And there is my n32comm.bat - as attachment nr.2:

 @echo off
REM 2016-03-06 SP.
: Rem - %1 is the file to scan %2 is the name of the result file %3
: Rem - is the sentinel file. The report from the scan is sent to the
: Rem - Result file. If No virus is found then the Result file is
: Rem - deleted prior to deleting the sentinel file. If a virus, or
: Rem - other error is found, then a message indicating the meaning
: Rem - of the return code is tacked on to the end of the result
: Rem - file. Deletion of the sentinel file is the last thing that
: Rem - takes place.
: Rem - Note 1: Some of the error codes should never occur, in this
: Rem - context, but I put them in anyway for documentation purposes,
: Rem - if nothing else.
: Rem - Note 2: There's colons in front of the Rem statements because
: Rem - blank labels process faster than Rem statements (the entire
: Rem - Rem statement is parsed even though it's a comment)
: Rem - No extended batch command features are used so this should
: Rem - work with*any* MS OS.
: Rem - Watch for wrapping of the batch file lines in this email
: Rem - message.  They are longer that the normal 70 CPL!.  The
: Rem - ECLS.exe commandline and echo line should NOT be wrapped.
: Rem
REM ESET File Security directory - Path to ecls.exe :
"c:\Program Files\ESET\ESET File Security\ecls.exe" %1 /arch /sfx /rtp /adware /unsafe /unwanted /pattern /adv-heur /clean-mode=delete /mail /log-file=%2
If Errorlevel 100 goto error100
If Errorlevel 50 goto error50
If Errorlevel 10 goto error10
If Errorlevel 1 goto error1
REM If none of above, deleting the result file:
Del %2
goto Ende

:error1
echo 1- threat found and cleaned >> %2
goto Ende

:error10
echo 10 – some files could not be scanned (may be threats) >> %2
goto Ende

:error50
echo 50 –  threat found >> %2
goto Ende

:error100
echo 100 error >> %2
goto Ende

:Ende
if %3.. == .. goto LastEnd
Del %3

:LastEnd
exit

We use Mercury/32 as our mail server and have Nod32 on all our computers, including the mail server.

I would like to create a Mercury Core Module policy to run the commandline version of Nod32 (ecls.exe) on all mail.

Does anyone have this set up and working? My initial brief test resulted in false positives.

I don't have a test environment and there is no option in the Policy setup to test it non-destructively.

The exit codes for ecls.exe are:

0     no threat found
1     threat found and cleaned
10     some files could not be scanned (may be threats)
50     threat found
100     error

Do I need to run ecls.exe from a batch file to make sure that only real threats result in deleted emails?

Regards,

Pat Esler

Check out Virprot in the Mercury add-ons downloads section of this site.

 http://community.pmail.com/files/folders/mercadd/entry803.aspx

Hi Pat,

yes, you should run ecls.exe from a batch file.

My batch file name is n32comm.bat. See the following attachment:

Figure nr.1: