Manually upgrading Kaspersky Scan Engine 2.0 and later

Support

Support for business applications

Kaspersky Scan Engine

Upgrading Kaspersky Scan Engine on Linux

Manual upgrade (Linux)

Manually upgrading Kaspersky Scan Engine 2.0 and later

March 5, 2024

ID 225714

To upgrade Kaspersky Scan Engine 2.0 and later manually:

Make sure you have root (administrator) privileges.
For Kaspersky Scan Engine 2.0. Stop Kaspersky Scan Engine:
- If you use Kaspersky Scan Engine in ICAP mode, run this command:
  /etc/init.d/kavicapd stop
- If you use Kaspersky Scan Engine in HTTP mode, run this command:
  /etc/init.d/kavhttpd stop
- If you use Kaspersky Scan Engine GUI, run this command:
  /etc/init.d/klScanEngineUI stop
For Kaspersky Scan Engine 2.1 and later. Stop Kaspersky Scan Engine:
- If you used Kaspersky Scan Engine in ICAP mode, run this command:
  service kavicapd stop
- If you used Kaspersky Scan Engine in HTTP mode, run this command:
  service kavhttpd stop
- If you used Kaspersky Scan Engine GUI, run this command:
  service klScanEngineUI stop
Create backup copies of the following data:
- /opt/kaspersky/ScanEngine/etc/klScanEngineUI.xml
- If Kaspersky Scan Engine worked in ICAP mode:
  - /opt/kaspersky/ScanEngine/etc/kavicapd.xml
  - /opt/kaspersky/ScanEngine/icap_data, if you configured ICAP rules in kavicapd_gui_rules.conf
- If Kaspersky Scan Engine worked in HTTP mode:
  - /opt/kaspersky/ScanEngine/etc/kavhttpd.xml
  - If Kaspersky Scan Engine used TLS, you need to copy the private key and certificate generated for use in TLS connections. The location of these files is specified in the TlsCertificateKeyFile and TlsCertificateFile elements of the kavhttpd.xml configuration file.
- If you generated a certificate and a private key to use with the Kaspersky Scan Engine GUI, copy the certificate and the private key.
  You can find information on the location of the certificate and private key in the SSLCertificatePath and SSLPrivateKeyPath elements of the klScanEngineUI.xml file.
- The key file (if Kaspersky Scan Engine was activated in offline licensing mode) or the activation code (if Kaspersky Scan Engine was activated in online licensing mode).
  You can find information on the location of the key file or activation code in the LicensePath element of the kavhttpd.xml configuration file (if Kaspersky Scan Engine worked in HTTP mode) or kavicapd.xml configuration file (if Kaspersky Scan Engine worked in ICAP mode).
In the /opt/kaspersky/ScanEngine directory, uninstall Kaspersky Scan Engine with uninstall.
If you used the Kaspersky Scan Engine GUI and you want to continue using the kavebase database created earlier in PostgreSQL, you do not need to submit the deletion of data from this database. However, you need to upgrade the database with the following command:

psql -d kavebase -a -f %tempdir%/samples/migrate.sql

The above command imports the contents of %tempdir%/samples/migrate.sql.

%tempdir% in this command is the directory that contains the unpacked Kaspersky Scan Engine distribution kit contents.

Make sure that the user running the database queries has access to the directory containing migrate.sql and also has read access to migrate.sql itself.

Do not use migrate.sql to upgrade the database used by Kaspersky Scan Engine version below 2.0.

You also need to specify the same username and password as used to connect to the previous version of the database. You can specify the username and password later, during the installation of Kaspersky Scan Engine.

If you forgot the username or password, use the psql utility.

If you forgot the username or password used to connect to the database, use the psql utility to get the username or to change the password.

To see the database username, run the following command:

postgres=# \l kavebase

The psql utility displays information about the database name and its owner (username):

List of databases

-[ RECORD 1 ]-----+--------------------------

Name | kavebase

Owner | scanengine

If you forgot the password, you need to change it with the following command:

alter user %USERNAME% with password '%PASSWORD%';

Here, %PASSWORD% is the new password for the %USERNAME% user.
Remove files form the directory /opt/kaspersky/ScanEngine/ or delete this directory.
Install the new version of Kaspersky Scan Engine with the installer.
Stop Kaspersky Scan Engine:
- If you used Kaspersky Scan Engine in ICAP mode, run this command:
  service kavicapd stop
- If you used Kaspersky Scan Engine in HTTP mode, run this command:
  service kavhttpd stop
- If you used Kaspersky Scan Engine GUI, run this command:
  service klScanEngineUI stop
Copy data that you backed up earlier:
- Copy klScanEngineUI.xml to /opt/kaspersky/ScanEngine/etc/
- If the previous version of Kaspersky Scan Engine worked in ICAP mode:
  - Copy kavicapd.xml to /opt/kaspersky/ScanEngine/etc/
  - Copy data from icap_data to /opt/kaspersky/ScanEngine/icap_data, if you configured ICAP rules in kavicapd_gui_rules.conf
- If the previous version of Kaspersky Scan Engine worked in HTTP mode, copy kavhttpd.xml to /opt/kaspersky/ScanEngine/etc/
- If you made copies of the private key and certificate to connect via TLS in HTTP mode, copy the private key and certificate to the directories, specified in the TlsCertificateKeyFile and TlsCertificateFile elements of the kavhttpd.xml configuration file.
  Make sure that only users with administrator rights have read access to the certificate and the private key.
- If you used Kaspersky Scan Engine GUI and you made copies of the certificate and the private key, place them in the locations that are specified in the SSLCertificatePath and SSLPrivateKeyPath elements of the klScanEngineUI.xml file, respectively.
  Make sure that only users with administrator rights have read access to the certificate and the private key.
- Make sure that the key file (if the previous version of Kaspersky Scan Engine was activated in offline licensing mode) or the activation code (if the previous version of Kaspersky Scan Engine was activated in online licensing mode) is located in the correct directory.
  You can find information on the location of the key file or activation code in the LicensePath element of the kavhttpd.xml configuration file (if Kaspersky Scan Engine worked in HTTP mode) or kavicapd.xml configuration file (if Kaspersky Scan Engine worked in ICAP mode).
Run Kaspersky Scan Engine:
- To use Kaspersky Scan Engine in ICAP mode, run service kavicapd start
- To use Kaspersky Scan Engine in HTTP mode, run service kavhttpd start
- To use the Kaspersky Scan Engine GUI, run service klScanEngineUI start
If you are using the Kaspersky Scan Engine GUI, clear your browser cache after the upgrade.

If you decided to use the same kavebase database when installing the new version of Kaspersky Scan Engine, the password you specified in the previous version for Kaspersky Scan Engine GUI administrator remains valid, it is not reset to the default password.

Kaspersky Professional Services

Implementation services. Health check and security system configuration. Contact us if you need expert help.

Kaspersky Premium Support (MSA): High‑priority incident processing

Telephone and web ticket support. Fast response, monitoring and health check. Submit a request and activate the contract (MSA).

Did you find this article helpful?

What can we do better?

Thank you for your feedback! You're helping us improve.