Hypertext Transfer Protocol (HTTP) is the standard communication protocol in the client-server computer model. In HTTP mode, Kaspersky Scan Engine operates as a REST-like service that receives HTTP requests in JSON or plain text format from client applications. The service scans objects passed in these requests, and sends back HTTP responses with scan results in JSON or plain text format.
In addition, a sample HTTP client source code is shipped in the distribution package. This sample HTTP client demonstrates how to make requests to Kaspersky Scan Engine in HTTP mode. You can also use the compiled sample to scan files from the command line.
Connection types
Kaspersky Scan Engine supports two connection types:
For Linux systems only.
Scanning capabilities
Kaspersky Scan Engine supports the following scan modes:
scanfile
In this mode, the sample HTTP client passes file paths to Kaspersky Scan Engine, which reads the files and scans them.
scanmemory
In this mode, the sample HTTP client passes file contents to Kaspersky Scan Engine, which scans the contents. The maximum size of an object sent for scanning in scanmemory mode is limited by the system memory of the computer.
checkurl
In this mode, the sample HTTP client passes URLs to Kaspersky Scan Engine, which checks them for malicious and phishing addresses.
You can scan files and URLs by making HTTP requests via KAV protocols version 3 or KAV protocol versions 1 and 2.
API token authorization
Kaspersky Scan Engine supports API token authorization.
If API token authorization is enabled, HTTP clients must specify an API token in the request header when sending requests to Kaspersky Scan Engine. This request header field used for sending an API token has a custom name. The Kaspersky Scan Engine administrator can specify this name in the Authorization section of the Kaspersky Scan Engine GUI. The default name is Authorization
.
If you have enabled API token authorization and the kavhttpd service is not running, starting klScanEngineUI will also initiate the start of the kavhttpd service.
The usual procedure for creating and using an API token is as follows:
kavhttpd
service.To try API token authorization and understand how it works, you can use the HTTP client provided with Kaspersky Scan Engine: configure Kaspersky Scan Engine to authorize requests, create an API token, and then use the HTTP client to send a request containing the token. You can find the examples of such requests sent over the KAV protocol version 1 or 2 and version 3.
For security reasons, an HTTPS connection is required to send requests that need authorization.
Keep-Alive connections
By default, Kaspersky Scan Engine supports Keep-Alive connections, so it can process multiple objects one after another, by using the same connection.
To open a Keep-Alive connection, an HTTP client has to add the following header to the request:
Connection: Keep-Alive |
To close the connection, an HTTP client has to add the following header to the request:
Connection: close |