File and URL reputation checking in KSN

This section describes common scenarios where you can use Kaspersky Scan Engine together with Kaspersky Security Network (KSN) to check files and websites.

The instructions provided in this section assume that you have already installed Kaspersky Scan Engine.

Checking files and websites with reputation checking (HTTP mode)

To check files and websites by means of reputation checking:

  1. In the ServerSettings > Flags element of the kavhttpd.xml configuration file, specify the KAV_SHT_ENGINE_KSN setting.

    You can also use the Kaspersky Scan Engine GUI to turn on reputation checking.

  2. Start the kavhttpd service.
  3. Send URLs and files that you want to check to the kavhttpd service.

    For example, you can use the sample HTTP client %service_dir%/bin/kavhttp_client.

    Also, you can send HTTP POST requests to the kavhttpd service.

  4. Review the scan results.

    The scan results will depend on the reputation of the URLs and files.

Checking URLs that users request through proxy server (ICAP mode)

To check URLs that pass through a proxy server:

  1. In the KSNSettings > UseKSN element of the kavicapd.xml configuration file, specify 1 for checking the reputation of files and websites by KSN.

    You can also turn on reputation checking by using the Kaspersky Scan Engine GUI.

  2. Configure your proxy server to work with Kaspersky Scan Engine (see the example of using Kaspersky Scan Engine in ICAP mode with Squid).
  3. Create ICAP service rules for scan results returned by Kaspersky Scan Engine.

    You can create the rules either manually or by using the Kaspersky Scan Engine GUI.

  4. Start the kavicapd service.

Kaspersky Scan Engine will return the results of checking files and URLs on the basis of their reputation in KSN and will respond according to the ICAP service rules you have specified.

Page top