JottiQ: Desktop program for batch scanning files with Jotti’s malware scan (an online scanner)

We all know about VirusTotal (or at least we all should know about VirusTotal). Jotti’s malware scan is a service similar to VirusTotal; it is a service that allows users to scan files with 18 different anti-virus/anti-malware scanner. Jotti’s malware scan works fairly similar to VirusTotal in the sense that users upload individual files, Jotti’s malware scan scans the file and displays the result. JottiQ is a program that extends the usability of Jotti’s malware scan.

Like VirusTotal, with Jotti’s malware scan users need to upload one file at a time. If anyone wants to scan more than one file at a time, they must manually upload each file one by file. JottiQ was created to make it easy for users to batch scan files with Jotti’s malware scan:

JottiQ has the ability to simultaneously scan two or three files, while the rest of the files users add are queued up and scanned in order. Once files are scanned, JottiQ displays the virus scan results right inside the program window…

…and gives users the option to open the scan results on Jotti’s malware scan’s web page:

The advantage of opening the web page, of course, is that users can link the scan results to other people.

Aside from scanning any files users add, JottiQ has the ability to automatically queue currently running processes:

After clicking the button shown in the above screenshot, currently running processes are added to the scan list automatically and sequentially scanned.

Furthermore

  • To make it easy to scan files, JottiQ has the ability to add an entry in the right-click context menu providing users quick access to JottiQ:

Having this right-click context menu enter is completely optional and users can remove it at anytime.

  • Via JottiQ settings users can control key options such as how many files to scan at the same time (one, two, or three) and adding/removing the previously mentioned context menu entry:

  • Jotti’s malware scan has a 20MB file size limit. JottiQ does not – cannot – circumvent this restriction.

To prevent overloading Jotti’s malware scan server, you may find JottiQ “throttling” uploads/scans. If this happens to you, there is no need to worry or panic; that just means you need to wait until Jotti’s malware scan servers are not so overloaded. You actually don’t even have to do anything except wait because JottiQ will automatically upload/scan “throttled” files using Jotti’s malware scan when the server allows for it. In fact once you add a file into JottiQ, you don’t need to worry about it; JottiQ makes sure all queued files are scanned… eventually.

Another way JottiQ prevents overloading Jotti’s malware scan servers is before it uploads a file to be scanned, it conducts a MD5 hash of the file and compares it to the MD5 hash of programs already scanned by Jotti’s malware scan. If the MD5 hashes match, that means the file has already been scanned using Jotti’s malware scan and instead of uploading and rescanning the file, the previous scan results are shown.

The following is a short 4 minute video – created by our friends at DonationCoder since JottiQ is part of their NANY 2011 event – demonstrating JottiQ in action:

To conclude, while JottiQ is in no way a replacement for your anti-malware security software, JottiQ is a very useful program. I hope such a program is created for VirusTotal. You can grab JottiQ From the following links:

Version reviewed: v1.0.2 Build 22338

Supported OS: Windows XP and higher

Requires .NET Framework 4.0 Client Profile and Microsoft Visual C++ 2010 Redistributable Package. If you don’t have any of these two installed, you will be prompted to download and install them during JottiQ’s installation.

Download size: 1.1 MB but .NET Framework 4.0 Client Profile and the C++ package are extra, if you don’t have them already

JottiQ homepage

[Direct download v1.0.2 - installer]

[Direct download v1.0.2 - portable .7z archive version]

Share this post

Comments

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

26 comments

  1. JW

    @noob: I am afraid I am completely uncertain what the problem might be. It does however seem to confirm it isn’t a problem with JottiQ but something more general with your settings. JottiQ uses whatever method the .NET framework uses to do its web-connections, which I presume ties in to Internet Explorer some way as I have had reports it properly picks up on proxies some people use. The updater is a seperate application developed by another DoCo member, and the fact that doesn’t work either only confirms something weird is going on on your computer.

    What was the error involving the java applet? If Java doesn’t work, does a normal client IRC application work? Or perhaps http://www.mibbit.com/ (which is an alternative webclient for IRC) works for you?

    Finally, if you use W7 or another Windows version with builtin troubleshoot abilities, it might be worth looking into running a troubleshooter for your network connections, and entering one of those links or websites you are having issues with.

    Edit: Seems a new post slipped in right before I posted. I am glad you got it to work, Dru! (Assuming you are indeed the same person, heh.) I hope you’ll enjoy JottiQ.

  2. Dru

    Well how about that. After another reboot seems like problems are a thing of the past… and JottiQ is a thing of beauty. I was very curious about a file I use, DisplayOff.exe, which my corporate a/v keeps removing. Though McAffee isn’t listed here, at least I see that some anti-malware solutions consider this simple program that blanks your monitor (I use it to save a bit of electricity) as quite nefarious.

    Don’t mean to ramble on in this thread, just wanted to close out that I got it to work (at least for now) and am quite happy with it (well done JW!!). Now to select a different firewall (was a bit unhappy with Comodo for other reasons… will look at Outpost, or MSE [which may motivate me to switch from Avast]).

    Cheers!

  3. noob

    I think I found the page to do the IRC chat; however, I get a java error with the applet. So I check my java and find there’s an update, but can’t update due to “internet connection settings”. On the web page it tells me to go to there’s no mention of that error or how to fix, but it does remind me I uninstalled Windows Defender the other day. I wonder if that has left my PC in a “weird” state??? I used Revo to uninstall.

    Can someone point me in the right direction to validate/fix? My Internet options are set thusly: Security – Internet= Medium-high, Privacy= Medium-high, LAN settings are all blank/all boxes unchecked. My Security Center settings are: Firewall= unmonitored (uninstalled Comodo; I had verified it wasn’t running by Process Hacker), Virus Protection= unmonitored (using Avast! v5 free, all shields running–I tested running JottiQ with avast disabled but still didn’t work).

  4. JW

    @OVL: I hope you got JottiQ from my website, and not some other unreputable place. I garantuee JottiQ is 100% crapware free – hell, I make a point to have it scan itself using Jotti before releasing just to be safe.

    If you did get it from my website, I am more inclined to think that maybe your pc isn’t fully patched and that a vulnerability was abused by some evildoers targeting Internet Explorer and/or Windows, or that the timing coincides strangely with something else you did.

    (I really dislike the pointing finger approach to finding the cubprit, but it is the only one I have available as any unaltered, official release of JottiQ is _definitely_ innocent in this.)

  5. noob

    @JW: Thank you JW. Another app was having trouble calling home so I rebooted. The other app calls home now just fine but JottiQ still has the same trouble. Thinking I’d see if I can check for updates at least I click the button in the About dialog to check for update and I get this message: “Update check: Could not download internet version file at http://whitehat.dcmembers.com/jottiq/versioninfo_installer.xml. The JottiQ web page will now be opened so that you can manually check for updates.” The following opens in my browser: http://www.donationcoder.com/forum/index.php?topic=24663.0.

    I’ve verified that I’m running 1.02 (build 22338). As far as I can tell all my other apps are accessing the internet just fine. I apologize I don’t understand Donation IRC channel and #Donation EFnet and read the thread at http://www.donationcoder.com/forum/index.php?topic=24663.0 and don’t think it’s a suitable place to work this out. Can you help? Sorry.

  6. OVL

    @ JM
    In my particular case JottiQ infected IE browser and my computer was restarting/rebooting itself every time I clicked on the IE desktop icon. I scanned the system with Avast, Immunet Protect, Malwarebytes, Iobit Security 360 – they found nothing. BUT McAfee Stinger10101243 has found two infected files in my browser and deleted them. After it I do not have the described problem. BTW, System Restore did not work because the virus was reemerging each time I rebooted PC.

  7. JW

    @noob: Noob, are you using v1.0.2? Version 1.0.1 and prior have been blocked out of necessity, and they indeed will always give that error you mention nowadays.

    Otherwise, if you are indeed running v1.0.2, I am sure it isn’t that you are blocked by the server. If this version were indeed blocked, there would be an additional message telling you that was the cause. (And it wouldn’t work for me either.)

    Is something in your environment per chance interfering with encrypted traffic? All files are transmitted over an encrypted connection for privacy reasons. In the past I have heard of firewalls being overeager even after they were turned off.

    In a future version, I’ll consider adding the error message that ends up happening if it cannot get the upload size – it might be of assistance in narrowing down issues like yours. However, I am wary of it confusing users as well, so I’ll give it a few minutes.

    Stop by the DonationCoder.com irc channel if you want a hand in figuring this out, slowchatting in comments is a bit uneffective in finding an issue and to boot… I don’t think I intend to keep checking these comments for weeks to come, and do not want to give other people the impression they can get my help here for problems with JottiQ. So, #donationcoder on EFnet is the place to go. :)

  8. noob

    This app is new to me. I’ve installed successfully on Win XP 32 Pro SP3. I right-click on a 17kb file (DisplayOff.exe), it requests maximum file size, then comes back with big heap o’ failure message saying “Unable to ascertain maximum uploading size. As such, scanning functionality will be unavailable.” I’ve done this repeatedly with the same results. I can’t find anything on Google with this message. What does this mean? Server busy? Something wrong on my end? I don’t have a firewall running (I cancelled Comodo just to be sure it’s not blocking the Jotti query).

  9. JW

    @OVL: As much as I want to believe you and find a solution, I cannot imagine at all that JottiQ causes anything like that.

    JottiQ only makes a few register modifications at the time you enable/disable the file context menu, and other than that there are no changes being made to the registry. The application itself has 0 ability to delete any files. All files it reads are opened Read-Only/Share.

    Your problem has to be something else. Maybe your hard drive has issues that are causing this?

  10. OVL

    I got a serious problem after JottiQ installation on my PC (Windows XP Home 32-bit SP3): this program was blocking the Internet Explorer 7 from opening (my 2nd browser Mozilla Firefox was working as usual). After clicking on IE icon, PC was shut off immediately and Windows XP restarted automatically. After this unexpected reboot, I clicked again on IE icon and it triggered another unexpected reboot and another and another. So I did a System Restore to the prior day and everything came back to normal with IE.

  11. JW

    @jumbi (and others who brought it up): Splitting files will pretty much invalidate your results to the point that any ‘clean results’ are nothing more than an incertainty. If you have the number 1 on your left, and the number 2 on your right, it says nothing individually. Only when you put them together does the true meaning become apparent. The same goes for viruses.

    Regarding the problem with ‘maximum supported filesize is 0 kb’… if you get that, then you probably canceled the one-time window that requests the maximum filesize from Jotti. If it cannot reach Jotti, or some other error happens, you will be informed and all files are errored out as the maximum filesize will be considered to be zero. Don’t click the [X] while it is getting the maximum supported upload size, and you should not have any problems.

    If you did all that correctly, and you still have a problem, I would be interested in knowing about the precise details. But do check whether you per chance downloaded v1.0.1 or prior, as those will always give 0kb because they have been blacklisted out of practical necessity.

    @J . L.: Nice catch. That sentence should be corrected a bit as it only adds the executables (no DLLs) of running processes. And to add insult to injury, .NET is far more selective about the stuff it seems to give than one might expect, given the report of it not queueing 64-bit processes. I already know it does not queue processes that aren’t mine either.

    The more I look at that last-minute feature, the more I dislike it. It distracts from the original purpose of JottiQ and to boot it is ending up to be the ‘buggiest’ feature yet.

  12. JW

    @J . L.: It can’t? Drats. I guess I’ll look into it some more when I get back into devving on it. Probably it is going to be a v1.1 feature, whenever that is gonna come out. :)

    I knew the list looked small on my PC, but it was never the main feature – I just added it because someone thought it might be useful and it was apparently ‘really easy’ to implement. ‘Nuff be said that it is as easy as everyone would like you to think to write, but even more be said if you take it with a grain of salt since the easy simple implementation rarely does what you want it to.

  13. jumbi

    @J . L.:
    ??? what do you mean “processes”?! its supposed to check files.

    @giovanni:
    since both these services do not support splitted files, there is no point to send them splitted. And of course to send just parts separately is not working (except that md5 checks cannot be pre-executed).

    Generally:
    Great article once again!
    Maybe not very useful to people who are already using virustotal desktop uploader but a very good add-on to our security shields :-)
    I am already wondering when I will use its batch file processing.

    1st problem that I noticed:
    it has the option to add the executables of the current processes but if you have many it directly reports it cannot continue due to usage limits (saying also that the limit 0 KB).
    Perhaps, there should not be that option at all.

  14. JW

    @Ashraf: Nope. I think my wording was somewhat ambiguous, so let me clarify. The key one gets to use for the VirusTotal api is tied to the account (so it would be attached to my account, were I to create some sort of VirusTotalQ). It is basically like a user/pass combination that is only good for 20 requests per 5 minutes, which is pretty small. I just now read that it is possible to request accounts with higher quotas so it isn’t necessarily a dealbreaker, but it still requires their permission. And there is of course the ‘does not hurt the AV companies’ term to agree to.

    One might argue, when a program like JottiQ becomes popular, that it might possibly hurt the business of anti-virus companies. That is (indirectly) also one of the reasons I try to avoid any misconception that JottiQ is a virusscanner – it is an investigative tool that does not clean or delete and only provides bulk support as a feature of convenience for people who need to check several files.

  15. Ashraf
    Author/Mr. Boss

    @JW: Honestly seeing as VirusTotal is already so popular and useful, they may not even care for such a program.

    That said, is it not possible to randomly generate public keys and cycle them if a limit is hit?

  16. JW

    @Ashraf: I considered it after people brought up VirusTotal when JottiQ was around its first released beta. I even considered merging JottiQ with such a program, but all in all, I am unsure how viable it is at this point. The reason I did this program is because I have used Jotti since 2004, and always loved it while so very few people knew of it, and I figured it might be a nice way to give a bit of a spotlight to an underrated service.

    At one point I checked out VirusTotal and I checked their API and terms and all that. Both of them seemed to be troublesome: the public API keys are set to a maximum number of scans per day or some other time period, which means ALL users would be bound to the same a global limit which I have no doubt a site with VirusTotal’s userbase would break immediately. While I never expected any assistance from Jotti’s owner, it ended up to be rather crucial for some matters (not in the least the fact v1.0.1 ended up basically DDOSing the scanning engine!). With VirusTotal, there already is an API but I see no proper way to allow the application to scale unless I get in touch with the VirusTotal people and arrange some sort of deal with them.

    Long story short: I might be open to the idea. But for now, if VirusTotal would like me to make such an application, I think I will put the ball in their court and have them contact me. I do not know their situation, userbase, the people behind the service; the one thing I do know is that JottiQ’s impact has been underestimated a fair bit and for VirusTotal probably would require a fair bit of consideration rather than haphazardly release such an application.

    And no, EICAR is very much detected by all, as that is the point. That, and I used EICAR.COM (non-compressed) non-stop for my own testing while I was working on JottiQ, and can thus say with even more certainty all scanners recognise it.

  17. Ashraf
    Author/Mr. Boss

    @JW: While I was watching the video, I thought the lack of detecting EICAR could also be for another reason: Some AVs are wising up and realizing EICAR is a harmless file, thus don’t detect it. However, it was just a thought because I am sure no one does that.

  18. Ashraf
    Author/Mr. Boss

    @JW: You are welcome! Ever consider writing a similar program for VirusTotal? I know Jotti’s author provided you with assistance on JottiQ, so I don’t know if VirusTotal owners will do the same or it if it possible to create a program for it without them, but having a “VirusTotalQ” program would be amazing.

    @giovanni: JottiQ adds the ability to queue up files to be scanned, whereas with VirusTotal you must do files one at a time. While I agree VirusTotal > Jotti’s malware scan, JottiQ is a brilliant program that adds features to Jotti’s malware scan that VirusTotal does not have.

  19. giovanni

    Size limit is the same as VirusTotal!!

    An effective way to bypass this bloody limit, so as to scan files bigger than 20 MB in size, may be to SPLIT them in several parts (smaller than 20 MB of course) using a good splitting SW.

    That being said….taking into account that both services have the same size limit (20 MB), what’s the main advantage of using JOTTYQ (only 18 AV ??) instead of VirusTotal (43 AV)??

    Can’t see any at the moment…LOL!

  20. JW

    Ashraf: Thank you for the review of JottiQ, I very much appreciate it! :)

    eq5150: Regarding the size limit – I doubt it will change personally. I would love it if it did, but I’d guess it is a matter of funding, capacity and likely some sort of arrangement with the AV companies as well. However, if/when the maximum size changes, JottiQ will immediately become able to process files of those larger sizes (save the obvious restarting of JottiQ as it only checks the maximum size a single time).

    Also, Ashraf is correct. Not all scanners can scan inside archives, although it might work for many of your use-cases. I recall the Donationcoder.com screencast (when I get to preview it anyhow, they might have redone it) showing how putting EICAR.COM in an archive would not be spotted by two anti-virusscanners. As EICAR.COM is the most basic benchmark of anti-virusscanners, you can probably assume at least two scanners do not support scanning inside of archives.

  21. eq5150

    You mentioned “Jotti’s malware scan has a 20MB file size limit. JottiQ does not – cannot – circumvent this restriction.” which is true with virustotal as well but you can compress files with WinRar or as you wrote a few days ago, great compression with 7-Zip. You can get it to scan files much larger than 20MB if you compress it to 20MB or less. I’ve done it with WinRar in ‘Best Compression Mode’ and successfully scanned files that are actually over 20MB.

    I do hope they increase the size limit soon.