Manually upgrading Kaspersky Scan Engine 2.0 and later
April 24, 2024
ID 225714
To upgrade Kaspersky Scan Engine 2.0 and later manually:
- Make sure you have root (administrator) privileges.
- For Kaspersky Scan Engine 2.0. Stop Kaspersky Scan Engine:
- If you use Kaspersky Scan Engine in ICAP mode, run this command:
/etc/init.d/kavicapd stop
- If you use Kaspersky Scan Engine in HTTP mode, run this command:
/etc/init.d/kavhttpd stop
- If you use Kaspersky Scan Engine GUI, run this command:
/etc/init.d/klScanEngineUI stop
- If you use Kaspersky Scan Engine in ICAP mode, run this command:
- For Kaspersky Scan Engine 2.1 and later. Stop Kaspersky Scan Engine:
- If you used Kaspersky Scan Engine in ICAP mode, run this command:
service kavicapd stop
- If you used Kaspersky Scan Engine in HTTP mode, run this command:
service kavhttpd stop
- If you used Kaspersky Scan Engine GUI, run this command:
s
ervice klScanEngineUI stop
- If you used Kaspersky Scan Engine in ICAP mode, run this command:
- Create backup copies of the following data:
/opt/kaspersky/ScanEngine/etc/klScanEngineUI.xml
- If Kaspersky Scan Engine worked in ICAP mode:
/opt/kaspersky/ScanEngine/etc/kavicapd.xml
/opt/kaspersky/ScanEngine/icap_data
, if you configured ICAP rules inkavicapd_gui_rules.conf
- If Kaspersky Scan Engine worked in HTTP mode:
/opt/kaspersky/ScanEngine/etc/kavhttpd.xml
- If Kaspersky Scan Engine used TLS, you need to copy the private key and certificate generated for use in TLS connections. The location of these files is specified in the
TlsCertificateKeyFile
andTlsCertificateFile
elements of thekavhttpd.xml
configuration file.
- If you generated a certificate and a private key to use with the Kaspersky Scan Engine GUI, copy the certificate and the private key.
You can find information on the location of the certificate and private key in the
SSLCertificatePath
andSSLPrivateKeyPath
elements of theklScanEngineUI.xml
file. - The key file (if Kaspersky Scan Engine was activated in offline licensing mode) or the activation code (if Kaspersky Scan Engine was activated in online licensing mode).
You can find information on the location of the key file or activation code in the
LicensePath
element of thekavhttpd.xml
configuration file (if Kaspersky Scan Engine worked in HTTP mode) orkavicapd.xml
configuration file (if Kaspersky Scan Engine worked in ICAP mode).
- In the
/opt/kaspersky/ScanEngine
directory, uninstall Kaspersky Scan Engine withuninstall.
If you used the Kaspersky Scan Engine GUI and you want to continue using the
kavebase
database created earlier in PostgreSQL, you do not need to submit the deletion of data from this database. However, you need to upgrade the database with the following command:psql -d kavebase -a -f %tempdir%/samples/migrate.sql
The above command imports the contents of
%tempdir%/samples/migrate.sql
.%tempdir%
in this command is the directory that contains the unpacked Kaspersky Scan Engine distribution kit contents.Make sure that the user running the database queries has access to the directory containing
migrate.sql
and also has read access tomigrate.sql
itself.Do not use migrate.sql to upgrade the database used by Kaspersky Scan Engine version below 2.0.
You also need to specify the same username and password as used to connect to the previous version of the database. You can specify the username and password later, during the installation of Kaspersky Scan Engine.
If you forgot the username or password, use the psql utility.
- Remove files form the directory
/opt/kaspersky/ScanEngine/
or delete this directory. - Install the new version of Kaspersky Scan Engine with the installer.
- Stop Kaspersky Scan Engine:
- If you used Kaspersky Scan Engine in ICAP mode, run this command:
service kavicapd stop
- If you used Kaspersky Scan Engine in HTTP mode, run this command:
service kavhttpd stop
- If you used Kaspersky Scan Engine GUI, run this command:
s
ervice klScanEngineUI stop
- If you used Kaspersky Scan Engine in ICAP mode, run this command:
- Copy data that you backed up earlier:
- Copy
klScanEngineUI.xml
to/opt/kaspersky/ScanEngine/etc/
- If the previous version of Kaspersky Scan Engine worked in ICAP mode:
- Copy
kavicapd.xml
to/opt/kaspersky/ScanEngine/etc/
- Copy data from
icap_data
to/opt/kaspersky/ScanEngine/icap_data
, if you configured ICAP rules inkavicapd_gui_rules.conf
- Copy
- If the previous version of Kaspersky Scan Engine worked in HTTP mode, copy
kavhttpd.xml
to/opt/kaspersky/ScanEngine/etc/
- If you made copies of the private key and certificate to connect via TLS in HTTP mode, copy the private key and certificate to the directories, specified in the
TlsCertificateKeyFile
andTlsCertificateFile
elements of thekavhttpd.xml
configuration file.Make sure that only users with administrator rights have read access to the certificate and the private key.
- If you used Kaspersky Scan Engine GUI and you made copies of the certificate and the private key, place them in the locations that are specified in the
SSLCertificatePath
andSSLPrivateKeyPath
elements of theklScanEngineUI.xml
file, respectively.Make sure that only users with administrator rights have read access to the certificate and the private key.
- Make sure that the key file (if the previous version of Kaspersky Scan Engine was activated in offline licensing mode) or the activation code (if the previous version of Kaspersky Scan Engine was activated in online licensing mode) is located in the correct directory.
You can find information on the location of the key file or activation code in the
LicensePath
element of thekavhttpd.xml
configuration file (if Kaspersky Scan Engine worked in HTTP mode) orkavicapd.xml
configuration file (if Kaspersky Scan Engine worked in ICAP mode).
- Copy
- Run Kaspersky Scan Engine:
- To use Kaspersky Scan Engine in ICAP mode, run
service kavicapd start
- To use Kaspersky Scan Engine in HTTP mode, run
service kavhttpd start
- To use the Kaspersky Scan Engine GUI, run
service klScanEngineUI start
- To use Kaspersky Scan Engine in ICAP mode, run
- If you are using the Kaspersky Scan Engine GUI, clear your browser cache after the upgrade.
If you decided to use the same kavebase
database when installing the new version of Kaspersky Scan Engine, the password you specified in the previous version for Kaspersky Scan Engine GUI administrator remains valid, it is not reset to the default password.