Syntax and options for the HTTP client

You can supply one or more options to the sample HTTP client.

Options

The following options are available in the sample HTTP client:

Options for running the sample HTTP client

Option	Description
`-s`	Specifies the address of Kaspersky Scan Engine or a path to the Unix socket. The connection string can be specified with or without quotation marks. If this option is not specified, the default `/tmp/.kavhttpd` Unix socket is used.
`-t`	Specifies the request processing timeout, in milliseconds.
`-u`	Specifies the URL to scan. Only one URL can be specified at a time.
`-i`	Specifies the IP address (IPv4 or IPv6) of the host referred to by a URL. This option can only be used with `-u`. Specifying an IP address increases the detection rate of Kaspersky Scan Engine.
`-f`	Enables the scanfile mode.
`-c`	Specifies the scan task context. If this option is specified, the request must have the `X-KAV-ObjectURL` header that contains the option value, without quotation marks.
`--req`	Specifies a path to a file with request headers that were gathered from the HTTP traffic for the scanned object.
`--resp`	Specifies a path to a file with response headers that were gathered from the HTTP traffic for the scanned object.
`-b`	Shows the release date of the anti-virus database. You can use this option to check whether `kavhttpd` is running. Can be used with options `-s`, `-t`, and `-j`.
`-v`	Shows the version of KAV SDK. You can use this option to check whether `kavhttpd` is running. Can be used with options `-s`, `-t`, and `-j`.
`-l`	Shows information about the current key file. You can use this option to check whether `kavhttpd` is running. Can be used with options `-s`, `-t`, and `-j`.
`-h`	Shows Help information.
`-j`	Makes an HTTP request in JSON format.
`-d`	Makes an HTTP request to launch the anti-virus database update. Can be used with options `-s`, `-t`, and `-j`.
`-p`	Shows the status of the database update process. Can be used with options `-s`, `-t`, and `-j`.
`‑‑getstat`	Gets the accumulated statistics. Can be used with options `-s`, `-t`, and `-j`.
`‑‑clearstat`	Clears the accumulated statistics. Can be used with options `-s`, `-t`, and `-j`.
`-o`	When making an HTTP request in JSON format, omits objects with the `CLEAN` scan result from the `subObjectsScanResults` array in the response message. Can only be used with option `-j`.
`--cipher`	Specifies a cipher suite which must be used for exchange with the kavhttpd service. The following cipher suites are supported in TLS 1.2: `ECDHE-ECDSA-AES256-GCM-SHA384` `ECDHE-ECDSA-AES256-SHA384` `ECDHE-ECDSA-AES128-GCM-SHA256` `ECDHE-ECDSA-AES128-SHA256` `ECDHE-RSA-AES256-GCM-SHA384` `ECDHE-RSA-AES256-SHA384` `ECDHE-RSA-AES128-GCM-SHA256` `ECDHE-RSA-AES128-SHA256` `ECDHE-RSA-CHACHA20-POLY1305` `DHE-RSA-AES256-GCM-SHA384` `DHE-RSA-AES256-SHA256` `DHE-RSA-AES128-SHA256` `DHE-RSA-CHACHA20-POLY1305` The following cipher suites are supported in TLS 1.3: `TLS_AES_256_GCM_SHA384` `TLS_CHACHA20_POLY1305_SHA256` `TLS_AES_128_GCM_SHA256` By default, the following value is used: `ECDHE-ECDSA-AES256-GCM-SHA384`.
`‑-check‑period`	Checks if the validity period of a certificate conforms to the current date, based on time zone. By default, checking is not performed.
`‑-check‑subject`	Checks if the subject name of a certificate (`SubjectAltNames` and `Common Name` fields) matches the domain name of the server.
`--check‑chain`	Checks a certificate by a certification path.
`--ca-path`	Specifies a full path to the directory where CA certificates are stored. A certificate from the specified directory is used to check the validity of a TLS certificate and its configuration. If this parameter is not specified, the HTTP client uses the following paths: `/etc/pki/tls/certs` `/etc/ssl/certs`
`--ca-cert`	Specifies a full path to the directory where a CA bundle is stored. The bundle file is used to check the validity of a TLS certificate and its configuration. If this parameter is not specified, the HTTP client uses one of the following files (whichever is found first): `/etc/ssl/certs/ca-certificates.crt` `/etc/pki/tls/certs/ca-bundle.crt` `/etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem` `/etc/ssl/ca-bundle.pem`
`‑‑repeat‑timeout REPEAT_TIMEOUT`	Specifies that scanning of objects will be repeated for at least `REPEAT_TIMEOUT` seconds. If the argument is not specified, all of the objects will be scanned one time. Otherwise, scanning will be performed for at least the specified seconds.
`--quiet`	Suppresses scan results.That is, scan results are not displayed.
`‑‑threads THREADS (=1)`	Specifies the number of threads to scan files in parallel.
`-m [ ‑‑measure ]`	Measures and displays the following: Scan time in the `%H:%M:%S.%` format Accumulated scan statistics before and after scanning

Connection type

Two connection types are supported by the sample HTTP client:

TCP connection
To use a TCP connection, specify an IP address in the -s option in the following format: "ip_addr:port".
UNIX socket connection
To use a UNIX socket connection, specify the path to the socket in the -s option.

This is the default option. The default socket file is /tmp/.kavhttpd.

Timeout

The sample HTTP client uses the value specified in the -t option to determine the scan timeout, similarly to the X-KAV-Timeout header.

The default timeout value is 2000.

If 0 is specified in this option, the timeout is infinite.

Scan mode

The sample HTTP client supports two scan modes, which you can specify by using the -f option:

scanfile mode (-f).
In this mode, the sample HTTP client passes file paths to Kaspersky Scan Engine, which reads and scans the files.

To send a scan request to a remote computer over a TCP socket, you must specify the paths to the files that you want to scan or the directories that contain these files. For more information, see "Scanning files over TCP socket in scanfile mode". You do not have to do that if the sample HTTP client and Kaspersky Scan Engine are located on the same computer.
scanmemory mode (default).
In this mode, the sample HTTP client passes the file contents to Kaspersky Scan Engine, which scans the contents.

Use only the KAV_SKIP cleaning mode with the scanmemory scan mode. Kaspersky Scan Engine cannot disinfect or delete files in the scanmemory mode.

Scan task context

Kaspersky Scan Engine uses the scan task context to increase the detection rate. Using this option does not affect scanning performance.

It is recommended to use the scan task context in gateway integrations.

Use the following format for the context:

If the object to scan is received from the Internet, specify the web address of the source, including the protocol.
Example: http://example.com

The supported protocols are HTTP, HTTPS, and FTP. If the source URL is unknown, it is recommended to use http://example.com as the scan task context.
If the object to scan is received by email, specify the sender's email address. Use the following format: [from:%sender_address%].
Example: [from:example@example.com]

If the object is received by email, but the sender's email address is unknown, it is recommended to use [from:test@relay.example] as the scan task context.

The scan task context is applicable to file scanning only. If you specify the scan task context for a URL, it will be ignored.

Request and response headers

Specifying request and response headers that were gathered from HTTP traffic related to the scanned object improves the detection rate. It is recommended to use the request and response headers in gateway integrations.

Information messages

The -b, -v, and -l options can only be used together with the -s, -j, and -t options. If you use them with any other option, kavhttp_client returns an error.

You can use the -b, -v, and -l options to check whether kavhttpd is running.

Scanning files

You can specify one or more files to scan, separating them by a white space. Depending on the scan mode, the sample HTTP client then passes the paths to these files or their contents to Kaspersky Scan Engine.

Also, you can specify a directory where files are stored. All files that are located inside this directory and all its subdirectories will be scanned.

Use the following syntax to scan files in scanfile mode:

./kavhttp_client [-s <ip:port | unix-socket>] [-t <timeout>] [-c <context>] [--req <req_file>] [--resp <resp_file>] -f <file1> [<file2>...]

Use the following syntax to scan the contents of files in scanmemory mode:

./kavhttp_client [-s <ip:port | unix-socket>] [-t <timeout>] [-c <context>] [--req <req_file>] [--resp <resp_file>] <file1> [<file2>...]

Scanning URLs

You can specify a URL to scan. If the URL contains spaces or tabs, enclose the URL in quotation marks or make these characters percent-encoded. Similarly, if the URL contains quotation marks ("), make them percent-encoded.

Simultaneous scanning of multiple URLs is not supported. If you specify more than one URL, only the first one will be scanned.

Files cannot be scanned when the -u option is specified. The -u and -f options cannot be used together.

Use the following syntax to scan a URL:

./kavhttp_client [-s <IP:port | unix-socket>] [-t <timeout>] [-i <IP>] -u <URL>

Page top