Web Protection from malicious and phishing websites

This section describes common scenarios where you can use Kaspersky Scan Engine to check websites.

The instructions provided in this section assume that you have already installed Kaspersky Scan Engine.

Scanning URLs (HTTP mode)

To scan a URL with Kaspersky Scan Engine:

In the ServerSettings > Flags element of the kavhttpd.xml configuration file, specify the settings you want:
- KAV_SHT_ENGINE_KSN—For checking the reputation of websites by KSN.
- KAV_SHT_ENGINE_WMUF—For detecting malicious websites.
- KAV_SHT_ENGINE_APUF—For detecting phishing websites.
You can also specify settings by means of the GUI.
Start the kavhttpd service.
Send the URL that you want to check to the kavhttpd service.
For example, you can use the sample HTTP client %service_dir%/bin/kavhttp_client for this purpose, as follows:

./kavhttp_client -u http://example.com

Also you can send an HTTP POST request to the kavhttpd service.
Review the scan results.
You can block URLs for which the DETECTED result is returned.

Checking URLs that users request through proxy server (ICAP mode)

To check URLs that pass through a proxy server:

In the kavicapd.xml configuration file, specify the settings you want:
- In the SDKSettings > ScanningMode element, specify KAV_O_M_PHISHING for detecting phishing websites.
- In the KSNSettings > UseKSN element, specify 1 for checking the reputation of websites by KSN.
You can also specify settings by means of the GUI.
Configure your proxy server to work with Kaspersky Scan Engine. See section "Using Kaspersky Scan Engine in ICAP mode with Squid" for an example.
Create a response template if you want to display it instead of phishing web pages.
Create ICAP service rules for cases when Kaspersky Scan Engine returns PHISHING and DETECTED scan results.
You can do it either manually or by using the GUI.
Start the kavicapd service.

Kaspersky Scan Engine will automatically check URLs and process them according to the ICAP service rules.