Scanning files over TCP socket in scanfile mode

You can send scan requests in both scanmemory mode and scanfile mode from the HTTP client on a remote computer to the computer on which the kavhttpd service runs.

In scanmemory mode, the content of the scanned object is sent in the HTTP request message and is scanned in the system memory of the computer that the kavhttpd service runs on.

In scanfile mode, the HTTP client sends to the kavhttpd service the path to the object that is located on the same computer as the kavhttpd service, or on a remote hard disk successfully mounted on that computer. The kavhttpd service reads the object from the hard disk and scans it.

However, when Kaspersky Scan Engine receives a scan request from a client on remote computer in scanfile mode, it scans only those files that are placed at locations specified in the <ScanningPath> elements of the HTTP mode configuration file. This restriction is necessary to prevent the HTTP client from accidentally scanning the whole file system from the remote computer.

To scan a file by using a TCP socket in scanfile mode:

1. In a <ScanningPath> element of the configuration file, specify the location of the file that you want to scan.

   Kaspersky Scan Engine does not add or remove objects in the directories specified by ScanningPath. The HTTP client has to send objects to scan, then remove them after scanning.

   The following example shows how to specify a directory that contains files to scan:

   <ScanningPaths> <ScanningPath>/mnt/to_scan/</ScanningPath> </ScanningPaths>

2. Connect to Kaspersky Scan Engine on a remote computer by using a TCP socket and scan the file in scanfile mode.

   The following example shows how to scan the eicar.txt file that is located in the /mnt/to_scan/ directory on the computer the kavhttpd service runs on:

   user@computer:/opt/kaspersky/ScanEngine/bin# ./kavhttp_client -f -s 192.0.2.42:9999 /mnt/to_scan/eicar.txt