xprt007

Which of these applications scans files?

Recommended Posts

a2cmd.exe is the one you will want. Be sure to use the /s parameter though, as the version that comes bundled with Emsisoft Anti-Malware needs to use the service to do things like scanning.

I would believe that A2CMD will need to be run with admin rights, and you'll more than likely want to use something similar to the following command to execute it from your download manager:

a2cmd.exe /s /q /f="<path>"

 

Here's the documentation on all of the parameters that it supports:

a2cmd.exe [path] | [parameters]

Scan types (can be used together):

   /f=[], /files=[path]   Scan files. Full path to file or folder required
   /quick                 Scans all active programs and Spyware Traces
   /malware               Good and fast result, but only important folders will
                          be scanned
   /rk, /rootkits         Scan for active Rootkits
   /m,  /memory           Scan Memory for active Malware
   /t,  /traces           Scan for Spyware Traces

   /fh=[handle] /pid=[PID]            Scan file by handle. Process ID of the
                                      handle is required
   /b=[pointer] /bs=[size] /pid=[PID] Scan buffer. Buffer size and process ID
                                      are required

Scan settings (used with scan types):

   /pup                        Alert Potentially Unwanted Programs (PUP)
   /a, /archive                Scan in compressed archives (zip, rar, cab)
   /am                         Scan in mail archives
   /n, /ntfs                   Scan in NTFS Alternate Data Streams
   /cloud=[]                   If it is "1" then scanner will use cloud 
                               requests (defaul value is "1")
   /dda, /directdiskaccess     Use direct disk access
   /l=[], /log=[filepath]      Save a logfile in UNICODE format
   /la=[], /logansi=[filepath] Save a logfile in ANSI format
   /x=[], /ext=[list]          Scan only specified file extensions, comma
                               delimited
   /xe=[], /extexclude=[list]  Scan all except the specified file extensions
   /wl=[], /whitelist=[file]   Load whitelist items from the file
   /d,     /delete             Delete found objects including references
   /dq,    /deletequick        Delete found objects quickly
   /q=[], /quarantine=[folder] Put found Malware into Quarantine
   /rebootallowed              Allows automatic OS restart, if this is required
                               to remove found threads
   /s, /service   Run scan via windows service and keep the engine loaded

Malware handling (standalone parameters):

   /ql, /quarantinelist            List all quarantined items
   /qr=[], /quarantinerestore=[n]  Restore the item number n of the quarantine
   /qd=[], /quarantinedelete=[n]   Delete the item number n of the quarantine

Online updates:

   /u, /update                Update Malware signatures
   /uf=<feed>,
   /updatefeed=<feed>         Update from specified update feed
                              Applicable only to standalone a2cmd package.
   /proxy=[proxyname:port]    Proxy address and port number
   /proxyuser=[username]      Proxy user name
   /proxypassword=[password]  Proxy user password

General commands:

   /?, /help            Show help message

Result codes:

   0 - No infections were found
   1 - Infections were found

 

Share this post


Link to post
Share on other sites

I don't understand...   Is the OP asking so that they can configure a download manager so that it explicitly asks EAM to scan just-downloaded files?

Doesn't EAM scan files as they're downloaded anyway?   (I'm sure I read somewhere that that does now happen, rather than only when files are read/executed.) 

Share this post


Link to post
Share on other sites
12 hours ago, GT500 said:

I would believe that A2CMD will need to be run with admin rights, and you'll more than likely want to use something similar to the following command to execute it from your download manager:

a2cmd.exe /s /q /f="<path>"

Hi there

I'm not an expert at this and so may need some additional help to implement your suggestion, which is much more complicated than I had hoped.

powershell.jpg.6eab51801977258864886673a175665e.jpg
Download Image

  • Is that the correct structure of the command, assuming the download manager is at that location?
  • I have included screenshot with powershell. (Command prompt is hidden in latest Falls Update of Win 10). Does it matter if one uses powershell or it has to be command prompt?
  • Am I to assume I go to settings of the DM as shown above, select a2cmd.exe  and then implement the command in powershell OR command prompt or the other way round?
  • Also ... I assume after doing this, that the command applies to ALL downloads after this & I do not have to go to powershell/command prompt again unless I re-install the download manager ... ?

Thank you in advance

 

Share this post


Link to post
Share on other sites

@GT500Arthur, in your example:  a2cmd.exe /s /q /f="<path>"        is the /q a shorthand for /quick, or is it the /q=[], /quarantine=[folder] Put found Malware into Quarantine option?  If it's the latter, does the bare /q just mean that quarantined files end up in the same quarantine folder as anything scanned via the GUI?

@xprt007 The command you showed in the powershell window would ask a2cmd to scan the files that are parts OF the download manager, and is not what I think you are trying to do.   I would expect you would need to start the download manager then find your way to its configuration/ settings/ options panes, then tell it that the command it should use to scan a file is something like GT500 suggested.    On my system specifying  "a2cmd.exe"  in a command window doesn't work because the system doesn't know where that .exe actually is, so if your system is similar your command would need to be (say)

   "C:\Program Files\Emsisoft Internet Security\a2cmd.exe" /s/ /q /f=  (something)

What comes after the "/f=" will depend on how the programmer of your download manager has arranged for values to be plugged-in to commands.    Hmm, I see from the 'manual' at: http://antdownloadmanager.com/user_guide.php?lng=en  (look at the 'Program Settings config) -> Automation' page) that the author has not provided good information about how to do this.  You'd certainly need to put (say)

   C:\Program Files\Emsisoft Internet Security\a2cmd.exe

in the first box on the settings page,   but after that...   The example shows   /files    in the second box and that probably means that in that case the download manager would generate a command like: 

    "C:\Program Files\ESET\ESET Nod32 Antivirus\ecls.exe" /files "C:\some\file\to\be\scanned\xyz.mp4"

but notice that there there's a space between the "/files" and the following filename.    The EAM command needs to have the filename immediately preceded by /f=    and I don't know how you'd make sure that the download manager doesn't introduce the extra space.

It might be that the "/files" that is shown in the example was actually typed in as "/files "   ie it has a space that you can't see, and that if you type in just "/f="    with no quotes and no space either, it'll work.   But I think you might need to ask the Ant company about that.

 

You're also, I think, going to have a problem getting the a2cmd.exe to run under the administrator as I see no mechanism described in the download manager help page about making that happen.  That might mean you'd need to make the DM run an ordinary batch or vbs file that relaunches itself with Admin rights to achieve this.  That would however let you solve the possible syntax problem of getting the /f= part right, because the batch or vbs or whatever file could be passed the filename in whatever format the download manager issues its command, then could issue the a2cmd.exe command in a different format.

 

I still don't understand why this is necessary.   I think EAM will scan the files as they are downloaded anyway.   Even if it doesn't do that, you could for example arrange for all your downloaded files to go into one specific folder, then ue normal methods (eg select those files and use right-click to ask EAM to scan them) or set up a scheduled scan that scans only that folder.  After the files have been scanned, move them somewhere else so they don't get scanned over & over again.

 

 

Share this post


Link to post
Share on other sites
On 12/9/2017 at 5:12 AM, JeremyNicoll said:

I don't understand...   Is the OP asking so that they can configure a download manager so that it explicitly asks EAM to scan just-downloaded files?

Yes, that's how I'm understanding their request.

 

On 12/9/2017 at 5:12 AM, JeremyNicoll said:

Doesn't EAM scan files as they're downloaded anyway?

Correct, although technically there's an extension filter and the File Guard doesn't automatically unpack archives like the on-demand scanner does.

 

On 12/9/2017 at 7:33 AM, xprt007 said:

Is that the correct structure of the command, assuming the download manager is at that location?

That's essentially how the command to scan works, however you don't want it to scan the download manager, you want it to scan the file the download manager downloaded. Most download managers that support automated scanning like this give you some sort of code you can put in the scan command that tells the scanner the path of the downloaded file.

As an example, lets suppose the code your download manager uses is %F and it replaces that with the full path of the downloaded file, then your scan command would need to look something like the following:

a2cmd.exe /s /q /f="%F"

 

On 12/9/2017 at 7:33 AM, xprt007 said:

I have included screenshot with powershell. (Command prompt is hidden in latest Falls Update of Win 10). Does it matter if one uses powershell or it has to be command prompt?

A2CMD will run from PowerShell or the Command Prompt, however note that output from A2CMD may not work the same or look the same in PowerShell.

If you want to switch to the Command Prompt, then type CMD into PowerShell and press Enter. The colors will be the same as PowerShell, but it will switch to the Command Prompt until you type Exit.

 

On 12/9/2017 at 7:33 AM, xprt007 said:

Am I to assume I go to settings of the DM as shown above, select a2cmd.exe  and then implement the command in powershell OR command prompt or the other way round?

You don't need to worry about PowerShell or Command Prompt, you just need to configure the command to scan in your download manager's settings, and it should take care of everything else itself. You can use PowerShell or Command Prompt to test A2CMD to make sure it is working as expected, but beyond that you won't need them for this.

 

On 12/9/2017 at 7:33 AM, xprt007 said:

Also ... I assume after doing this, that the command applies to ALL downloads after this ...

That's up to your download manager. A2CMD will scan anything it's told to, so long as the command used to execute it is correct and it has access to read the file.

 

On 12/10/2017 at 6:14 AM, JeremyNicoll said:

Arthur, in your example:  a2cmd.exe /s /q /f="<path>"        is the /q a shorthand for /quick, or is it the /q=[], /quarantine=[folder] Put found Malware into Quarantine option?  If it's the latter, does the bare /q just mean that quarantined files end up in the same quarantine folder as anything scanned via the GUI?

It's the parameter for "quarantine detected files" without the path. It should use the default Quarantine folder when no other folder is specified.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.