Help - Search - Members - Calendar
Full Version: a-squared Anti-Malware
The CD Forum > Bart's PE Builder > Plugins
koiron
Nov 4 2007, 12:52 AM
Introduction:
This is a plugin for the free a-squared Anti-Malware (a2) command line scanner.

Please note this is a first release, and may contain bugs. I welcome your feedback bounce.gif

Installation:
1) Add the plugin through PE-Builder.
2) Config the plugin through PE-Builder -- This will allow you to download Command Line Scanner (6 files) and any Signature updates (>270 files) to proper locations (total ~18mb).
3) Before closing the Config window, use the tool to edit the Default Scan settings to your preferences. You may also create additional scan profiles with this tool.
4) Make sure the plugin is enabled in PE-Builder.
5) Build and burn your CD!

Tips:
- The RunScanner plugin by Paraglider is required for a-squared to function correctly.
- You will need network support enabled to download signature updates in BartPE.
- The "Auto ..." start menu selections/command line parameters will use the Default Scan profile.
- You cannot use wildcards in location/exclusion/extension statements.
- When using a-squared_GUI.exe in BartPE to add location/exclusion/extension statements, the program will check if the drive/file/folder statement returns anything. If nothing is returned, you will be asked if you want to really add it to the list.
- Use the quarantine function at your own risk. a-squared's quarantine recovery is not the most efficient, and you are own your own to recover quarantined items.
- For whitelist help, this thread is probably your best resource for understanding how it works.
- If the Scan specific locations/files option is enabled, and no locations are listed, no locations/files will be scanned.

DOWNLOAD

Screenshots:

d4vr0s
Nov 4 2007, 08:00 AM
I've just taken a quick peek at this.
It looks like you've put a lot of work into it, very nice GUIs. smile.gif
koiron
Nov 4 2007, 12:40 PM
QUOTE (d4vr0s @ Nov 4 2007, 06:00 AM) *
I've just taken a quick peek at this.
It looks like you've put a lot of work into it, very nice GUIs. smile.gif

Thanks d4vr0s sorcerer.gif I was able to borrow some of the ideas from my sophos/spybot plugins, but had to rewrite and tweak a lot of it. Found a really obnoxious bug in autoit and the way listviews function too rolleyes.gif
jakeplazma
Nov 5 2007, 01:34 PM
QUOTE (koiron @ Nov 4 2007, 12:40 PM) *
QUOTE (d4vr0s @ Nov 4 2007, 06:00 AM) *
I've just taken a quick peek at this.
It looks like you've put a lot of work into it, very nice GUIs. smile.gif

Thanks d4vr0s sorcerer.gif I was able to borrow some of the ideas from my sophos/spybot plugins, but had to rewrite and tweak a lot of it. Found a really obnoxious bug in autoit and the way listviews function too rolleyes.gif


Howzit koiron! Long time no talk! Does this plugin have the same pitfalls as other PE based anti-spyware plugins? In other words, is thorough or does it still fail to pick up everything?

Keep up the good work! thumbsup.gif
koiron
Nov 5 2007, 02:59 PM
QUOTE (jakeplazma @ Nov 5 2007, 11:34 AM) *
Howzit koiron! Long time no talk! Does this plugin have the same pitfalls as other PE based anti-spyware plugins? In other words, is thorough or does it still fail to pick up everything?

Hey hey jake smile.gif I assume you're asking if the scanner would catch the same malware whether running it from Windows or BartPE. Just for you, I loaded one of my virtual machine snapshots up (Win XP original release, unpatched/no service pack) that was infected with crap from warez/crack websites. First a scan from Windows (log file). Then the same scan from BartPE (log file). I ran an anti-virus scan from PE for the heck of it while I had lunch(log file).

The log files are the same, so I can provide you reasonable assurance a-squared will catch the same stuff in both environments cool.gif
jakeplazma
Nov 5 2007, 05:14 PM
QUOTE (koiron @ Nov 5 2007, 02:59 PM) *
QUOTE (jakeplazma @ Nov 5 2007, 11:34 AM) *
Howzit koiron! Long time no talk! Does this plugin have the same pitfalls as other PE based anti-spyware plugins? In other words, is thorough or does it still fail to pick up everything?

Hey hey jake smile.gif I assume you're asking if the scanner would catch the same malware whether running it from Windows or BartPE. Just for you, I loaded one of my virtual machine snapshots up (Win XP original release, unpatched/no service pack) that was infected with crap from warez/crack websites. First a scan from Windows (log file). Then the same scan from BartPE (log file). I ran an anti-virus scan from PE for the heck of it while I had lunch(log file).

The log files are the same, so I can provide you reasonable assurance a-squared will catch the same stuff in both environments cool.gif


Yeah, that's exactly what I was referring to. This is suuweeet news! As always, excellent work my friend! clap.gif
hoest
Nov 17 2007, 06:18 AM
Hey Koiron

This one is great, thank you smile.gif

- Hoest
Marc14
Nov 25 2007, 03:03 PM
Only scans the RAM drive. what am I doing wrong?

I selected the C drive and it still only does the RAM drive.
koiron
Nov 25 2007, 04:51 PM
QUOTE (Marc14 @ Nov 25 2007, 01:03 PM) *
Only scans the RAM drive. what am I doing wrong?

I selected the C drive and it still only does the RAM drive.

Hi Marc14, can you please post the log file a-squared creates after scans are completed?
koiron
Nov 25 2007, 06:02 PM
On a side note... a-squared ends up closing itself without any errors if there's not enough RAM available for it to scan. The only way I found this out was changing my RAMDisk from 32MB to 96MB on a box with 256MB of RAM. I opened a thread about it on Emisoft's forum.
ireneuszp
Nov 25 2007, 07:49 PM
fix this entry
CODE
[Software.Addreg]
; Shortcut(s) for SophosAV
0x2, "Sherpya\XPEinit\Programs", "a-squared Anti-Malware\a-squared GUI", "%SystemDrive%\Programs\a-squared\a-squared_GUI.exe"
0x2, "Sherpya\XPEinit\Programs", "a-squared Anti-Malware\Auto Scan for Malware", "%SystemDrive%\Programs\a-squared\a-squared_GUI.exe|-autoscan|%SystemDrive%\Programs\a-squared\a-squared_GUI.exe"
0x2, "Sherpya\XPEinit\Programs", "a-squared Anti-Malware\Auto Update Signatures", "%SystemDrive%\Programs\a-squared\a-squared_GUI.exe|-autoupdate|%SystemDrive%\Programs\a-squared\a-squared_GUI.exe"
0x2, "Sherpya\XPEinit\Programs", "a-squared Anti-Malware\Auto Update and Scan", "%SystemDrive%\Programs\a-squared\a-squared_GUI.exe|-autoupdatescan|%SystemDrive%\Programs\a-squared\a-squared_GUI.exe"
Marc14
Nov 25 2007, 11:34 PM
Small RAM Drive was the problem.

Thanks koiron and ireneuszp for the menu fixes.
koiron
Nov 25 2007, 11:58 PM
Thanks ireneuszp smile.gif I don't use XPE so I wing it when I make those shortcuts. The .inf in the download is now updated.
Ed_P
Jun 16 2010, 12:12 AM
I've been using this plugin for awhile now and appreciate it. But lately I've encountered a situation that I wonder if it can be changed.

I run the a-squared_CONFIG.exe utility in a cmd script with several other app updaters before I run PEBuilder. I run it with the -autoupdate option which in most cases works fine.

The sitation I've encountered is sometimes the Config window hits a Searching for Updates... Error! and the a-squared_CONFIG.exe utility still returns a zero errorlevel which means my BartPE build does not have the newest sig updates.

Can this situation be trapped by the a-squared_CONFIG.exe utility and a non-zero return code set?
skomp
Aug 27 2010, 09:44 AM
thanks again for thius plug in

i'm finding this to be a nice little tool and very useful!
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.
Invision Power Board © 2001-2013 Invision Power Services, Inc.