Verifying detection capabilities in HTTP mode

This section explains how to verify that Kaspersky Scan Engine works correctly in HTTP mode.

Verifying that Kaspersky Scan Engine detects malicious files correctly

To verify that Kaspersky Scan Engine detects malicious file correctly:

  1. Run the kavhttpd service.
  2. Start your HTTP client.
  3. Scan the EICAR test file by using your HTTP client in scanfile mode.

    The following example shows how to do this with the sample HTTP client:

    ./kavhttp_client -f eicar.txt
  4. Verify that the EICAR test file is detected.

Verifying that Kaspersky Scan Engine detects malicious files in system memory correctly

To verify that Kaspersky Scan Engine detects malicious files in system memory correctly:

  1. Run the kavhttpd service.
  2. Start your HTTP client.
  3. Scan the content of the EICAR test file by using your HTTP client in scanmemory mode.

    The following example shows how to do this with the sample HTTP client:

    ./kavhttp_client eicar.txt
  4. Verify that the EICAR test file is detected.

Verifying that Kaspersky Scan Engine detects malicious and phishing URLs correctly

To verify that Kaspersky Scan Engine detects malicious and phising URLs correctly:

  1. Run the kavhttpd service.
  2. Start your HTTP client.
  3. To verify that Kaspersky Scan Engine detects malicious URLs correctly, scan http://bug.qainfo.ru/TesT/Wmuf_w by using your HTTP client.

    This URL is not malicious. Kaspersky Lab is using this URL to test the detection capabilities of anti-virus software.

    The following example shows how to do this with the sample HTTP client:

    ./kavhttp_client -u http://bug.qainfo.ru/TesT/Wmuf_w
  4. Verify that the URL is detected.
  5. To verify that Kaspersky Scan Engine detects phishing URLs correctly, scan http://bug.qainfo.ru/TesT/Aphish_w by using your HTTP client.

    This URL is not phishing. Kaspersky Lab is using this URL to test the detection capabilities of anti-virus software.

    The following example shows how to do this with the sample HTTP client:

    ./kavhttp_client -u http://bug.qainfo.ru/TesT/Aphish_w
  6. Verify that the URL is detected.

Verifying that File and URL Reputation Checking works correctly

To verify that File and URL Reputation Checking works correctly:

  1. Request the KSN test file from your technical account manager (TAM). This file is not malicious, and is only used to verify that File and URL reputation checking works properly.
  2. Make sure that the KAV_SHT_ENGINE_KSN flag is not specified in the Flags element of the HTTP mode configuration file.
  3. Run the kavhttpd service.
  4. Start your HTTP client.
  5. Scan the KSN test file by using your HTTP client in scanfile mode.
  6. Verify that the KSN test file is not detected.
  7. Specify the KAV_SHT_ENGINE_KSN flag in the Flags element of the HTTP mode configuration file.
  8. Restart the kavhttpd service.
  9. Rescan the KSN test file by using your HTTP client in scanfile mode.
  10. Verify that the KSN test file is detected.
Page top