ryerman

CLS v7.0.0.9 Scan results show discrepancy between "Objects scanned" and "Scanned"

Recommended Posts

Product: Command Line Scanner version 7.0.0.8, obtained by online update of EEK version 3.0.0.1

Operating System: Windows 7 Home Premium, 64 bit, SP1

Other Security: AVG Anti-Virus Free Edition 2013, Windows Firewall, KeyScrambler plugin for Firefox version 2.9.2.0

Hi Christian.

It seems that the count of scanned files is not reported correctly.

When the /f scan parameter specifies multiple files, "Objects scanned" shows each file, but "Scanned" always shows 1. (see Quote)

When the /f scan parameter specifies multiple folders, "Objects scanned" shows each folder, but "Scanned" shows the number of files in only one of the folders.

Does /f support only 1 object or is there a bug when counting/reporting the number of files scanned?

If /f supports multiple objects, please tell me if a mixture of files and folders is allowed.

While testing, I sometimes saw "Preparing for scanning... |" or "Preparing for scanning... \" or "Preparing for scanning... -" in the command window. What is the significance? It isn't shown in a log file.

Thanks for your help,

Jim

C:\Windows\system32>a2cmd /f="F:\file (1).jpg" "F:\file (2).jpg"

Emsisoft Commandline Scanner v. 7.0.0.9

© 2003-2012 Emsisoft - www.emsisoft.com

Emsisoft Commandline Scanner - Version 3.0

Last update: 08/11/2012 12:05:28

Scan settings:

Scan type: Custom Scan

Objects: F:\file (1).jpg, F:\file (2).jpg

Detect Riskware: Off

Scan archives: Off

ADS Scan: Off

File extensions: Off

Advanced caching: Off

Direct disk access: Off

Scan start: 09/11/2012 10:34:36

Preparing for scanning... \ <-------What is the significance?

Preparing for scanning... |

Scanned 1

Found 0

Scan end: 09/11/2012 10:34:39

Scan time: 0:00:03

C:\Windows\system32>

Share this post


Link to post
Share on other sites

Maybe I confused the issue by misusing terminology, so I will try to be more precise.

It seems that /f can specify multiple files, which are then properly scanned, but the quantity is not counted and/or reported correctly.

To show the bug, use 3 copies of an eicar test file and run this command:

a2cmd /f="F:\eicar (1).com" "F:\eicar (2).com" "F:\eicar (3).com" /l="F:\LOG.txt"

The logfile will show this:

Scanned 1

Found 3

If only 1 file was scanned, how could 3 infected files be found? It should be "Scanned 3"

Here is the logfile, with my comments shown in red.

Emsisoft Commandline Scanner - Version 3.0

Last update: 11/11/2012 06:10:13

Scan settings:

Scan type: Custom Scan

Objects: F:\eicar (1).com, F:\eicar (2).com, F:\eicar (3).com Each of the 3 files specified by /f are considered an object

Detect Riskware: Off

Scan archives: Off

ADS Scan: Off

File extensions: Off

Advanced caching: Off

Direct disk access: Off

Scan start: 11/11/2012 15:32:36

F:\eicar (1).com detected: EICAR-Test-File (not a virus) (B) The scan results show 3 infected files

F:\eicar (2).com detected: EICAR-Test-File (not a virus) (B)

F:\eicar (3).com detected: EICAR-Test-File (not a virus) (B)

Scanned 1 Here is the total number of files scanned. How can this be less than the number of infected files that were found?

Found 3

Scan end: 11/11/2012 15:32:40

Scan time: 0:00:03

Thanks for your attention,

Jim

Share this post


Link to post
Share on other sites

Hi Jim,

I was wrong, the software already supports passing multiple values for the same parameter. I missed that this was added a while ago.

There are two ways of scanning multiple folders:

a2cmd c:\temp\file1.ext c:\temp\file2.ext

The other one is by using the /f parameter and comma separated list:

a2cmd /f="c:\temp\file1.ext","c:\temp\file2.ext"

We suggest you decide for one of these, but not mix them please.

I can confirm that there is a counting bug in the statistics. It will be fixed with the next build of the software. Thanks for letting us know!

Share this post


Link to post
Share on other sites

Hi Christian,

Thanks for re-considering your first response. I hope to see the fixed version soon.

Here are a few things I have observed about the /f parameter:

If the pathnames have no spaces or commas, and are not enclosed by quotes, a comma separator must be used.

If the paths are enclosed in quotes, it seems that the comma separator is unnecessary.

A space, multiple spaces, or no separator at all works just as well. See the command line in post #3 above.

a2cmd /f="file1.ext"		 "file2.ext""file3.ext"

is also accepted. To avoid trouble, I always enclose all paths with quotes.

This seems like a logical and user-friendly way to avoid problems with separation characters that are also allowable characters in pathnames. Earlier versions of the CLS had such problems which have finally been eliminated.

The new online documentation for /f mentions that pathnames with spaces must be enclosed by quotes but neglects to give the same instruction for paths with commas. It also erroneously states: "Only one path can be specified"

Jim

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    No registered users viewing this page.