Support

Support for business applications

Kaspersky Scan Engine

Using Kaspersky Scan Engine in ICAP mode

Getting accumulated statistics in ICAP mode
Kaspersky Scan Engine
Нет результатов
Knowledge Base Online Help
FAQ System requirements Forum Contact support Recovery tools Product videos

Getting accumulated statistics in ICAP mode

March 5, 2024

ID 182615

In ICAP mode, Kaspersky Scan Engine collects information about its usage and creates statistics from this data. These statistics are stored on your hard disk. You can view the statistics to monitor trends in the data requested from your network. For example, you can check if users in your network are trying to download a lot of malicious files.

To view accumulated statistics:

  1. Open the directory specified in the TempPath element of the configuration file.
  2. Find the report.json file and open it.

Following is an example of the report.json file.

{

"statistics": {

"total_requests": 3,

"infected_requests": 3,

"not_scanned_requests": 0,

"error_requests": 0,

"engine_errors": 1,

"processed_data": 204,

"infected_data": 0,

"processed_urls": 1,

"infected_urls": 1

}

}

where statistics is an object containing the following accumulated statistics:

  • total_requests—The total number of received requests in response modification (RESPMOD) mode and request modification (REQMOD) mode.
  • infected_requests—The number of requests for which Kaspersky Scan Engine returned a DETECT, PHISHING, or MACRO scan result.
  • not_scanned_requests—The number of valid scan requests that were not processed.

    Possible reasons:

    • The object is too big or too small.
    • The object is an encrypted archive.
    • Kaspersky Scan Engine is configured to skip objects of the format that the object belongs to.
  • error_requests—The number of incorrect ICAP requests that were received by Kaspersky Scan Engine.
  • engine_errors—The number of requests for which Kaspersky Scan Engine returned a FAILED scan result.
  • processed_data—The total amount of scanned data in bytes.

    This includes objects scanned in RESPMOD mode and objects in POST requests that were scanned in REQMOD mode.

  • infected_data—The amount of scanned data, in bytes, for which Kaspersky Scan Engine returned a DETECT, PHISHING, or MACRO scan result.

    This includes objects scanned in RESPMOD mode and objects in POST requests that were scanned in REQMOD mode.

  • processed_urls—The total number of checked URLs.
  • infected_urls—The number of URLs for which Kaspersky Scan Engine returned a DETECT or PHISHING scan result.

Resetting statistics

You can reset accumulated statistics at any time.

To reset accumulated statistics:

  1. Open the directory specified in the TempPath element of the configuration file.
  2. Find the report.json file and delete it.

The kavicapd service will create a new report.json file with all statistics set to 0.

Kaspersky Professional Services
Implementation services. Health check and security system configuration. Contact us if you need expert help.
Kaspersky Premium Support (MSA): High‑priority incident processing
Telephone and web ticket support. Fast response, monitoring and health check. Submit a request and activate the contract (MSA).
Did you find this article helpful?
What can we do better?
Thank you for your feedback! You're helping us improve.
Thank you for your feedback! You're helping us improve.