命令行(CMD)下搞定卡巴斯基

6/23/2008来源:病毒防治人气:7262

最近无聊,随便看看,渗透一个内网的服务器,装的卡巴斯基,什么东西都被杀了,上了个不被杀的端口转发工具,估计是被拦截了,反弹不出来,于是在想怎么搞定卡巴斯基!

突然想到看看卡巴斯基的能不能支持命令行,一看,果然:

===========================
D:\Kaspersky Internet Security 6.0>avp /?
Kaspersky Anti-Virus (R) 6.0.0.299
Copyright (C) Kaspersky Lab 1996-2006. All rights reserved.

Usage: avp.com command [options]

command       Specifies the command to be executed.
HELP         Show help
SCAN         Start new scan
UPDATE       Update databases and optionally application modules
ROLLBACK     Rollback PReviously updated databases
START        Start specified task
STOP         Stop running task
PAUSE        Pause running task
RESUME       Resume paused task
STATUS       Show task status
STATISTICS   Show task statistics
EXPORT       Export settings
IMPORT       Import settings
ADDKEY       Add key file
ACTIVATE     Perform online activation
EXIT         Exit product

Examples:
   avp.com [ /? | HELP ]
   avp.com command /?
   avp.com HELP command
   avp.com HELP SCAN
   avp.com UPDATE /?

D:\Kaspersky Internet Security 6.0>avp status

Task                      State      Completion Description
---------------------------------------------------
AntiPhishingService       running
Anti_Hacker               paused
Anti_Spam                 paused
Anti_Spy                  paused
AVService                 running
Behavior_Blocking         paused
File_Monitoring           paused
HTTP                      running
IMAP                      running
MailWasher                running
Mail_Monitoring           paused
NNTP                      running
POP3                      running
ProcMon                   running
Rollback                  stopped
Scan_Critical_Areas       stopped
Scan_My_Computer          stopped
Scan_Objects              completed
Scan_Quarantine           stopped
Scan_Startup              running    23%              //这里扫描开始了,下面我终止掉
SMTP                      running
Spamtest                  stopped
StartupService            stopped
TrafficMonitor            running
Updater                   completed
Web_Monitoring            paused

D:\Kaspersky Internet Security 6.0>avp stop Scan_Startup /passWord=tlm   //这里我已经设置好了密码了

D:\Kaspersky Internet Security 6.0>avp status Scan_Startup
Scan_Startup              stopped                                                             //扫描已经重新终止!

============================

但是卡巴斯基是不能够直接退出的,需要先设置密码,没有设置密码不允许退出:

============================


D:\Kaspersky Internet Security 6.0>avp exit
Error: Password required to exit

D:\Kaspersky Internet Security 6.0>

============================

命令行中也没看到如何设置密码,但是可以导出和导入配置文件,那我们可以从这里入手,先在本地装上相同的卡巴斯基,设置好密码和相关配置,然后导出,,把文件传送到服务器上然后导入,命令是:

============================

D:\Kaspersky Internet Security 6.0>avp export
Kaspersky Anti-Virus (R) 6.0.0.299
Copyright (C) Kaspersky Lab 1996-2006. All rights reserved.

Usage: EXPORT <Profile|taskid> <filename>
<filename[.<ext>|.txt]>             File to save settings

Examples:
avp.com EXPORT rtp rtp_settings.dat - binary export
avp.com EXPORT fm fm_settings.txt   - plain export

D:\Kaspersky Internet Security 6.0>avp import
Kaspersky Anti-Virus (R) 6.0.0.299
Copyright (C) Kaspersky Lab 1996-2006. All rights reserved.

Usage: IMPORT <filename>
<filename>             File to restore settings

Examples:
avp.com IMPORT settings.dat

D:\Kaspersky Internet Security 6.0>

============================

此方法没有测试,因为服务器是装的服务器版本的,我装的是6.0互联网安全套装,配置文件肯定是不一样的,我这里的服务器也装的卡巴斯基,但是这几天服务器在调试,等过几天我再测试看看,先把这个思路放出来,如果有什么不到之处,还请大家指正!