Home > News, Rootkits, Utils > New Panda Antivirus Command Line 9.5.1

New Panda Antivirus Command Line 9.5.1

July 4th, 2008

I'm happy to announce the availability of our new Panda Antivirus Command-Line scanner (PAVCL) version This new engine incorporates interesting features over previous versions specially focused on detecting and deactivating active rootkits and improved heuristic detection of new and unknown malware:

* Engine version 1.5.1 integration.
* Reboot driver. Disinfection during reboot of active rootkits. Needs to run with admin priviledge.
* Integration of Heuristic engine 7.0.7 with improved performance. Defaults to medium sensitivity.
* Suspicious detection counter in both console and logs.
* Digitally signed executables.
* New log in CSV format (pavcl.log).

The new log format is as follows:

As always we have a signature file available from the blog for testing purposes which is NOT updated on a regular basis. For production and critical scanning systems make sure to contact us for a regular signature feed.

Download the new PAVCL from download.com:
Get it from CNET Download.com!

Return codes are available for integrations of PAVCL with automated scanning systems. PAVCL returns a numeric value of 4 bytes to indicate the type of program exit, the type of operation performed and the number of malware detected. For more info on this contact me.

This version is compatible with Windows 2000, 2003, XP (32 and 64 bits) and Vista (32 and 64 bits).

Categories: News, Rootkits, Utils Tags:
  1. Pedro Bustamante
    July 4th, 2008 at 15:05 | #1

    the command line don’t work on my pc.


  2. Pedro Bustamante
    July 4th, 2008 at 16:17 | #2

    Can Home users download this file for Panda IS 2008?

  3. Pedro Bustamante
    July 4th, 2008 at 17:54 | #3

    what has changed in activescan 2.0

    please discribe whats changed

  4. Pedro Bustamante
    July 4th, 2008 at 23:50 | #4

    Lucass, make sure you’re running with admin priviledges. Contact me via email if you’re still having problems.

    Jonte, I’m guessing you’re referring to the signature file. Yes you can use it, but the Panda IS 2009 have a much improved system combining local signatures and in-the-cloud signatures for an even greater detection rate. More info at http://research.pandasecurity.com/archive/Panda-Internet-Security-2009-BETA.aspx

    Jon, you can read on what’s new in ActiveScan 2.0 at http://research.pandasecurity.com/archive/Panda-ActiveScan-2.0.aspx

  5. Pedro Bustamante
    July 5th, 2008 at 00:24 | #5

    in activescan 2.0 you updated the active scan 2.0 files yesterday I noticed it detects alot more malware as Suspicious then before

    what has been changed to detect more unknown malware

    please explain in detail

    please do a blog entry or reply


  6. Pedro Bustamante
    July 5th, 2008 at 08:39 | #6

    You’re 100% right jon. The difference is basically how Collective Intelligence is implemented. Initial versions of ActiveScan 2.0 downloaded to each PC a limited part of the “knowledge” (signatures) generated by Collective Intelligence. With the version we uploaded a couple of days ago each file you scan gets checked against the total knowledge of Collective Intelligence in real time. This means that you’re connected in real time against our CI servers and scanning is done “in-the-cloud” instead of locally on the PC. More information about Collective Intelligence here:

  7. Pedro Bustamante
    July 6th, 2008 at 13:31 | #7

    Why the parameter of “-nomem” deleted?

    Is that the developer made a mistake?

  8. Pedro Bustamante
    July 6th, 2008 at 14:24 | #8

    Is that the new CSV format log does not support for a single file scanning?

    The below is the log result of single file scan, I cannot see that it is a CSV log!

    Date : 06/07/2008
    Time : 22:20:43
    File checked : C:\AV.exe

    Suspicious file

    Panda CommandLineSecure 9.05.01 (c) Panda 2008

    Time employed for scan ………….: 00:00:02
    Number of files scanned …………: 1
    Number of files infected ………..: 0
    Number of suspicious files ………: 1

    Copyright Panda Security 2008

  9. Pedro Bustamante
    July 6th, 2008 at 20:19 | #9

    Ray, -nomem was there for older DOS-based platforms. As we don’t support that anymore we took it out.

    Andrew, there’s two files that are generated, a PAVCL.LOG (csv format) and a PAVCL.RPT (the one you posted). Check PAVCL.LOG for the csv formatted output.

  10. Pedro Bustamante
    July 7th, 2008 at 00:30 | #10


    I have tested “-rpt:pavcl.cvs”, it would output both pavcl.log and pavcl.cvs. If I just used “-rpt:pavcl.log”, it would output pavcl.log only.

  11. Pedro Bustamante
    July 7th, 2008 at 01:03 | #11

    Sorry, I made a mistake. For -rpt:pavcl.csv, it would generate a pavcl.log and a pavcl.cvs. The pavcl.log was cvs format. But -rpt:pavcl.log was not.

  12. Pedro Bustamante
    July 7th, 2008 at 16:51 | #12

    Sometimes when i scan a file with Virustotal Panda found “Suspicious file”, but my “own” Panda found notething. Why?


  13. Pedro Bustamante
    July 7th, 2008 at 20:35 | #13

    This page is doesn’t work http://www.pandasecurity.com/homeusers/security-info/default.aspx?lst=ac&sitepanda=particulares

    please fix this active threats page soon

    also there is no Description for this threat

    please try to fix these problems

    thank you
    love jon

  14. Pedro Bustamante
    July 8th, 2008 at 10:23 | #14

    Jonte, make sure heuristics is turned on and set to high on your on-demand scan.

    Jon, thanks for the heads-up. We’re working on fixing this.

  15. Pedro Bustamante
    July 11th, 2008 at 00:52 | #15

    when i use activescan 2.0 it detects a folder as a generic trojan the folder is called F-Secure SDBot.gen8

    please try to fix this false postive

  16. Pedro Bustamante
    July 11th, 2008 at 07:17 | #16

    Tried it but cannot replicate Jon. Can you provide more details, such as content (files) within the folder, a HijackThis and Panda Anti-Rootkit log?

  17. Pedro Bustamante
    July 11th, 2008 at 18:20 | #17

    Here is the activescan 2.0 log

    This folder is empty
    03257437 Generic Trojan
    Virus/Trojan E:\Users\pc\Desktop\cheats\confermed infected\FSecure SDBot.gen8

    E:\Users\pc\Desktop\cheats\confermed infected\F-Secure SDBot.gen8
    I send a sample of the folder though activescan

    I hope this helps

  18. Pedro Bustamante
    July 16th, 2008 at 07:59 | #18

    And the Binnary of .Tar, .Rpm?
    ;-) SYSOP

  19. Pedro Bustamante
    July 16th, 2008 at 12:08 | #19

    This version only comes in win32 flavour. The latest linux versions are available here:

  20. Pedro Bustamante
    July 22nd, 2008 at 14:01 | #20

    What is the LATEST version of PAVCL for LINUX ?


  21. Pedro Bustamante
    July 23rd, 2008 at 15:54 | #21

    Look at the comment above catteau. Linux version available here:

  22. Jan Arbona
    August 1st, 2008 at 21:00 | #22

    Nice, clean and a great change under the actual technology.
    Perfect the linux version for networks affected.

    Only, an option for run under solaris. (perfect for scan networks with a high risk)

    Best regards

  23. Pedro Bustamante
    November 6th, 2008 at 22:41 | #23

    Can you shed some light as for why the signature file that comes with the new command line version has more signatures (3,441,666 / June 30, 2008) than the signatures that I download when I sign in with the license purchased (1,846,697 / Nov 6, 2008)? Thank you!

  24. Pedro Bustamante
    November 10th, 2008 at 10:32 | #24

    Yes Harold, we have different signature files for different purposes. Normally our products which have in-the-cloud scanning from Collective Intelligence include a smaller signature file which includes the most important threats. The rest are queried online. We call this the real-time-wildlist-signature. Then there’s the mega-signature which corresponds to a full signature file.

  25. Pedro Bustamante
    November 11th, 2008 at 13:56 | #25

    Thank you Pedro! So, for me to have a broader range of singatures it is better to download the ones from :”http://research.pandasecurity.com/blogs/images/pav.zip”, correct? The other question I have is in regards to sending the signatures definition date to a log file. How do I do that? I tried redirecting the output with “pavcl.exe -info > log.txt” and “pavcl.exe -info -rpt:log.txt”, but it didn’t work.

  26. Pedro Bustamante
    November 13th, 2008 at 15:56 | #26

    Harold the sig on the blog is not updated every day. Its only updated once every week or so as this is a free sig I provide for testing purposes. If you need a regularly updated sig download it from the following location:
    This is the full signature and you’ll need an active username/password to access it.

    In order to log the date of the sig file, you can simply log the date stamped on the pav.sig file on disk.

  27. Pedro Bustamante
    November 18th, 2008 at 13:57 | #27

    Is this new commandLine scanner a different product, or a replacement for the free commandline scanner you’ve posted here:


  28. Pedro Bustamante
    November 19th, 2008 at 13:11 | #28

    Barry, same product just a newer version. The download link is the same so regardless of where you download from you’ll get the latest version.

  29. Pedro Bustamante
    November 19th, 2008 at 13:21 | #29

    How do i apply to get username/password to get regularly updated sig download it from the following location:



  30. Pedro Bustamante
    November 19th, 2008 at 14:55 | #30

    Devaud, simply purchase a license to one of our products and you’ll get a username and password valid for downloading regularly updated sigs. For example from here:

  31. Pedro Bustamante
    January 5th, 2009 at 18:08 | #31

    Hello Pedro,

    Please, could you tell us if return codes had changed or is the same binary combination as version 9.4.x?


  32. Pedro Bustamante
    January 7th, 2009 at 11:05 | #32

    Hey Jose, should be the same.

  33. Pedro Bustamante
    February 9th, 2009 at 10:00 | #33

    Did the pav.sig for this (http://acs.pandasoftware.com/member/pavsig3/pav.zip) change this week? It seems the pav.sig went from being 100MB to 60MB this week. It used to be a ‘megasig’ and now it’s the same file as the normal pav.sig in the desktop client. Are we missing something?

  34. Pedro Bustamante
    February 9th, 2009 at 12:33 | #34

    Yes Gary you’re right. It now redirects to http://acs.pandasoftware.com/member/pavsig/pav.zip which is the regular pav.sig for corporate products. We’ve discontinued the megapavsig for the moment.

  35. Pedro Bustamante
    February 9th, 2009 at 12:54 | #35

    Oh, shame, so what’s the advantage of using the command line scanner now over just the normal Panda Desktop scanner if they both use the same sig? Is the megapavsig going to return?

  36. Pedro Bustamante
    February 9th, 2009 at 15:46 | #36

    We’re working on the replacement of the megapavsig Gary, which will be much more complete than what you’ve seen until now. I’ll announce it here when it’s ready.

  37. http://
    April 20th, 2009 at 03:54 | #37

    Dear Friends, a little 9-year old girl is crying out for our help. Olga is sick with cancer and urgently needs 100,000 Euro for bone marrow transplantation. Her parents do not have this money, but hope that kind and mercifull people somewhere in the world still exist.

    In order to continue her life, a little 9-year old Ukrainian girl Olga Netyukhailo desperately and urgently needs your help.

    Olga was diagnosed Acute lymphoblastic leukemia (blood cancer) and currently needs 100 000 Euros for bone marrow transplantation from unrelated donor.

    This type of surgery cannot be made in Ukraine, therefore, Olga’s parents brought a girl to Israel. Olga is hospitalized in “Hadassah” hospital (Jerusalem) and is staying there since December 2008. During these 3 month girl has been prepared for surgery – getting chemotherapy and waited for remission. But in addition to cancer, it was discovered that Olga’s lungs are infected with fungus, which makes the treatment more complicated.


  38. Pedro Bustamante
    June 5th, 2009 at 06:59 | #38

    thank you!!! for your work

  39. http://
    July 13th, 2009 at 23:11 | #39

    when will you guys update the command line scanner

  40. http://
    September 12th, 2009 at 06:46 | #40


    I am so thrilled to find a command line virus scanner of the calibre of Panda's product. I am wondering if anyone can tell me if it is possible to run entire from a WRITE-PROTECTED USB drive.

    My shallow knowledge of this product failed to let me run this successfully. I have tried using -rpt: to redirect the log file. But from ProcMon it has indicated that it created a few files with KRN_DATA & PSK_MNU suffix.

    Is it possible to redirect them from the execution location?

    I frequently use WRITE-PROTECTED USB to launch trojan and virus hunting programs.

    Thanks for the fine product.


  41. Pedro Bustamante
    September 12th, 2009 at 13:49 | #41

    @Leon, the KRN* and PSK* data files are created the first time you run PAVCL. You might want to run it first in a directory that is not write-protected, and then copy the entire content to your write-protected USB. That ought to bypass the data files issue.

    Still I think it'll need to write to the log file. Try playing with the -nor and -rpt: switches to bypass that as well.

  42. http://
    October 1st, 2009 at 03:39 | #42

    Is this product supposed to replace the anti-rootkit solution?
    I am taking a security class where we get to play with malware/virus/rootkits and test different solutions and approaches. I decided to test the Panda anti-rootkit solution on a system that had a rootkit. The program found the rootkit and was able to eliminate it. It didnt eliminate the registry entries that the rootkit made tho, it would be nice if it did. Some other people tested other solutions that were able to clean the registry as well as eliminate the rootkit. Is that possible with Panda Antirootkit? It might be a thing to look at. I consider Panda to be ahead of the rest as far as protection is concerned, but i have to confess this was disappointing. Any ideas? Suggestions?

  43. http://
    October 13th, 2009 at 12:24 | #43

    Hi there,

    do you plan to update the Panda Antivirus Command Line scanner for Windows 7?

    And if yes, will you integrate updates to the antirootkit scanner?

    Another question:
    Is the Anti-Rootkit Scanner built into this version 9.5.1 better than the standalone Panda AntiRootkit 1.08?
    And does it have the same options and features for scanning for rootkits? Or even more?



  44. Pedro Bustamante
    October 14th, 2009 at 00:50 | #44

    @iNsuRRecTiON, it should already run under Windows 7. Just make sure that PAVCL.EXE is marked to run as administrator.

    Regarding Pavcl 9.5.1 vs PavArk 1.08, actually PavArk has more detection techniques as it is a standalone tool that can take much more time and perform more in-depth checks, even during boot. Pavcl is basically the same engine as we incorporate in our regular products where we cannot put these same type of checks as it would impact performance too much. This is also the same reason why other AV vendors have stand-alone Anti-Rootkit utilities.

Comments are closed.