Kaseya Community

a-squared Command Line Scanner

  • Thought I would let you guys know about this free command line virus/spyware scanner. After quickly reading the help file, it looks as if it should be very easy to script.

    might want to check it out

    http://www.emsisoft.com/en/software/

    Legacy Forum Name: a-squared Command Line Scanner,
    Legacy Posted By Username: Resistance2Fly
  • Resistance2Fly
    Thought I would let you guys know about this free command line virus/spyware scanner. After quickly reading the help file, it looks as if it should be very easy to script.

    might want to check it out

    http://www.emsisoft.com/en/software/


    We currently use this for those rare occasions when AVG misses something. I found that you don't need to distribute the signatures, just make the signature directory. This reduces the download size to approximately 1.5MB.

    Just watch - running it usually kills my VNC connection to the machine.

    - Josh

    Legacy Forum Name: Scripts Forum,
    Legacy Posted By Username: lowray1975
  • I cant seem to get it to run without crashing...
    mind posting your scripts for this?

    Legacy Forum Name: Scripts Forum,
    Legacy Posted By Username: Resistance2Fly
  • Okay - I hate typing so hopefully I hit all the steps of what I did...

    1. I created a directory named "hnc-spyare" and put all the files from the a2 download there including the signatures directory. I did try to rename the exe although it corrects itself, which is pretty cool.

    2. I then compressed the entire directory using 7zip. I used 7zip because it's free and the command line version rocks. Plus it can be renamed which you'll see in the script export.

    3. Then I created five scripts: the install script, an update script and then three scripts that scan at different levels (smart, quick and deep).

    The Install Script
    --

    Script Name: Install HNC-Spyware
    Script Description: Install hnc-spyware:
    - downloads hnc-compress for expanding
    - downloads and expands hnc-spyware.7z
    - updates all signature files (can't just call update script as it causes an error)

    If hnc-spyware already exists on client machine, the update signature script is ran.

    IF Test File
    Parameter 1 : c:\program files\hnc guardian\hnc-spyware\a2cmd.exe
    Absent :
    THEN
    Get Variable
    Parameter 1 : 10
    Parameter 2 :
    Parameter 3 : AGENTTEMP
    OS Type : 0
    Write File
    Parameter 1 : #AGENTTEMP#\hnc-compress.exe
    Parameter 2 : VSASharedFiles\Utilities\hnc-compress.exe
    OS Type : 0
    Write File
    Parameter 1 : #AGENTTEMP#\hnc-spyware.7z
    Parameter 2 : VSASharedFiles\Software\HNC Spyware\hnc-spyware.7z
    OS Type : 0
    Execute File
    Parameter 1 : #AGENTTEMP#\hnc-compress.exe
    Parameter 2 : x #AGENTTEMP#\hnc-spyware.7z -y -aoa -o"c:\program files\hnc guardian"
    Parameter 3 : 3
    OS Type : 0
    Pause Script
    Parameter 1 : 15
    OS Type : 0
    Delete File
    Parameter 1 : #AGENTTEMP#\hnc-spyware.7z
    OS Type : 0
    Execute File
    Parameter 1 : c:\program files\hnc guardian\hnc-spyware\a2cmd.exe
    Parameter 2 : /u
    Parameter 3 : 3
    OS Type : 0
    ELSE
    Write Script Log Entry
    Parameter 1 : Already installed - running Update Signature script
    OS Type : 0
    Execute Script
    Parameter 1 : Update Signatures (NOTE: Script reference is NOT imported. Correct manually in script editor.
    Parameter 2 :
    Parameter 3 : 0
    OS Type : 0


    Here is the Update Script:


    Script Name: Update Signatures
    Script Description: Updates hnc-spyware's signurature files. If hnc-spyware does not exist on client machine, this script will call the install script.

    IF Test File
    Parameter 1 : c:\program files\hnc guardian\hnc-spyware\a2cmd.exe
    Exists :
    THEN
    Execute File
    Parameter 1 : c:\program files\hnc guardian\hnc-spyware\a2cmd.exe
    Parameter 2 : /u
    Parameter 3 : 3
    OS Type : 0
    ELSE
    Write Script Log Entry
    Parameter 1 : HNC-Spyware not present on client machine. Executing Install Script
    OS Type : 0
    Execute Script
    Parameter 1 : Install HNC-Spyware (NOTE: Script reference is NOT imported. Correct manually in script editor.
    Parameter 2 :
    Parameter 3 : 0
    OS Type : 0


    And finally one of the three scanning scripts (deep):


    Script Name: Scan - Deep Scan
    Script Description: Performs a DEEP scan: this is the slowest scan; all files on all hard disks will be scanned.

    IF Test File
    Parameter 1 : c:\program files\hnc guardian\hnc-spyware\a2cmd.exe
    Exists :
    THEN
    Get Variable
    Parameter 1 : 10
    Parameter 2 :
    Parameter 3 : AGENTTEMP
    OS Type : 0
    Execute File
    Parameter 1 : c:\program files\hnc guardian\hnc-spyware\a2cmd.exe
    Parameter 2 : /deep /memory /traces /cookies /heuristic /riskware /archive /ntfs /quarantine /log=#AGENTTEMP#\hnc-spyware.log
    Parameter 3 : 3
    OS Type : 0
    ELSE
    Write Script Log Entry
    Parameter 1 : HNC-Spyware not present on client machine. Executing Install Script
    OS Type : 0
    Execute Script
    Parameter 1 : Install HNC-Spyware (NOTE: Script reference is NOT imported. Correct manually in script editor.
    Parameter 2 :
    Parameter 3 : 0
    OS Type : 0


    The other two scanning modes - quick and smart - can be made by changing the "/deep" parameter.

    I left all of our "custom" crap in there, i.e. where we install the product on the workstation. Make sure you change as needed.

    Now you owe me one beer! Smile

    - Josh

    Legacy Forum Name: Scripts Forum,
    Legacy Posted By Username: lowray1975
  • Oh - forgot something - when I was compressing the a2 software, I used the following command line parameters (including the "a"):

    a -t7z hnc-spyware.7z hnc-spyware\ -r


    Legacy Forum Name: Scripts Forum,
    Legacy Posted By Username: lowray1975
  • I'm having trouble with the 7zip install. It pops up and needs a user to hit next. I've been through the 7zip user files and it appears i've still missed the switch i'm looking for.

    Do you have 7zip installing without user interaction and is so would you care to share?

    Thanks in advance

    Legacy Forum Name: Scripts Forum,
    Legacy Posted By Username: iamnet
  • Sounds like you downloaded the installer rather than the command line tool ...

    Legacy Forum Name: Scripts Forum,
    Legacy Posted By Username: Lmhansen
  • Lmhansen
    Sounds like you downloaded the installer rather than the command line tool ...


    Exactly! Smile

    Legacy Forum Name: Scripts Forum,
    Legacy Posted By Username: lowray1975
  • That was it. Thanks guys. I appreciate the second set of minds keeping me sane.

    Legacy Forum Name: Scripts Forum,
    Legacy Posted By Username: iamnet
  • whitelist.txt
    The attached whitelist.txt will stop a2cmd.exe from taking out RealVNC. I also tested it against a K-VNC Vista install without issue. I pulled some of the content from other a2 forum content discussing the same VNC problem, and then adding some extra entries based on a2cmd.exe scan logs.

    Add whitelist.txt in the 7zip compressed file. Then add the following to the parameter for the a2cmd.exe scan.

    /wl=c:\program files\hnc guardian\hnc-spyware\whitelist.txt

    The line above stays consistent with the rest of the scripts as presented.

    If you have other boot drives then C: (ie terminal servers) then you might need to add duplicate entries to represent those drives in the whitelist.txt. I did not test the ability to use OS variables in the whitelist file.

    If you are going to use the scanner you might want to push the logs to your Kserver and review what is being taken out. It looks like other tools we use to automate scriptiing may be seen as spyware and taken out. a2cmd.exe took out a couple files in my auto-it directory as spyware tools.


    Vernon
    Creative Computing

    Legacy Forum Name: Scripts Forum,
    Legacy Posted By Username: vernon@midmich.net
  • FYI, a squared Free has updated licensing policies.

    Free version is for private use only.

    Legacy Forum Name: Scripts Forum,
    Legacy Posted By Username: nevesis
  • The command line version is fine to use.
    The free GUI version is not.

    Legacy Forum Name: Scripts Forum,
    Legacy Posted By Username: techsquad
  • Hmmmm...

    A 55MB upload seems harsh. If we DONT include the signature files, will then be re-downloaded from the client workstation when the /u switch is run on a2?

    Legacy Forum Name: Scripts Forum,
    Legacy Posted By Username: Interprom
  • True, but if you are managing 100's of computers do you really want to send 55Megs to each machine from your k-server or would you rather let each machine download it's own updates?

    LOL evil either way, but a2 is a nice proggy!

    Legacy Forum Name: Scripts Forum,
    Legacy Posted By Username: techsquad
  • I see you're just logging the scan results to a file.

    I'm having trouble seeing how to take action on the log file--such as a report of infected machines or triggering an alert.

    Has anyone figured out how to take action on the scan results?

    Legacy Forum Name: Scripts Forum,
    Legacy Posted By Username: jeffryer