Part 3. Verifying deployment

Deployment with Kaspersky Scan Engine GUI

To verify that Kaspersky Scan Engine was deployed correctly:

  1. Check that the contents of Kaspersky_ScanEngine_for_Docker-%Kaspersky_Scan_Engine_version%.tar.gz are unpacked to the /opt/kaspersky/ScanEngine directory.

    From here on, the /opt/kaspersky/ScanEngine directory is considered to be located on the local host. All checks and changes to configuration files are performed on the local host.

  2. Check that the following applies to your PostgreSQL installation:
    • The IP address that Kaspersky Scan Engine uses to connect to PostgreSQL is set in the listen_addresses element of conf configuration file.
    • The conf configuration file is changed so that PostgreSQL allows authentication from external IPs.
    • The scanengine user is created in PostgreSQL.
    • The password for the scanengine user is set.
    • The kavebase database is created in PostgreSQL.
    • The scanengine user is set as the owner of the kavebase database.
    • The /opt/kaspersky/ScanEngine/conf/tables.sql file is imported to PostgreSQL.
    • The PostgreSQL service is running.
  3. Make sure that the following is applicable to the /opt/kaspersky/ScanEngine/etc/klScanEngineUI.xml configuration file:
    • The Settings/EULA/Common element is set to accepted.
    • For HTTP mode:

      The Settings/ServerSettings/Mode element is set to httpd.

    • For ICAP mode:

      The Settings/ServerSettings/Mode element is set to icap.

    • The Settings/ServerSettings/EnableUI element is set to true.
    • IP address and port of the PostgreSQL database is specified in the Settings/DatabaseSettings/ConnectionString element.
  4. Check that a symbolic link to /opt/kaspersky/ScanEngine/etc/klScanEngineUI.xml exists in the /etc directory.
  5. Check that the httpsrv subdirectory is created in the /opt/kaspersky/ScanEngine/ directory.
  6. Check that the encryption key named kl_scanengine_db.key is created in the /opt/kaspersky/ScanEngine/httpsrv/ directory.
  7. Check that the scanengine database user and its password are encrypted with the kav_encrypt utility and written to the /opt/kaspersky/ScanEngine/etc/klScanEngineUI.xml configuration file.
  8. Check that the lic subdirectory is created in the /opt/kaspersky/ScanEngine/ directory.
  9. Check that the key file or activation code is copied to the /opt/kaspersky/ScanEngine/lic directory.
  10. If an activation code is used, check the following:
    • For HTTP mode:

      That the Configuration/DirectorySettings/LicensingMode is set to 2 in the /opt/kaspersky/ScanEngine/etc/kavhttpd.xml configuration file.

    • For ICAP mode:

      That the Configuration/SDKSettings/LicensingMode is set to 2 in the /opt/kaspersky/ScanEngine/etc/kavicapd.xml configuration file.

  11. Check that the KEY_FILE_DIRECTORY is set to /opt/kaspersky/ScanEngine/httpsrv/ in /opt/kaspersky/ScanEngine/tools/kse_docker_control.sh.
  12. The following files are readable for all users:
    • /opt/kaspersky/ScanEngine/etc/kavhttpd.xml
    • /opt/kaspersky/ScanEngine/etc/kavicapd.xml
    • /opt/kaspersky/ScanEngine/etc/klScanEngineUI.xml
    • /opt/kaspersky/ScanEngine/httpsrv/kl_scanengine_db.key
    • /opt/kaspersky/ScanEngine/lic/license
  13. Check that the Kaspersky Scan Engine Docker image is imported to Docker:

    docker load -i /opt/kaspersky/ScanEngine/images/kaspersky_scanengine.tar

Now you can launch Kaspersky Scan Engine by using the script /opt/kaspersky/ScanEngine/tools/kse_docker_control.sh:

HTTP mode

/opt/kaspersky/ScanEngine/tools/kse_docker_control.sh run_httpd

ICAP mode

/opt/kaspersky/ScanEngine/tools/kse_docker_control.sh run_icapd

Deployment without Kaspersky Scan Engine GUI

To verify that Kaspersky Scan Engine was deployed correctly:

  1. Check that the contents of Kaspersky_ScanEngine_for_Docker-%Kaspersky_Scan_Engine_version%.tar.gz are unpacked to the /opt/kaspersky/ScanEngine directory.
  2. Make sure that the following is applicable to the /opt/kaspersky/ScanEngine/etc/klScanEngineUI.xml configuration file:
    • The Settings/EULA/Common element is set to accepted.
    • For HTTP mode:

      The Settings/ServerSettings/Mode element is set to httpd.

    • For ICAP mode:

      The Settings/ServerSettings/Mode element is set to icap.

  3. Check that the lic subdirectory is created in the /opt/kaspersky/ScanEngine directory.
  4. Check that the file key or activation code (the file named license) is copied to the /opt/kaspersky/ScanEngine/lic directory.
  5. If an activation code is used, check the following:
    • For HTTP mode:

      That the Configuration/DirectorySettings/LicensingMode is set to 2 in the /opt/kaspersky/ScanEngine/etc/kavhttpd.xml configuration file.

    • For ICAP mode:

      That the Configuration/SDKSettings/LicensingMode is set to 2 in the /opt/kaspersky/ScanEngine/etc/kavicapd.xml configuration file.

  6. The following configuration files and the key file or activation code are readable for all users:
    • /opt/kaspersky/ScanEngine/etc/kavhttpd.xml
    • /opt/kaspersky/ScanEngine/etc/kavicapd.xml
    • /opt/kaspersky/ScanEngine/etc/klScanEngineUI.xml
    • /opt/kaspersky/ScanEngine/lic/license
  7. Check that the Kaspersky Scan Engine Docker image is imported to Docker:

    docker load -i /opt/kaspersky/ScanEngine/images/kaspersky_scanengine.tar

Now you can launch Kaspersky Scan Engine by using the script /opt/kaspersky/ScanEngine/tools/kse_docker_control.sh:

HTTP mode

/opt/kaspersky/ScanEngine/tools/kse_docker_control.sh run_httpd

ICAP mode

/opt/kaspersky/ScanEngine/tools/kse_docker_control.sh run_icapd

Page top