Example of a multipart HTTP request to scan a block of memory

To make multipart HTTP requests, use the KAV protocol version 2 by specifying it in the X-KAV-ProtocolVersion request header.

When making a multipart HTTP request, you can specify request and response headers that were gathered from HTTP traffic related to the object being scanned. This data improves the detection rate.

The body of a multipart HTTP request must contain no more than three parts. These parts contain the following data:

The following example shows a multipart HTTP request to scan a block of memory:

POST /scanmemory HTTP/1.0

Content-Length: 753

X-KAV-ProtocolVersion: 2

X-KAV-Timeout: 10

X-KAV-ObjectURL: http://example.com

Content-Type: multipart/mixed; boundary=gc0p4Jq0M2Yt08jU534c0p



Request headers

GET /files/test.exe HTTP/1.1

Host: source.example.com

Accept: application/octet-stream

Referer: http://malicious.example.com/

Host: source.example.com

Connection: Keep-Alive


Response headers

HTTP/1.1 200 OK

Content-Type: application/octet-stream

Content-Length: 21541

Date: Mon, 25 Sep 2017 11:01:54 GMT

Last-Modified: Fri, 28 Sep 2017 03:15:02 GMT


* Contents of the EICAR test file *


The following example shows the corresponding response:

HTTP/1.0 200 OK

Date: Fri, 28 Sep 2017 03:15:02 GMT


Content-Length: 64

Connection: close

Content-Type: text/plain

X-KAV-ProtocolVersion: 2



Page top