最近由于项目的持续化集成系统在构建完成后,需要将构建出的文件进行病毒扫描,我们选择的杀毒软件是卡巴斯基kav2012。但是由于我们的CI系统使用的是Windows Server 08 R2版本,无法安装kav2012。无奈之下只能选择在另一台机器上面安装Windows桌面系统+kav2012,并且在CI系统的脚本中加入at命令,来达到运程控制桌面系统来进行病毒扫描。
at 命令使用语法如下:
at \\computername time /interactive | /every:date,.../next:date,... command
at \\computername id /delete | /delete/yes
首先,需要保证能够通过机器名ping通这台机器,在win7下,需要检查防火墙的设置,可以通过下面这篇文章来设置:(转自http://technet.microsoft.com/en-us/library/cc749323(WS.10).aspx)
Nobody Can Ping My Computer
Updated: February 18, 2010
Applies To: Windows 7, Windows Server 2008, Windows Server 2008 R2, Windows Vista
A common step in troubleshooting connectivity situations is to use the Ping tool to ping the IP address of the computer to which you are trying to connect. When you ping, you send an ICMP Echo message (also known as an ICMP Echo Request message) and get an ICMP Echo Reply message in response. By default, Windows Firewall does not allow incoming ICMP Echo messages, and therefore the computer cannot send an ICMP Echo Reply in response.
Enabling incoming ICMP Echo messages will allow others to ping your computer. However, it also leaves your computer vulnerable to the types of attacks that use ICMP Echo messages. Therefore, we recommended that you enable the Allow incoming echo request setting temporarily, and then disable it when it is no longer needed.
To enable ICMP Echo messages, create new inbound custom rules to allow ICMPv4 and ICMPv6 Echo Request packets.
To enable ICMP Echo Request for ICMPv4 and ICMPv6
-
In the Windows Firewall with Advanced Security snap-in, click Inbound Rules in the tree, and click New Rule in the Actions Pane.
-
Click Custom and click Next.
-
Click All programs and click Next.
-
For Protocol type, select ICMPv4.
-
Click Customize for Internet Control Message Protocol (ICMP) settings.
-
Click Echo Request, click OK, and then click Next.
-
Under Which local IP address does this rule match? and for Which remote IP address does this rule match click either Any IP address orThese IP Addresses. If you click These IP addresses, specify the IP addresses and click Add, then click Next.
-
Click Allow the connection, and then click Next.
-
Under When does this rule apply?, click the active profile, any or all profiles (Domain, Private, Public) to which you want this rule to apply, and then click Next.
-
For Name type a name for this rule and for Description an optional description. Click Finish.
-
Repeat steps for ICMPv6, selecting ICMPv6 for Protocol Type instead of ICMPv4.
If you have active connection security rules, it is also helpful for troubleshooting purposes to exempt ICMP from the IPsec requirements temporarily. To do this, in the Windows Firewall with Advanced Security snap-in, in the Properties dialog box, click the IPsec Settings tab and click Yes to Exempt ICMP from IPsec. This step is only necessary if you have active connection security rules on the computer that you are trying to ping.
之后,可以运行at \\computername:
如果出现Access is denied的提示,就需要到这台\\computername的机器上面配置一下运行at的帐号了:
会出现如下对话框来改变运行AT的帐号:
配置好之后,at命令应该可以返回指定机器上面状态为active的job了:
好了,下面就可以使用如下at命令来远程控制kav进行病毒扫描了:
C:\Users\Administrator>at \\WIN-SRJUT8CLLUL 17:33 "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.com" SCAN /RA:C:\ScanReport\log.txt \\DailyBuildHost
其中,SCAN, /RA都是kav的命令行接口avp.com的参数:
\\DailyBuildHost是持续化集成服务器构建出来,需要进行病毒扫描的路径
扫描的log的内容如下:
