Kaspersky Scan Engine architecture
March 5, 2024
ID 184796
Kaspersky Scan Engine is an implementation of Kaspersky HTTP Daemon and Kaspersky ICAP Plug-in, which are parts of Kaspersky Anti-Virus SDK.
When Kaspersky Scan Engine is running as Kaspersky HTTP Daemon, it is working in HTTP mode. When Kaspersky Scan Engine is running as Kaspersky ICAP Plug-in, it is working in ICAP mode.
Following are descriptions of the modes:
- HTTP mode
In this mode, Kaspersky Scan Engine works as a REST-like service that receives HTTP requests from client applications, scans files and URLs passed in these requests, and sends back HTTP responses with scan results.
- ICAP mode
This mode is available only for Linux operating systems.
In this mode, Kaspersky Scan Engine works as an ICAP server that scans HTTP traffic that passes through a proxy server, scans URLs that are requested by users, and filters out web pages that contain malicious content.
Kaspersky Scan Engine consists of the following components:
- The service that processes client requests. The services are different in HTTP and ICAP modes.
- Kaspersky Scan Engine GUI
The user interface that the user can access over a browser. Its functionality is implemented in the klScanEngineUI executable file.
- Kaspersky Anti-Virus Engine
The executable file that scans objects passed to it.
Several instances of Kaspersky Scan Engine can be added into clusters. This simplifies configuration and further management of the instances.
