Upgrade in Docker

To upgrade the Kaspersky Scan Engine Docker image in Docker:

1. Unpack the following objects from the distribution kit containing the new version of Kaspersky Scan Engine:
   • Place the Kaspersky Scan Engine Docker image to images.
   • If Kaspersky Scan Engine connects to Kaspersky Security Network (KSN) and the anti-virus database through a proxy server, place the kav_encrypt utility to /opt/kaspersky/ScanEngine/tools.
   • If you use the Kaspersky Scan Engine GUI, place migrate.sql to /opt/kaspersky/ScanEngine/conf.
2. Add the new elements to the Kaspersky Scan Engine configuration files if you need those elements. The elements added in the new version of Kaspersky Scan Engine are described in Kaspersky Scan Engine online help.
3. Remove the running Kaspersky Scan Engine Docker containers. To remove containers with the kse_docker_control.sh script, run the following commands:

   ICAP mode

   ./kse_docker_control.sh remove_icapd

   HTTP mode

   ./kse_docker_control.sh remove_httpd

4. Import the new Docker image to Docker:

   ICAP mode

   docker load -i /opt/kaspersky/ScanEngine/images/kaspersky_scanengine_icap.tar

   HTTP mode

   docker load -i /opt/kaspersky/ScanEngine/images/kaspersky_scanengine_httpd.tar

5. If Kaspersky Scan Engine connects to Kaspersky Security Network (KSN) and the anti-virus database through a proxy server, encrypt the username and password for proxy authentication:
   1. Make sure the /opt/kaspersky/ScanEngine/httpsrv directory on the local host contains the kl_scanengine_db.key file. If this file does not exist, prepare it for use.

      You need an encryption key to encrypt data (usernames and passwords) with the kav_encrypt utility.

      To prepare an encryption key for use:

      1. Generate the encryption key as follows:

         openssl rand -out %service_dir%/httpsrv/kl_scanengine_db.key 512

      2. Make sure all users have read permissions to the kl_scanengine_db.key file.
      3. If you use the kse_docker_control.sh script to run containers, open kse_docker_control.sh for editing, and then specify the path to kl_scanengine_db.key in the KEY_FILE_DIRECTORY parameter.

         Example of the parameter:

         KEY_FILE_DIRECTORY=/opt/kaspersky/ScanEngine/httpsrv/

         If you do not use the kse_docker_control.sh script, you need to specify the parameter for mounting kl_scanengine_db.key to the /opt/kaspersky/ScanEngine/httpsrv directory inside the container each time you run the container.

         Example of the command:

         docker run -d -p 8080:8443 -p 8085:9998 -v %CONFIGURATION_FILES_DIRECTORY%:/tmp/scanengine/mounted/configs -v %LICENSE_FILE_DIRECTORY%:/tmp/scanengine/mounted/lic -v /opt/kaspersky/ScanEngine/httpsrv/:/tmp/scanengine/mounted/key --name ScanEngine kaspersky/scanengine:%KSE_VERSION%

   2. On the local host, run the following command:

      /opt/kaspersky/ScanEngine/tools/kav_encrypt -m %mode% -p %USERNAME%:%PASSWORD%

      Here, %USERNAME% and %PASSWORD% are the username and password used for proxy authentication.

6. If you use the Kaspersky Scan Engine GUI, update the kavebase database with the following command:

   psql -d kavebase -a -f /opt/kaspersky/ScanEngine/conf/migrate.sql

   The above command imports the contents of /opt/kaspersky/ScanEngine/conf/migrate.sql to PostgreSQL.

7. Remove the outdated Docker image:

   ICAP mode

   docker rmi kaspersky/scanengine_icapd:%VERSION%

   HTTP mode

   docker rmi kaspersky/scanengine_httpd:%VERSION%

   Here, %VERSION% is the previous version of Kaspersky Scan Engine.

8. Run a container from the new Kaspersky Scan Engine Docker image. To run containers with the kse_docker_control.sh script, use the following commands:

   ICAP mode

   ./kse_docker_control.sh run_icapd

   HTTP mode

   ./kse_docker_control.sh run_httpd

Page top