Support

Support for business applications

Kaspersky Scan Engine

Using Kaspersky Scan Engine in HTTP mode

Configuring Kaspersky Scan Engine in HTTP mode

HTTP mode configuration file

DirectorySettings

ScanningPaths
Kaspersky Scan Engine
Нет результатов
Knowledge Base Online Help
FAQ System requirements Forum Contact support Recovery tools Product videos

ScanningPaths

March 5, 2024

ID 201076

Contains paths to the locations where scanning is allowed when an HTTP client sends scan requests over a TCP socket from a remote computer. Scanning in other locations is prohibited. These paths are located in the file system of the computer with the Kaspersky Scan Engine server. Restricting the scan area prevents scanning the whole file system of the Kaspersky Scan Engine server by a command from the outside.

By default, Kaspersky Scan Engine scans objects in KAV_SKIP mode, which means that Kaspersky Scan Engine does not add or remove objects in the directories specified in ScanningPath. The HTTP client has to send objects to scan, then remove them after scanning.

If Kaspersky Scan Engine scans objects in KAV_DELETE, KAV_CLEAN_DELETE, or KAV_CLEAN_SKIP mode, sometimes the directory specified in ScanningPaths must have write access as root.

Path

DirectorySettings > ScanningPaths

Attributes

This element has no attributes.

Nested elements

This element is a container for the following nested elements:

  • ScanningPath

    Specifies a location where scanning over a TCP socket in scanfile mode is allowed.

    It is not recommended to use links as paths due to security reasons. Use absolute paths instead.

    Possible values:

    • Absolute paths to a directory

      Allows scanning files that are located inside this directory and all its subdirectories.

      The directory must be located on the same computer as Kaspersky Scan Engine or on a remote hard disk mounted on that computer.

      The path must start from the root directory of the computer that Kaspersky Scan Engine is installed on.

      The kavhttpd service must have permissions to read files in the directory and its subdirectories.

    • Absolute path to a file

      Allows scanning of the specified file.

      The file must be located on the same computer as Kaspersky Scan Engine or on a remote hard disk mounted on that computer.

      The path must start from the root directory of the computer that Kaspersky Scan Engine is installed on.

      The kavhttpd service must have permissions to read the file.

    • / (forward slash)

      Allows scanning of all files.

      For Linux systems only.

    Each path is specified inside its own <ScanningPath> element.

Example

The following is an example of this element.

<ScanningPaths>

<ScanningPath></ScanningPath>

</ScanningPaths>

Kaspersky Professional Services
Implementation services. Health check and security system configuration. Contact us if you need expert help.
Kaspersky Premium Support (MSA): High‑priority incident processing
Telephone and web ticket support. Fast response, monitoring and health check. Submit a request and activate the contract (MSA).
Did you find this article helpful?
What can we do better?
Thank you for your feedback! You're helping us improve.
Thank you for your feedback! You're helping us improve.