Kaspersky Scan Engine

HTTP mode configuration file

The HTTP mode configuration file (hereinafter, also configuration file) is an XML file that specifies general settings for Kaspersky Scan Engine.

HTTP mode configuration file (Linux)

The Kaspersky Scan Engine distribution kit for LInux contains a %distr_kit%/etc/kavhttpd.xml configuration file.

After installing Kaspersky Scan Engine, you can copy kavhttpd.xml to your preferred location:

• If you copy kavhttpd.xml to the /etc/ directory, Kaspersky Scan Engine automatically finds and parses this file.
• If you copy kavhttpd.xml to a different location, you must set the path to this location when you start Kaspersky Scan Engine:
  • If you want to use the init script to start Kaspersky Scan Engine, see section "Running Kaspersky Scan Engine in HTTP mode with init script"
  • If you want to use the systemd unit file to start Kaspersky Scan Engine, see section "Running Kaspersky Scan Engine in HTTP mode with systemd unit file"
  • If you want to start Kaspersky Scan Engine from the command line manually, see section "Running Kaspersky Scan Engine in HTTP mode manually"

HTTP mode configuration file (Windows)

The Kaspersky Scan Engine distribution kit for Windows contains a %distr_kit%\bin\kavhttpd.xml configuration file.

Parameters of the HTTP mode configuration file

Most elements of the configuration file have default values that are used when the element is absent. Elements that are present in the configuration file must not be empty, unless stated otherwise.

ServerSettings

The following parameters specify Kaspersky Scan Engine settings:

• MaxIncomingConnectionsNum—Specifies the maximum number of pending TCP connections to Kaspersky Scan Engine in HTTP mode. Extra connections may be dropped. This value must be an unsigned integer and cannot be 0.

  The default value is 100. For more information about MaxIncomingConnectionsNum, see section "Setting up the connection queue in HTTP mode".

• MaxHTTPSessionsNum—Specifies the maximum number of active TCP connections that Kaspersky Scan Engine can maintain simultaneously. This value must be an unsigned integer.

  The default value is 10. If you set MaxHTTPSessionsNum to 0, the default value is used. For more information about MaxHTTPSessionsNum, see section "Setting up the connection queue in HTTP mode".

• MaxTCPFileSize—Specifies the maximum allowed size (in bytes) of the headers and bodies of the HTTP messages that are passed to Kaspersky Scan Engine. This value must be an unsigned integer.

  It is recommended to specify at least 100 KB for the headers.

  The default value is 104857600 (100 MB). If you set MaxTCPFileSize to 0, the default value is used.

• ConnectionString—Specifies the IP address and the port for Kaspersky Scan Engine, or a path to the UNIX socket used by Kaspersky Scan Engine. This is a string value.

  ConnectionString—Mandatory parameter. The default value is /tmp/.kavhttpd in Linux and 127.0.0.1:9999 in Windows. You can specify an IP address and a port for a TCP connection in the following format: ip_addr:port.

• SessionTimeout—Specifies the timeout for processing the request and sending the response, in milliseconds (ms). This value must be an unsigned integer.

  The default value is 1000. If you set SessionTimeout to 0, the default value is used. For more information on setting the session timeout, see section "Setting the session timeout".

• Flags—Specifies the initialization options for Kaspersky Scan Engine. Initialization options are defined by a combination of flags separated by pipes (|).

  This is a string value.

  Possible values:

  • KAV_SHT_ENGINE_KLAV

    Enable KLAV anti-virus engine.

    If you set this flag, you do not have to specify the KAV_SHT_ENGINE_KLAVEMU flag. Enabling the KLAV Engine automatically turns on the KLAV emulator.

  • KAV_SHT_ENGINE_KLAVEMU

    Enable the advanced heuristic anti-virus engine (KLAV emulator). Add this flag if you want to use heuristics.

  • KAV_SHT_ENGINE_WMUF

    Enable detection of malicious websites.

  • KAV_SHT_ENGINE_APUF

    Use phishing protection.

  • KAV_SHT_ENGINE_KSN

    Use KSN to check the reputation of files and URLs.

    Before specifying the KAV_SHT_ENGINE_KSN flag, make sure that your key file allows you to use this functionality and that you accepted the terms of the EULA for KSN.

    Notice to users in the U.S.

    Updates functionality (including providing anti-virus signature updates and codebase updates), as well as KSN functionality will not be available in the software in the U.S. territory from 12:00 AM Eastern Daylight Time (EDT) on September 10, 2024 in accordance with the restrictive measures.

  • KAV_SHT_ENGINE_STATISTIC_MAIL

    Submit statistical information to KSN in Linux.

    Before specifying the KAV_SHT_ENGINE_STATISTIC_MAIL flag, make sure that your key file allows you to use this functionality.

  • KAV_SHT_ENGINE_STATISTIC

    Submit statistical information to KSN in Windows.

    Before specifying the KAV_SHT_ENGINE_STATISTIC flag, make sure that your key file allows you to use this functionality.

  Notice that by enabling the KAV_SHT_ENGINE_KSN, KAV_SHT_ENGINE_STATISTIC_MAIL, or KAV_SHT_ENGINE_STATISTIC flags, you agree to transfer data, described in the corresponding About data provision*.txt file to Kaspersky Lab. For more information about the procedure of data provisioning, see section "About data provisioning". For information about statistics that can be submitted to KSN, see section "Statistics submitted to KSN".

KSNSettings

The following parameters specify KSN settings:

• UrlCheckTimeoutMs—Specifies the maximum time that Kaspersky Scan Engine waits for a response from KSN when running reputation checks for URLs (in milliseconds). This value must be an unsigned integer and cannot be 0.

  The default value is 20000.

  Notice that this parameter only sets the timeout for reputation checks in KSN. This timeout does not include the time required for sending a scan request and receiving a reputation status from KSN.
  This timeout can be exceeded if KSN finds that the reputation status of the scanned file is Danger.

• ObjectCheckOnDemandTimeoutMs—Specifies the timeout for a response from KSN when running reputation checks for files (in milliseconds). This value must be an unsigned integer and cannot be 0.

  The default value is 10000.

  Notice that this parameter only sets the timeout for reputation checks in KSN. This timeout does not include time required for sending a scan request and receiving a reputation status from KSN.
  This timeout can be exceeded if KSN finds that the reputation status of the scanned file is Danger.

• CacheSizeKb—Specifies the maximum size of the KSN status cache (in kilobytes). This cache is used by Kaspersky Scan Engine to store scan results obtained from KSN.

  This value must be an unsigned integer. If the value of this parameter is 0, the KSN status cache is not used. The maximum value is 262143. The default value is 30720.

Notice to users in the U.S.

KAVScanningSettings

The following parameters specify scanning settings for KAV SDK, which is a part of Kaspersky Scan Engine:

• ScannersCount—Specifies the number of scanning processes. You can have up to 256 scanning processes. This value must be an unsigned integer and cannot be 0.

  The default value is 16.

• ThreadsCount—Specifies the maximum number of simultaneously running scanning threads. You can have up to 256 scanning threads. This value must be an unsigned integer and cannot be 0.

  The default value is is 16.

• QueueLen—Specifies the maximum length of the queue for scan tasks. This value must be an unsigned integer and cannot be 0.

  The default value is 1024.

• Flags—Specifies a scanning mode.

  A scanning mode is defined by a combination of flags separated by pipes (|). This is a string value.

  Possible values:

  • KAV_O_M_PACKED

    Scan compressed executable files.

  • KAV_O_M_ARCHIVED

    Scan archived files.

  • KAV_O_M_MAILBASES

    Scan email database files.

  • KAV_O_M_MAILPLAIN

    Scan email messages.

  • KAV_O_M_HEURISTIC_LEVEL_SHALLOW

Set the scanning level of the advanced heuristic code analyzer to shallow (the Low level in the graphical user interface).

• KAV_O_M_HEURISTIC_LEVEL_MEDIUM

  Set the scanning level of the advanced heuristic code analyzer to medium (the Medium level in the graphical user interface).

• KAV_O_M_HEURISTIC_LEVEL_DETAIL

  Set the scanning level of the advanced heuristic code analyzer to detailed (the High level in the graphical user interface).

• KAV_O_M_MSOFFICE_MACRO

  Notify the user if a Microsoft Office document file contains a macro.

This element can be empty. In this case, the value of 0 is used.

The default value is KAV_O_M_PACKED | KAV_O_M_ARCHIVED | KAV_O_M_MAILBASES | KAV_O_M_MAILPLAIN | KAV_O_M_HEURISTIC_LEVEL_DETAIL.

• Mode—Specifies a cleaning mode.

  This is a string value. This is a mandatory parameter.

  Possible values:

  • KAV_SKIP

    If malware is detected while scanning an object, Kaspersky Scan Engine will not try to disinfect or delete the object. The infected object will be skipped.

    Specify this value if you want to use scanmemory mode.

  • KAV_DELETE

    If malware is detected while scanning an object, Kaspersky Scan Engine will try to delete the object. If deletion is not possible, the infected object will be skipped.

  • KAV_CLEAN_DELETE

    If malware is detected while scanning an object, Kaspersky Scan Engine will try to disinfect the object. If the disinfection attempt fails, or disinfection is not possible for specific malware, the object will be deleted. If deletion is not possible, the infected object will be skipped.

  • KAV_CLEAN_SKIP

    If malware is detected while scanning an object, Kaspersky Scan Engine will try to disinfect the object. If the disinfection attempt fails, the infected object will be skipped.

  The default value is KAV_SKIP.

DirectorySettings

The following parameters specify directory settings for KAV SDK, which is a part of Kaspersky Scan Engine:

• BasesPath—Specifies a directory where the database is located. This is a string value.

  This is a mandatory parameter.

  Notice that in Windows systems you have to specify a full path to the directory where the database is located.

• TempPath—Specifies a directory where the files created at runtime are stored. The path must be absolute. This is a string value.

  This is a mandatory parameter.

  Do not delete any files from this directory.

• LicensePath—Specifies a directory where the application ID file, the licensing file, and the key file are stored. This is a string value.

  KAV SDK looks for these files in the following directories:

  • The directory that is specified in LicensePath.
  • The directory that contains the kavhttpd executable file.
  • The %service_dir%/ppl directory. For Linux systems only.

  This is a mandatory parameter.

• LicensingMode—Specifies the licensing mode used in Kaspersky Scan Engine.

  Possible values:

  • 1—Offline licensing mode
  • 2—Online licensing mode

  The default value is 1.

• ScanningPaths—Contains paths to the locations where scanning over TCP socket is allowed when a HTTP client sends scan requests from a remote computer. Specify these locations to prevent a remote HTTP client from accidentally scanning the whole filesystem on the computer where Kaspersky Scan Engine is installed.
  • ScanningPath—Specifies a location where scanning over TCP socket in scanfile mode is allowed.

    Possible values:

    • Absolute paths to a directory

      Allow to scan files that are located inside this directory and all its subdirectories.

      The directory must be located on the same computer as Kaspersky Scan Engine or on a remote hard disk mounted on that computer.

      The path must start from the root directory of the computer that Kaspersky Scan Engine is installed on.

      The kavhttpd service must have permissions to read files in the directory and its subdirectories.

    • Absolute path to a file

      Allow to scan the specified file.

      The file must be located on the same computer as Kaspersky Scan Engine or on a remote hard disk mounted on that computer.

      The path must start from the root directory of the computer that Kaspersky Scan Engine is installed on.

      The kavhttpd service must have permissions to read the file.

    • / (forward slash)

      Allow to scan all files.

      For Linux systems only.

  Each path is specified inside its own <ScanningPath> element.

UseHTTPProxy and HTTPProxy

The following parameters specify proxy server settings for KAV SDK, which is a part of Kaspersky Scan Engine. In the current version of KAV SDK, only the HTTP proxy type is supported.

• UseHTTPProxy—Specifies whether Kaspersky Scan Engine uses a proxy server when connecting to the Internet. This value can be set to 0 or 1.

  The default value is 0 (proxy server is not used). To enable using a proxy server, set this value to 1.

• HTTPProxy—Contains proxy settings.
  • url—Address of the proxy server. This is a string value.

    The value of this parameter can be an IPv4 address, an IPv6 address, or a domain name. Do not specify the protocol (http:// or https://) in this parameter.

    If UseHTTPProxy is set to 1, this parameter is mandatory.

  • port—Port of the proxy server. This value must be an unsigned integer and cannot be 0.

    The default value is 3128.

  • user—Encrypted user name for the proxy server authentication. The user name is encrypted by the kav_encrypt utility. This is a string value.

    If UseHTTPProxy is set to 1, this parameter is mandatory.

  • pass—Encrypted password for the proxy server authentication. The password is encrypted by the kav_encrypt utility. This is a string value.

    If UseHTTPProxy is set to 1, this parameter is mandatory.

UpdateSettings

The following parameters specify update settings for Kaspersky Scan Engine. For more information, see section "Configuring updating in HTTP mode".

• DisableBackup—Defines whether the database backup is disabled. This value can be set to 0 or 1.

  If this parameter is 1, database backup is disabled.

  The default value is 0.

• UpdatePeriodMinutes—Specifies automatic update interval (in minutes). This value must be an unsigned integer.

  The maximum value is 44640.

  If this parameter is 0, Kaspersky Scan Engine does not perform automatic updates.

  The default value is 0.

• UseOnlyCustomSources—Specify whether the default update sources are used. This value can be set to 0 or 1.

  If this parameter is 1, only the custom update sources are used.

  The default value is 0.

• UpdateSources—Contains custom update sources.
  • Source—Specifies a custom update source. This is a string value.

  Each update source is specified inside its own <Source> element. For an example of this, see section "Configuring updating in HTTP mode", subsection "Specifying custom database update sources".

FormatRecognizerSettings

The following parameters specify Format Recognizer settings.

• FormatsToSkipScanning—Specifies which file formats must not be scanned by Kaspersky Scan Engine in HTTP mode.

  To disable the format skipping functionality, remove the FormatRecognizerSettings section from the configuration file or leave the FormatsToSkipScanning list empty.

Structure of the configuration file

Following is an example of the HTTP mode configuration file.