}Scans for an ADS attached to an existing file.
  
 
==Usage==
 
==Usage==
  StripADS:[description],[path & filename],[ads name],<advanced file parameters>,<advanced file parameters for ads stream>
+
  StripADS:<description(string)>,<filename(string)>,<adsname(string)>[,advanced file parameters[,advanced file parameters for ads stream]]
  
 
===Examples===
 
===Examples===
   
+
  StripADS:"<$FILE_EXE>","<$WINDIR>\*.exe",":malware:$DATA","","filesize=29383,md5=1234567890ABCDEFFEDCBA0987654321"
 +
 
 +
This faked example would detect an alternative data stream named ''malware'' attached to any ''.exe'' file in the Windows folder that has a size of 197352 bytes and the specified MD5 hash.
  
 
===Description===
 
===Description===
 
This command can be used to remove ADS streams from files.
 
This command can be used to remove ADS streams from files.
  
# It starts, as usual, with a description parameter. [[Description templates]] are welcomed here for a localized end user experience.
+
# It starts, as usual, with a description parameter. [[Description templates]] are welcomed here for a localized end user experience. Wildcards, or after version 1.5.2 generic [[AlgoPrefix|Algo-Prefixes]], are allowed here. {{AlgoPrefix}}
# Specify the name and path of the file that has the ADS attached. Use [[Path templates|path templates]] if possible. {{PathTemplates}}
+
# Specify the name and path of the file that has the ADS attached. Use [[Path templates|path templates]] if possible. Wildcards, or after version 1.5.2 generic [[AlgoPrefix|Algo-Prefixes]], are allowed here. {{AlgoPrefix}} {{PathTemplates}}
 
# Specify the name of the attached ADS. {{PathTemplates}}
 
# Specify the name of the attached ADS. {{PathTemplates}}
 
# Use [[Advanced file parameters|advanced file parameters]] to clearly identify the file.
 
# Use [[Advanced file parameters|advanced file parameters]] to clearly identify the file.
 
# Use [[Advanced file parameters|advanced file parameters]] to clearly identify the attached stream.
 
# Use [[Advanced file parameters|advanced file parameters]] to clearly identify the attached stream.
 +
 +
===Scan Results===
 +
* The ADS ''file''.
  
 
==See also==
 
==See also==
 
* [[Advanced file parameters]]
 
* [[Advanced file parameters]]
 +
* [[AlgoPrefix]]
 
* [[Description templates]]
 
* [[Description templates]]
 
* [[Path templates]]
 
* [[Path templates]]
  
 
===Similar commands===
 
===Similar commands===
 +
* [[File]]
 +
* [[NTFile]]
  
 
[[Category:SBI Commands]]
 
[[Category:SBI Commands]]
[[Category:SBI Commands (current)]]
 

Latest revision as of 16:40, 22 February 2008

StripADS
Group Files
Main Application Version 1.4 or later
Required Update n/a
File Parameters yes (fourth)
Registry Parameters no
Build Parameters yes (fourth)
Special Parameters no

Scans for an ADS attached to an existing file.

Usage

StripADS:<description(string)>,<filename(string)>,<adsname(string)>[,advanced file parameters[,advanced file parameters for ads stream]]

Examples

StripADS:"<$FILE_EXE>","<$WINDIR>\*.exe",":malware:$DATA","","filesize=29383,md5=1234567890ABCDEFFEDCBA0987654321"

This faked example would detect an alternative data stream named malware attached to any .exe file in the Windows folder that has a size of 197352 bytes and the specified MD5 hash.

Description

This command can be used to remove ADS streams from files.

  1. It starts, as usual, with a description parameter. Description templates are welcomed here for a localized end user experience. Wildcards, or after version 1.5.2 generic Algo-Prefixes, are allowed here. AP
  2. Specify the name and path of the file that has the ADS attached. Use path templates if possible. Wildcards, or after version 1.5.2 generic Algo-Prefixes, are allowed here. AP PT
  3. Specify the name of the attached ADS. PT
  4. Use advanced file parameters to clearly identify the file.
  5. Use advanced file parameters to clearly identify the attached stream.

Scan Results

  • The ADS file.

See also

Similar commands