Manual installation (Linux)

This section describes how to manually install Kaspersky Scan Engine on Linux systems.

To install Kaspersky Scan Engine manually:

1. Make sure that you have root (administrator) privileges.
2. Create the /opt/kaspersky/ScanEngine directory. This directory is called %service_dir% in this Help document.
3. Unpack the distribution kit contents to the %service_dir% directory on your system.
4. Read the End User License Agreement (EULA) for Kaspersky Scan Engine. The EULA is located at %service_dir%/doc/license.txt.

   If you agree to the terms of the EULA, proceed to the next step. If you decline the terms of the EULA, cancel the installation.

5. Open file %service_dir%/etc/klScanEngineUI.xml.
6. Accept the EULA. Change <Common>rejected</Common> to <Common>accepted</Common> in the klScanEngineUI.xml file.
7. If you want to use Kaspersky Security Network (KSN), read the EULA for KSN and the Privacy Policy. This EULA is also located at %service_dir%/doc/ksn_license.txt and contains the link to the Privacy Policy.

   If you agree to the terms of the EULA for KSN and the Privacy Policy, proceed to the next step. If you decline the terms of the EULA for KSN or the Privacy Policy, proceed to step 9.

8. Accept the EULA for KSN. Change <KSN>rejected</KSN> to <KSN>accepted</KSN> in klScanEngineUI.xml.
9. Save and close %service_dir%/etc/klScanEngineUI.xml.
10. Create a symbolic link to %service_dir%/etc/klScanEngineUI.xml from the /etc/ directory:

    ln -s %service_dir%/etc/klScanEngineUI.xml /etc/klScanEngineUI.xml

11. If you want to use Kaspersky Scan Engine GUI, read subsection "Enabling Kaspersky Scan Engine GUI" below.
12. Make a symbolic link to the proper Kaspersky Scan Engine configuration file from the /etc/ directory:
    • For HTTP mode, copy the %service_dir%/etc/kavhttpd.xml file to the /etc/ directory.
    • For ICAP mode, copy the %service_dir%/etc/kavicapd.xml file to the /etc/ directory.

    For example, in HTTP mode you have to run the following command:

    ln -s %service_dir%/etc/kavhttpd.xml /etc/kavhttpd.xml

13. Make a symbolic link to the proper Kaspersky Scan Engine init script from the /etc/init.d dirctory:
    • For HTTP mode, copy the %service_dir%/etc/init.d/kavhttpd file to the /etc/init.d directory.
    • For ICAP mode, copy the %service_dir%/etc/init.d/kavicapd file to the /etc/init.d directory.

    For example, in HTTP mode you have to run the following command:

    ln -s %service_dir%/etc/init.d/kavhttpd /etc/init.d/kavhttpd

14. If you want Kaspersky Scan Engine to start automatically on system bootup, do the following:
    1. Go to the /etc/init.d/ directory.
    2. Add the proper Kaspersky Scan Engine service to the system startup.
       • For HTTP mode, run the following command:
         • Red Hat-based distributions:

         chkconfig --add kavhttpd

         • Debian-based distributions:

         update-rc.d kavhttpd defaults

       • For ICAP mode, run the following command:
         • Red Hat-based distributions:

         chkconfig --add kavicapd

         • Debian-based distributions:

         update-rc.d kavicapd defaults

15. Go to the next step of your "Getting started" section:
    • For HTTP mode, see step 2 in section "Getting started with Kaspersky Scan Engine in HTTP mode".
    • For ICAP mode, see step 2 in section "Getting started with Kaspersky Scan Engine in ICAP mode".

Enabling Kaspersky Scan Engine GUI

To enable Kaspersky Scan Engine GUI:

1. Make sure that you have root (administrator) privileges.
2. Perform the actions described in section "Preparing to install Kaspersky Scan Engine GUI".
3. On the computer that has PostgreSQL installed, perform the actions listed below under a user that can create new users and databases. To perform these actions, you can use either the psql utility or pgAdmin.
   1. Create a new PostgreSQL user called scanengine:

      CREATE USER scanengine;

   2. Set the password for the scanengine user:

      ALTER USER scanengine WITH PASSWORD '%PASSWORD%';

   3. Using PostgreSQL, create a database called kavebase:

      CREATE DATABASE kavebase OWNER scanengine;

   4. In the kavebase database run the queries described in %service_dir%/samples/tables.sql.

      psql -d kavebase -a -f tables.sql

4. Open /etc/klScanEngineUI.xml.
5. In the <Mode> element, specify the mode that Kaspersky Scan Engine will work in:

   For HTTP mode:

   <Mode>httpd</Mode>

   For ICAP mode:

   <Mode>icap</Mode>

6. Change <EnableUI>false</EnableUI> to <EnableUI>true</EnableUI>.
7. In the <ConnectionString> element, specify the address of the Kaspersky Scan Engine GUI web service in %IP%:%port% format.

   For example:

   <ConnectionString>198.51.100.0:443</ConnectionString>

8. Specify the SSL certificate to install in the Kaspersky Scan Engine GUI web service.
   • If you already have an SSL certificate that you want to install in the Kaspersky Scan Engine GUI web service, specify the paths to your certificate and your private key:
     1. In the <SSLCertificatePath> element, specify the path to your SSL certificate.
     2. In the <SSLPrivateKeyPath> element, specify the path to your private key.
   • If you do not have an SSL certificate that you want to install in the Kaspersky Scan Engine GUI web service, generate a new one. Run the %service_dir%/tools/openssl utility as follows:

   /opt/kaspersky/ScanEngine/tools/openssl req -x509 -nodes -days 1825 -subj /C=RU/CN="%СonnectionString%" -newkey rsa:2048 -extensions EXT -config "/opt/kaspersky/ScanEngine/tools/openssl.cnf" -keyout "/opt/kaspersky/ScanEngine/httpsrv/kl_scanengine_private.pem" -out "/opt/kaspersky/ScanEngine/httpsrv/kl_scanengine_cert.pem"

   Here %СonnectionString% is the value that is specified in the <ConnectionString> element.

9. Encrypt the user name and password of the user that you specified in step 3. Kaspersky Scan Engine will use this user name and password to connect to the kavebase database.

   To encrypt the credentials, use the kav_encrypt utility. This utility also automatically writes the encrypted user name and password to klScanEngineUI.xml. The utility is located in the %service_dir%/tools/ directory.

   Run the kav_encrypt utility with the following options:

   -d '%USERNAME%:%PASSWORD%'

10. In the DatabaseSettings > ConnectionString element, specify the address of the kavebase database in format %IP%:%port%.
11. Save and close /etc/klScanEngineUI.xml.
12. Make a symbolic link to %service_dir%/etc/init.d/klScanEngineUI from /etc/init.d:

    ln -s %service_dir%/etc/init.d/klScanEngineUI /etc/init.d/klScanEngineUI

13. If you want Kaspersky Scan Engine to start automatically on system bootup, do the following:
    1. Go to the /etc/init.d/ directory.
    2. Add the Kaspersky Scan Engine GUI service to the system startup. Run the following command:
       • Red Hat-based distributions:

         chkconfig --add klScanEngineUI

       • Debian-based distributions:

         update-rc.d klScanEngineUI defaults

14. Start Kaspersky Scan Engine GUI:

    /etc/init.d/klScanEngineUI start

Page top