[clamav-users] MS Windows Explorer Context Menu sendto (clamscan.exe) - how to keep cmd box open to view results?

Sun Jun 20 15:29:41 UTC 2021

Hi there,

Disclaimer: I don't generally use Windows, and my experience of it is
more or less limited to fixing problems that clients have had with it.
That said, they've had a lot of problems over the years, and I know a
lot more about it than most Windows users, but I don't by any means
consider myself a "Windows expert"...

On Sun, 20 Jun 2021, RW Jones via clamav-users wrote:

> BACKGROUND:
> MS Windows 7 SP1 x64 Pro and Home Premium.  Also intending MS Windows 10, Pro.

As I'm sure you know, Windows 7 reached its End Of Life 18 months ago.
You really shouldn't be using it any more, *especially* if you need to
ask questions like the questions you're asking here.

> I used ClamWin for a few years as adjunct to Windows Defender mainly to scan 
> one or two isolated downloads but also in case Defender got temporarily 
> munged.  But around February this year the signature updates stopped.

IMHO ClamWin sucks.  The version of ClamAV on which it is based was
stuck at 0.99 for years, even when ClamAV was at 0.103.  It appears
ClamWin was finally updated after version 0.103.2 was released, but it
was a fraud - it was version 0.103.1, hacked to claim it is 0.103.2.
See the archives of this list for more information:

https://marc.info/?l=clamav-users&m=162298199126248&w=2

In case it isn't clear, given the obviously unsatisfactory history I
wouldn't touch ClamWin with a ten foot pole.

> I decided I would try ClamAV's own official MS Windows port (no GUI) ...

Good plan.

> THE QUESTION:
> I don't want scan on access, just clamscan.exe to be invoked against 
> specified files via selecting them in Windows Explorer or similar e.g. 
> FreeCommander XE and then using Explorer context menu's sendto to direct them 
> to clamscan.exe.  This works, but the cmd box which opens does not stay open 
> / static after the last message is printed to screen by clamscan.exe.  User 
> may watch the output in real time and check if "OK" comes up against specific 
> files but I would prefer to do unattended momentarily especially if more than 
> a couple of files.
>
> Are there any settings to tweak somewhere to accomplish this?

I don't know about settings, but I'd guess you could do it easily with
a batch file.  For example the batch file would call clamscan and then
call something which pauses until a key is pressed.  You know the kind
of thing: "Press any key to continue."  Having said that there must be
better ways - please read on.

> I see there 
> are:
> freshclam.conf
> and
> clamd.conf
> but seemingly no *.conf for the executable clamscan.exe.

It's not the sort of thing that's appropriate for clamscan itself.

> (As for freshclam.exe I have created a Desktop icon to run it as 
> Administrator which works and one can monitor its progress in the cmd box 
> that opens, but again that closes on program termination - it's worked every 
> time over the last 3 months since installation so I have not explored the 
> logging capabilities, but ideally the cmd box should remain open until 
> dismissed by user).

It's more usual to run freshclam unattended, on a schedule, and get it
to send its output to a log somewhere so that you can view the log at
your leisure.  Once you have it working, it's rare to hit problems.

> I briefly investigated whether this is an MS Windows cmd box setting but I 
> can't find one offhand. There is cmd /k for MS Windows batch files but I'm 
> not using a batch file because it gets complicated if more than one file is 
> ot be selected and scanned (and seemingly parameters/arguments are limited to 
> nine: %1 to %9. In the 1990s days "DOS lets batch files examine up to nine 
> options typed after a batch file name at the DOS prompt.") I've assumed
> modern cmd likewise.

There's a --file-list option to clamscan which makes it very easy to
scan multiple files.  Just create a file containing the path list, one
path per line in the list.  The 'path' means include (for Windows, the
drive letter if necessary and) all the parent directories, for example

C:/Users/Downloads/dodgy\ file.exe

Caveat: I can't remember that last time I did this on Windows, so you
might need to experiment with the directory separator character '/'; I
*think* '/' will work, but Windows of course uses '\' and you may need
to use '\\' instead.  (The rest of the world uses a single backslash
as the 'escape' character to quote any 'special characters' used - and
the 'space' character is one of those, which is why I've quoted it in
my example filename with a space in it).

> How is this retention of open cmd box accomplished?  Is there a clamscan.conf 
> which can be created to achieve this?

As I said it isn't appropriate, but you might look here for example:

https://superuser.com/questions/306167/how-to-prevent-the-command-prompt-from-closing-after-execution

> I haven't yet looked into logging options but it would be inconvenient ...

Why don't you use the batch file idea, with the --log-file command
line option to clamscan, followed by running your favourite pager to
view the log file after the scan completes?  Then you won't have to
wait for anything, you can do something else while the scan runs, and
you won't need to worry about boxes closing because the pager will
hold it open until you quit it.

Alternatively start a terminal window (or whatever it's called in
Windows thesedays) and just type "clamscan filename".  That's what I'd
do, if forced (probably it would be at gunpoint) to use Windows.

> Or one for the developer list?

Nope.

One last thing.  Well, almost last.

My impression is that you're downloading dodgy things from the Internet
and using ClamAV to scan them for threats before using the dodgy things
on your Windows box.  This can only end in tears.  You need to be aware
that no virus scanner is 100% effective.  Over the years I've posted a
few estimates for ClamAV's success rate on this list.  The most recent:

https://marc.info/?l=clamav-users&m=162379914711853&w=2

Another disclaimer is needed here.  I only use ClamAV to scan mail, and
the characteristics of threats in the incoming mail here might be very
different from the characteristics of the threats in the dodgy things
that you're downloading.  So you can't really read a lot into the actual
numbers in that post but you *can* and *should* take away that *nothing*
can detect each and every threat.

-- 

73,
Ged.

> THIS E-MAIL AND ANY ATTACHED FILES ARE CONFIDENTIAL AND MAY BE LEGALLY
> PRIVILEGED. If you are ...

Utter rubbish. :)