Service settings

This section describes the Service section of the Settings page.

Several service settings for HTTP mode: Protocol, IP address and port, Keep-alive connection.

Service settings

If Kaspersky Scan Engine is initialized in HTTP mode, you can specify the following settings:

Protocol—Select HTTP, HTTPS, or a UNIX domain socket.
Address that Kaspersky Anti-Virus Engine listens on for incoming objects to check.
It can be either a UNIX socket, or an IP address and port.
Private key path—Path to the private key file for connection over HTTPS (TLS) protocol.
This can be either an absolute or a relative path. A relative path is calculated relative to the kavhttpd binary file.

You must specify this setting if the HTTPS protocol is selected.

When you configure this parameter, the following message may appear in the table with service events of the Kaspersky Scan Engine dashboard: "Your private key has a low security level. Please check the permissions for the file <path>." In this case, you must configure access to the private key file so that only the root user and the user account under which the service is running can have the read permission.
Certificate—Path to the certificate file for connection over HTTPS (TLS) protocol.
This can be either an absolute or a relative path. A relative path is calculated relative to the kavhttpd binary file.

You must specify this setting if the HTTPS protocol is selected.
Keep-alive connection—Indicates whether Keep-Alive must be used.
Connection timeout—The amount of time an idle connection has to be kept open (in milliseconds), waiting for a new request from an HTTP client.
The range of possible values is from 0 to 18000. If this parameter is set to 0, there is no time limit for the connection.
Maximum requests per connection—The maximum number of requests for one connection before the connection is closed.
The range of possible values is from 0 to 1000. If this parameter is set to 0, the number of requests for one connection is not limited.
Under Locations where remote scanning is allowed, you can specify paths to the locations where scanning is allowed when an HTTP client sends scan requests over a TCP socket from a remote computer. Scanning in other locations is prohibited. These paths are located in the file system of the computer with the Kaspersky Scan Engine server. Restricting the scan area prevents scanning the whole file system of the Kaspersky Scan Engine server by a command from the outside.
It is not recommended to use links as paths, due to security reasons. Use absolute paths instead.

Kaspersky Scan Engine does not add or remove objects in the directories specified in Locations where remote scanning is allowed. The HTTP client has to send objects to scan, then remove them after scanning.

Possible values:
- Absolute paths to a directory
  This value allows you to scan files that are located inside this directory and all its subdirectories.
  
  The directory must be located on the same computer as Kaspersky Scan Engine or on a remote hard disk mounted on that computer.
  
  The path must start from the root directory of the computer that Kaspersky Scan Engine is installed on.
  
  The kavhttpd service must have permissions to read files in the directory and its subdirectories.
- Absolute path to a file
  Allows you to scan the specified file.
  
  The file must be located on the same computer as Kaspersky Scan Engine or on a remote hard disk mounted on that computer.
  
  The path must start from the root directory of the computer that Kaspersky Scan Engine is installed on.
  
  The kavhttpd service must have permissions to read the file.
- / (forward slash)
  Allows you to scan all files.
Cross-origin resource sharing—Specifies the list of origins (IP addresses or host names with a protocol) to which access to the kavhttpd service must be provided.
Possible values:
- IP address or host name with a protocol
- *
  This value allows any origin to access the kavhttpd service.
- Empty value
This setting is stored in the CORS element of the HTTP mode configuration file.

In Windows, we recommend specifying the full path to a file. In particular, it is strongly recommended to specify the full paths to the certificate (Certificate) and the key file (Private key path).

If Kaspersky Scan Engine is initialized in ICAP mode, you can set the following settings:

Port number—Specifies the port that Kaspersky Scan Engine listens on for ICAP requests with contents to scan.
Send code 204—Specifies whether Kaspersky Anti-Virus Engine must send the 204 code.
Request mode address—The address that kavicapd uses to process requests in the request mode.
The default value is req.

Kaspersky Scan Engine includes the value from Request mode address in the URL, for example:

icap://icap-server.example.com:1344/req

Do not use the same value for Request mode address and Response mode address.
Response mode address—The address that kavicapd uses to process requests in the response mode.
The default value is resp.

Kaspersky Scan Engine includes the value from Response mode address in the URL, for example:

icap://icap-server.example.com:1344/resp
Keep-alive connection—Indicates whether Keep-Alive must be used.
Use Keep-alive unconditionally—Indicates whether Kaspersky Scan Engine always uses a Keep-Alive connection, even when ICAP clients do not request it.
Connection timeout—The amount of time an idle connection has to be kept open (in milliseconds), while waiting for a new request from an ICAP client.
The range of possible values is from 1 to 10000.
Maximum requests per connection—The maximum number of requests for one connection before the connection is closed.
The range of possible values is from 1 to 1000.
Partial mode—Allows scanning of files as a whole and partially sending them to a user before the scan is finished.
Possible settings for partial mode:
- Delay—Specifies the interval (in seconds) between the start of receiving an object and the start of sending its first part.
- Chunk size—Specifies the size of object chunks transferred in the period between the start of receiving an object and the end of scanning.
- Prevent re-downloading—Prevents a browser attempt to re-download a blocked file after the connection is broken.
- Maximum cache size—Maximum cache size for blocked URLs, in KB.
  This is the maximum amount of RAM that can be allocated for a blocked URL's cache.
  
  The range of possible values is from 1 to 100000.
  
  The preset value is 5000.
- Lifetime for blocked URLs—Lifetime for blocked URLs in the cache, in seconds.
  The range of possible values is from 1 to 604800 (one week).
  
  The preset value is 1800.
Additional headers:
- User name HTTP header—The name of the HTTP header in which the username of the HTTP client is passed to the ICAP service.
  The ICAP service will write this value to logs.
  
  The preset value is X-Client-Username.
- IP address HTTP header—The name of the HTTP header in which the IP address of the HTTP client is passed to the ICAP service.
  The ICAP service will write this value to logs.
  
  The preset value is X-Client-IP.
- Detected object name HTTP header—The name of the header field that contains the name of the detected threat.
  The ICAP service will write this value to logs.
  
  By default, the value of this setting is empty.
- Database version name HTTP header—The name of the header field that contains information about the anti-virus database version used by Kaspersky Scan Engine to scan objects.
- Send X-Include—Specifies whether Kaspersky Scan Engine includes the X-Include header in its response to the OPTIONS request from the ICAP client. To enable sending the X-Include header, select one or both of the following checkboxes:
  - Request user name HTTP header—The value specified in User name HTTP header. If User name HTTP header is empty, the Request user name HTTP header checkbox is disabled.
  - Request IP address HTTP header—The value specified in IP address HTTP header. If IP address HTTP header is empty, the Request IP address HTTP header checkbox is disabled.
  If none of these elements is selected, Kaspersky Scan Engine does not include the X-Include header to responses.
- Send X-Infection-Found header—Specifies whether Kaspersky Scan Engine includes the X-Infection-Found header in its response to the ICAP client.
  By default, Kaspersky Scan Engine does not include the X-Infection-Found header to responses.
- Send X-Violations-Found header—Specifies whether Kaspersky Scan Engine includes the X-Violations-Found header in its response to the ICAP client.
  By default, Kaspersky Scan Engine does not include the X-Violations-Found header to responses.
- Send X-Response-Info header—Specifies whether Kaspersky Scan Engine includes the X-Response-Info header in its response to the ICAP client.
  By default, Kaspersky Scan Engine does not include the X-Response-Info header to responses.
- Send X-Response-Desc header—Specifies whether Kaspersky Scan Engine includes the X-Response-Desc header in its response to the ICAP client.
  By default, Kaspersky Scan Engine does not include the X-Response-Desc header to responses.
Action on signal—An action that must be performed on receiving the SIGUSR1 and SIGUSR2 signals.
In the SIGUSR1 signal and SIGUSR2 signal drop-down lists, you can select the following actions for both signals:
- Update and reload the anti-virus database—Updates and reloads the database by using built-in functionality of Kaspersky Scan Engine.
- Reload the anti-virus database without updating—Reloads the database without updating it.
  It is assumed that the files in the database directory are already up to date and must be reloaded.
- Close log files in syslog format, then reopen them—Closes all log files in the syslog format that are being opened, then opens them again for writing logs at the end of these files.
  If the files are missing, the ICAP plug-in will create them. This setting allows rotating the logs by using the logrotate utility in default mode or when the create directive is used.

For either mode you can specify the following settings under Maximum values:

Sessions—Maximum number of sessions.
The default value is 10.

It is not recommended to specify a value greater than the number of TCP connections that your HTTP client can simultaneously maintain with Kaspersky Scan Engine.
Connections—Maximum number of active TCP connections that KAV HTTP can maintain simultaneously.
The default value is 100.
Threads—Maximum number of scanning threads. You can have up to 256 scanning threads.
The default value is 8.
Processes—Maximum number of scanning processes. You can have up to 256 scanning processes.
The default value is 4.

When you apply new service settings, Kaspersky Anti-Virus Engine restarts.

Page top