Syntax and options for the HTTP client

You can supply one or more options to the sample HTTP client.

Options

The following options are available in the sample HTTP client:

Options for running the sample HTTP client

Option

Description

-s

Specifies the address of Kaspersky Scan Engine or a path to the Unix socket. The connection string can be specified with or without quotation marks. If this option is not specified, the default /tmp/.kavhttpd Unix socket is used.

The UNIX sockets are supported only on Linux systems.

-t

Specifies the request processing timeout, in milliseconds.

-u

Specifies the URL to scan.

Only one URL can be specified at a time.

-i

Specifies the IP address (IPv4 or IPv6) of the host referred to by a URL. This option can only be used with -u.

Specifying an IP address increases the detection rate of Kaspersky Scan Engine.

-f

Enables the scanfile mode.

-c

Specifies the scan task context. If this option is specified, the request must have the X-KAV-ObjectURL header that contains the option value, without quotation marks.

--req

Specifies a path to a file with request headers that were gathered from the HTTP traffic for the scanned object.

--resp

Specifies a path to a file with response headers that were gathered from the HTTP traffic for the scanned object.

-b

Shows the release date of the anti-virus database. You can use this option to check whether kavhttpd is running. Can be used with options -s, -t, and -j.

-v

Shows the version of KAV SDK. You can use this option to check whether kavhttpd is running. Can be used with options -s, -t, and -j.

-l

Shows information about the current key file. You can use this option to check whether kavhttpd is running. Can be used with options -s, -t, and -j.

-h

Shows Help information.

-j

Makes an HTTP request in JSON format.

-d

Makes an HTTP request to launch the anti-virus database update. Can be used with options -s, -t, and -j.

-p

Shows the status of the database update process. Can be used with options -s, -t, and -j.

‑‑getstat

Gets the accumulated statistics. Can be used with options -s, -t, and -j.

‑‑clearstat

Clears the accumulated statistics. Can be used with options -s, -t, and -j.

-o

When making an HTTP request in JSON format, omits objects with the CLEAN scan result from the subObjectsScanResults array in the response message. Can only be used with option -j.

--cipher

Specifies a cipher suite which must be used for exchange with the kavhttpd service.

The following cipher suites are supported in TLS 1.2:

  • ECDHE-ECDSA-AES256-GCM-SHA384
  • ECDHE-ECDSA-AES256-SHA384
  • ECDHE-ECDSA-AES128-GCM-SHA256
  • ECDHE-ECDSA-AES128-SHA256
  • ECDHE-RSA-AES256-GCM-SHA384
  • ECDHE-RSA-AES256-SHA384
  • ECDHE-RSA-AES128-GCM-SHA256
  • ECDHE-RSA-AES128-SHA256
  • ECDHE-RSA-CHACHA20-POLY1305
  • DHE-RSA-AES256-GCM-SHA384
  • DHE-RSA-AES256-SHA256
  • DHE-RSA-AES128-SHA256
  • DHE-RSA-CHACHA20-POLY1305

The following cipher suites are supported in TLS 1.3:

  • TLS_AES_256_GCM_SHA384
  • TLS_CHACHA20_POLY1305_SHA256
  • TLS_AES_128_GCM_SHA256

By default, the following value is used: ECDHE-ECDSA-AES256-GCM-SHA384.

‑-check‑period

Checks if the validity period of a certificate conforms to the current date, based on time zone.

By default, checking is not performed.

‑-check‑subject

Checks if the subject name of a certificate (SubjectAltNames and Common Name fields) matches the domain name of the server.

--check‑chain

Checks a certificate by a certification path.

--ca-path

Specifies a full path to the directory where CA certificates are stored. A certificate from the specified directory is used to check the validity of a TLS certificate and its configuration.

In Linux, if this parameter is not specified, the HTTP client uses the following paths:

  • /etc/pki/tls/certs
  • /etc/ssl/certs

To use the --ca-path option, prepare the directory containing the certificates as described in Syntax examples.

--ca-cert

Specifies a full path to the directory where a CA bundle is stored. The bundle file is used to check the validity of a TLS certificate and its configuration.

In Linux, if this parameter is not specified, the HTTP client uses one of the following files (whichever is found first):

  • /etc/ssl/certs/ca-certificates.crt
  • /etc/pki/tls/certs/ca-bundle.crt
  • /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem
  • /etc/ssl/ca-bundle.pem

‑‑repeat‑timeout REPEAT_TIMEOUT

Specifies that scanning of objects will be repeated for at least REPEAT_TIMEOUT seconds.

If the argument is not specified, all of the objects will be scanned one time. Otherwise, scanning will be performed for at least the specified seconds.

--quiet

Suppresses scan results.That is, scan results are not displayed.

‑‑threads THREADS (=1)

Specifies the number of threads to scan files in parallel.

-m [ ‑‑measure ]

Measures and displays the following:

  • Scan time in the %H:%M:%S.%ms format
  • Accumulated scan statistics before and after scanning

--auth-field

Specifies the name of the request header field used for authentication.

If not specified, the default name Authorization is used.

--access-token

Specifies the value of an API token used for authentication.

Combine this option with --auth-field.

--add-bearer-prefix

Adds the Bearer prefix to the API token value specified in --access-token.

Combine this option with --access-token.

Connection type

Two connection types are supported by the sample HTTP client:

Timeout

The sample HTTP client uses the value specified in the -t option to determine the scan timeout, similarly to the X-KAV-Timeout header.

The default timeout value is 2000.

If 0 is specified in this option, the timeout is infinite.

Scan mode

The sample HTTP client supports two scan modes, which you can specify by using the -f option:

Scan task context

Kaspersky Scan Engine uses the scan task context to increase the detection rate. Using this option does not affect scanning performance.

It is recommended to use the scan task context in gateway integrations.

Use the following format for the context:

If the object is received by email, but the sender's email address is unknown, it is recommended to use [from:test@relay.example] as the scan task context.

The scan task context is applicable to file scanning only. If you specify the scan task context for a URL, it will be ignored.

Request and response headers

Specifying request and response headers that were gathered from HTTP traffic related to the scanned object improves the detection rate. It is recommended to use the request and response headers in gateway integrations.

Information messages

The -b, -v, and -l options can only be used together with the -s, -j, and -t options. If you use them with any other option, kavhttp_client returns an error.

You can use the -b, -v, and -l options to check whether kavhttpd is running.

Scanning files

You can specify one or more files to scan, separating them by a white space. Depending on the scan mode, the sample HTTP client then passes the paths to these files or their contents to Kaspersky Scan Engine.

Also, you can specify a directory where files are stored. All files that are located inside this directory and all its subdirectories will be scanned.

Use the following syntax to scan files in scanfile mode:

./kavhttp_client [-s <ip:port | unix-socket>] [-t <timeout>] [-c <context>] [--req <req_file>] [--resp <resp_file>] -f <file1> [<file2>...]

Use the following syntax to scan the contents of files in scanmemory mode:

./kavhttp_client [-s <ip:port | unix-socket>] [-t <timeout>] [-c <context>] [--req <req_file>] [--resp <resp_file>] <file1> [<file2>...]

Scanning URLs

You can specify a URL to scan. If the URL contains spaces or tabs, enclose the URL in quotation marks or make these characters percent-encoded. Similarly, if the URL contains quotation marks ("), make them percent-encoded.

Simultaneous scanning of multiple URLs is not supported. If you specify more than one URL, only the first one will be scanned.

Files cannot be scanned when the -u option is specified. The -u and -f options cannot be used together.

Use the following syntax to scan a URL:

./kavhttp_client [-s <IP:port | unix-socket>] [-t <timeout>] [-i <IP>] -u <URL>

Page top