CrusherW9

Can't get Command Line Scanner to save log file

Recommended Posts

I'm using the Command line scanner with batch files and can't get a log file to be created. I have just reinstalled Windows after screwing up my old install but it was working fine previously with the same batch files. I have tried various directories and names. Anyone have any idea why?

 

Here is one of the batch files I'm using:

@echo off
"C:\Programs\Emsisoft Command Line Scanner\a2cmd\a2cmd.exe" /update
set hr=%time:~0,2%
if "%hr:~0,1%" equ " " set hr=0%hr:~1,1%
Set output=File Scan_%date:~-4,4%%date:~-10,2%%date:~-7,2%_%hr%%time:~3,2%%time:~6,2%.txt
"C:\Programs\Emsisoft Command Line Scanner\a2cmd\a2cmd.exe" /f="%1" /riskware /archives /l="C:\Programs\Emsisoft Command Line Scanner\Logs\%output%"
echo.
echo.
IF %errorlevel% EQU 0 (
    echo ##### No Malware Detected #####
) ELSE (
    echo %%%%% Malware Detected %%%%%
)
echo.
echo.
pause

Share this post


Link to post
Share on other sites

The problem is this part:

/f="%1"

In Batch the %1 is replaced with the first parameter exactly the way you type it. So if you call your script like this:

scan.bat "C:\Program Files"

Will result in this parameter being passed to the command line scanner:

/f=""C:\Program Files""

That is obviously invalid. The solution is to get rid of the quotes so it looks like this:

/f=%1

The reason it previously worked is most likely that you never passed any locations via parameter that included spaces.

 

For future reference: If you want to post any scripts or formatted plain text please wrap it within a code box as I did. It makes it just so much easier to read and all white spaces are preserved.

Share this post


Link to post
Share on other sites

I fixed this however it still won't work. I even changed the log parameter to simply: /log="C:\scan.txt" . It still did not work. I had a problem earlier with a2cmd.exe and I'm not sure if it could be related. It was telling me that I didn't have a license to use it. I tried re-downloading it and I got the same thing. It went away after I installed the remaining Windows Updates that I had to do to get current. Also on a side note, I have to say that you guys at Emsisoft have GREAT customer support.

Share this post


Link to post
Share on other sites

Is it possible that you're trying to use it on a server operating system? Emsisoft Commandline Scanner requires a valid license key to be able to run on servers. This needs just once to be applied using the /key=##### parameter.

Share this post


Link to post
Share on other sites

Have you changed your DLL load order settings by any chance? That could result in the command line scanner not being able to load some of the required DLLs. You should be able to fix that by changing your script to something like this:

 

@echo off

REM Switch to the command line scanner directory to avoid issues with DLL loading
pushd "C:\Programs\Emsisoft Command Line Scanner\a2cmd\"

REM Update the command line scanner
a2cmd.exe /update

REM Figure out the log file name based on the current date and time
set hr=%time:~0,2%
if "%hr:~0,1%" equ " " set hr=0%hr:~1,1%
Set output=File Scan_%date:~-4,4%%date:~-10,2%%date:~-7,2%_%hr%%time:~3,2%%time:~6,2%.txt

REM Run the scan
a2cmd.exe /f=%1 /riskware /archives /l="C:\Programs\Emsisoft Command Line Scanner\Logs\%output%"

REM Display results
echo.
echo.
IF %errorlevel% EQU 0 (
    echo ##### No Malware Detected #####
) ELSE (
    echo %%%%% Malware Detected %%%%%
)
echo.
echo.

REM Restore original directory
popd

pause

Share this post


Link to post
Share on other sites

Wow, I actually just learned about stacks in one of my computer science classes not too long ago. I can't believe I found an application for them already, aside from our projects we are assigned; which currently is to implement a non-recursive stack based merge sort that runs in O(n log n) time (ofcourse). I tried this code and it still didn't work. Since this was meant to correct possible DLL loading issues, I made sure Applocker was disabled (including DLL Protection). The only other security program I have enabled is EMET and I can't imagine that having any effect.

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    No registered users viewing this page.