# Which of these applications scans files?

## Recommended Posts

Hi there

I want a download manager to get files scanned, but I'm not sure which of the "apps" in the Emsisoft Anti-Malware folder to select. Please see attached image.

##### Share on other sites

a2cmd.exe is the one you will want. Be sure to use the /s parameter though, as the version that comes bundled with Emsisoft Anti-Malware needs to use the service to do things like scanning.

I would believe that A2CMD will need to be run with admin rights, and you'll more than likely want to use something similar to the following command to execute it from your download manager:

a2cmd.exe /s /q /f="<path>"

Here's the documentation on all of the parameters that it supports:

a2cmd.exe [path] | [parameters]

Scan types (can be used together):

/f=[], /files=[path]   Scan files. Full path to file or folder required
/quick                 Scans all active programs and Spyware Traces
/malware               Good and fast result, but only important folders will
be scanned
/rk, /rootkits         Scan for active Rootkits
/m,  /memory           Scan Memory for active Malware
/t,  /traces           Scan for Spyware Traces

/fh=[handle] /pid=[PID]            Scan file by handle. Process ID of the
handle is required
/b=[pointer] /bs=[size] /pid=[PID] Scan buffer. Buffer size and process ID
are required

Scan settings (used with scan types):

/pup                        Alert Potentially Unwanted Programs (PUP)
/a, /archive                Scan in compressed archives (zip, rar, cab)
/am                         Scan in mail archives
/n, /ntfs                   Scan in NTFS Alternate Data Streams
/cloud=[]                   If it is "1" then scanner will use cloud
requests (defaul value is "1")
/dda, /directdiskaccess     Use direct disk access
/l=[], /log=[filepath]      Save a logfile in UNICODE format
/la=[], /logansi=[filepath] Save a logfile in ANSI format
/x=[], /ext=[list]          Scan only specified file extensions, comma
delimited
/xe=[], /extexclude=[list]  Scan all except the specified file extensions
/wl=[], /whitelist=[file]   Load whitelist items from the file
/d,     /delete             Delete found objects including references
/dq,    /deletequick        Delete found objects quickly
/q=[], /quarantine=[folder] Put found Malware into Quarantine
/rebootallowed              Allows automatic OS restart, if this is required
/s, /service   Run scan via windows service and keep the engine loaded

Malware handling (standalone parameters):

/ql, /quarantinelist            List all quarantined items
/qr=[], /quarantinerestore=[n]  Restore the item number n of the quarantine
/qd=[], /quarantinedelete=[n]   Delete the item number n of the quarantine

/u, /update                Update Malware signatures
/uf=<feed>,
/updatefeed=<feed>         Update from specified update feed
Applicable only to standalone a2cmd package.
/proxy=[proxyname:port]    Proxy address and port number

General commands:

/?, /help            Show help message

Result codes:

0 - No infections were found
1 - Infections were found

##### Share on other sites

Doesn't EAM scan files as they're downloaded anyway?   (I'm sure I read somewhere that that does now happen, rather than only when files are read/executed.)

##### Share on other sites
12 hours ago, GT500 said:

I would believe that A2CMD will need to be run with admin rights, and you'll more than likely want to use something similar to the following command to execute it from your download manager:

a2cmd.exe /s /q /f="<path>"

Hi there

I'm not an expert at this and so may need some additional help to implement your suggestion, which is much more complicated than I had hoped.

• Is that the correct structure of the command, assuming the download manager is at that location?
• I have included screenshot with powershell. (Command prompt is hidden in latest Falls Update of Win 10). Does it matter if one uses powershell or it has to be command prompt?
• Am I to assume I go to settings of the DM as shown above, select a2cmd.exe  and then implement the command in powershell OR command prompt or the other way round?
• Also ... I assume after doing this, that the command applies to ALL downloads after this & I do not have to go to powershell/command prompt again unless I re-install the download manager ... ?

##### Share on other sites

@GT500Arthur, in your example:  a2cmd.exe /s /q /f="<path>"        is the /q a shorthand for /quick, or is it the /q=[], /quarantine=[folder] Put found Malware into Quarantine option?  If it's the latter, does the bare /q just mean that quarantined files end up in the same quarantine folder as anything scanned via the GUI?

@xprt007 The command you showed in the powershell window would ask a2cmd to scan the files that are parts OF the download manager, and is not what I think you are trying to do.   I would expect you would need to start the download manager then find your way to its configuration/ settings/ options panes, then tell it that the command it should use to scan a file is something like GT500 suggested.    On my system specifying  "a2cmd.exe"  in a command window doesn't work because the system doesn't know where that .exe actually is, so if your system is similar your command would need to be (say)

"C:\Program Files\Emsisoft Internet Security\a2cmd.exe" /s/ /q /f=  (something)

What comes after the "/f=" will depend on how the programmer of your download manager has arranged for values to be plugged-in to commands.    Hmm, I see from the 'manual' at: http://antdownloadmanager.com/user_guide.php?lng=en  (look at the 'Program Settings config) -> Automation' page) that the author has not provided good information about how to do this.  You'd certainly need to put (say)

C:\Program Files\Emsisoft Internet Security\a2cmd.exe

in the first box on the settings page,   but after that...   The example shows   /files    in the second box and that probably means that in that case the download manager would generate a command like:

"C:\Program Files\ESET\ESET Nod32 Antivirus\ecls.exe" /files "C:\some\file\to\be\scanned\xyz.mp4"

but notice that there there's a space between the "/files" and the following filename.    The EAM command needs to have the filename immediately preceded by /f=    and I don't know how you'd make sure that the download manager doesn't introduce the extra space.

It might be that the "/files" that is shown in the example was actually typed in as "/files "   ie it has a space that you can't see, and that if you type in just "/f="    with no quotes and no space either, it'll work.   But I think you might need to ask the Ant company about that.

You're also, I think, going to have a problem getting the a2cmd.exe to run under the administrator as I see no mechanism described in the download manager help page about making that happen.  That might mean you'd need to make the DM run an ordinary batch or vbs file that relaunches itself with Admin rights to achieve this.  That would however let you solve the possible syntax problem of getting the /f= part right, because the batch or vbs or whatever file could be passed the filename in whatever format the download manager issues its command, then could issue the a2cmd.exe command in a different format.

I still don't understand why this is necessary.   I think EAM will scan the files as they are downloaded anyway.   Even if it doesn't do that, you could for example arrange for all your downloaded files to go into one specific folder, then ue normal methods (eg select those files and use right-click to ask EAM to scan them) or set up a scheduled scan that scans only that folder.  After the files have been scanned, move them somewhere else so they don't get scanned over & over again.

##### Share on other sites
On 12/9/2017 at 5:12 AM, JeremyNicoll said:

Yes, that's how I'm understanding their request.

On 12/9/2017 at 5:12 AM, JeremyNicoll said:

Correct, although technically there's an extension filter and the File Guard doesn't automatically unpack archives like the on-demand scanner does.

On 12/9/2017 at 7:33 AM, xprt007 said:

Is that the correct structure of the command, assuming the download manager is at that location?

That's essentially how the command to scan works, however you don't want it to scan the download manager, you want it to scan the file the download manager downloaded. Most download managers that support automated scanning like this give you some sort of code you can put in the scan command that tells the scanner the path of the downloaded file.

As an example, lets suppose the code your download manager uses is %F and it replaces that with the full path of the downloaded file, then your scan command would need to look something like the following:

a2cmd.exe /s /q /f="%F"

On 12/9/2017 at 7:33 AM, xprt007 said:

I have included screenshot with powershell. (Command prompt is hidden in latest Falls Update of Win 10). Does it matter if one uses powershell or it has to be command prompt?

A2CMD will run from PowerShell or the Command Prompt, however note that output from A2CMD may not work the same or look the same in PowerShell.

If you want to switch to the Command Prompt, then type CMD into PowerShell and press Enter. The colors will be the same as PowerShell, but it will switch to the Command Prompt until you type Exit.

On 12/9/2017 at 7:33 AM, xprt007 said:

Am I to assume I go to settings of the DM as shown above, select a2cmd.exe  and then implement the command in powershell OR command prompt or the other way round?

You don't need to worry about PowerShell or Command Prompt, you just need to configure the command to scan in your download manager's settings, and it should take care of everything else itself. You can use PowerShell or Command Prompt to test A2CMD to make sure it is working as expected, but beyond that you won't need them for this.

On 12/9/2017 at 7:33 AM, xprt007 said:

Also ... I assume after doing this, that the command applies to ALL downloads after this ...

On 12/10/2017 at 6:14 AM, JeremyNicoll said:

Arthur, in your example:  a2cmd.exe /s /q /f="<path>"        is the /q a shorthand for /quick, or is it the /q=[], /quarantine=[folder] Put found Malware into Quarantine option?  If it's the latter, does the bare /q just mean that quarantined files end up in the same quarantine folder as anything scanned via the GUI?

It's the parameter for "quarantine detected files" without the path. It should use the default Quarantine folder when no other folder is specified.