Setup Virus Scanner Module

The Virus Scanner module currently supports two antivirus providers: ClamAV and Kaspersky Scan Engine. See below for installation instructions.

ClamAV

1. Manual Install

1. Download ClamAV from the official website here.
2. Install ClamAV as a daemon with the command clamd --daemon. Please refer to the official documentation here.

2. Docker Image

Install ClamAV using Docker:

docker run -d --name clamav
-v /your/local/folder:/usr/local/share/clamav
-p 3310:3310 clamav/clamav

For the Path to ClamAV scanner service use tcp://127.0.0.1:3310 path in module configuration.

Kaspersky Scan Engine

Kaspersky Scan Engine can be installed in two modes: HTTP (API v3.0) and ICAP Mode. Please refer to the official documentation here.

Installation

1. Load the image to the local Docker registry:

• For HTTP mode:

  docker load -i kaspersky_scanengine_httpd.tar
  

• For ICAP mode:

  docker load -i kaspersky_scanengine_icapd.tar
  

2. Verify the image is available in Docker:

docker images

The displayed list must contain the following images:

• For HTTP mode:

  kaspersky/scanengine_httpd:%KSE_VERSION%
  

• For ICAP mode:

  kaspersky/scanengine_icapd:%KSE_VERSION%
  

In the above list, %KSE_VERSION% refers to the specific version of Kaspersky Scan Engine used in the Docker images. For example 2.0.0.1157.

3. Update the configuration file %CONFIGURATION_FILES_DIRECTORY%/klScanEngineUI.xml:

Uncomment the following lines:

<!-- For Docker integration -->
<!--
<SSLCertificatePath>../httpsrv/kl_scanengine_cert.pem</SSLCertificatePath>
<SSLPrivateKeyPath>../httpsrv/kl_scanengine_private.pem</SSLPrivateKeyPath>
-->

Set the mode:

• For HTTP mode: <Mode>httpd</Mode>
• For ICAP mode: <Mode>icap</Mode>

4. Run the Kaspersky Scan Engine Docker container as shown below:

• For HTTP mode:

  docker run -d -p 8080:8443 -p 8085:9998
  -v %CONFIGURATION_FILES_DIRECTORY%:/tmp/scanengine/mounted/configs
  -v %LICENSE_FILE_DIRECTORY%:/tmp/scanengine/mounted/lic
  -v %KEY_FILE_DIRECTORY%:/tmp/scanengine/mounted/key
  -v %LOGS_DIRECTORY%:/tmp/scanengine/mounted/logs
  -v %SYSLOGS_DIRECTORY%:/var/log/kaspersky
  --name KSE_HTTPD kaspersky/scanengine_httpd:%KSE_VERSION%
  

• For ICAP mode:

  docker run -d -p 8080:8443 -p 8086:1344
  -v %CONFIGURATION_FILES_DIRECTORY%:/tmp/scanengine/mounted/configs
  -v %LICENSE_FILE_DIRECTORY%:/tmp/scanengine/mounted/lic
  -v %KEY_FILE_DIRECTORY%:/tmp/scanengine/mounted/key
  -v %LOGS_DIRECTORY%:/tmp/scanengine/mounted/logs
  -v %SYSLOGS_DIRECTORY%:/var/log/kaspersky
  --name KSE_ICAPD kaspersky/scanengine_icapd:%KSE_VERSION%
  

In the command above:

• %CONFIGURATION_FILES_DIRECTORY% is the host directory that contains the configuration files.
• %LICENSE_FILE_DIRECTORY% is the host directory that contains the key file or activation code.
• %KEY_FILE_DIRECTORY% is the host directory that contains the kl_scanengine_db.key file. Remove this if you did not enable Kaspersky Scan Engine GUI.
• %LOGS_DIRECTORY% is the host directory for log files. Remove this if you did not enable logging to a mounted directory.
• %SYSLOGS_DIRECTORY% is the host directory for syslog files. Remove this if you did not enable Syslog logging to a mounted directory.
• %KSE_VERSION% is the version of Kaspersky Scan Engine used in Docker images. For example, 2.0.0.1157.

Ensure all users have write access to %LOGS_DIRECTORY% and %SYSLOGS_DIRECTORY%. This is required because the Kaspersky Scan Engine does not have root privileges within the container.

5. Configure the module:

• For HTTP mode:
  • URL: http://localhost:8085
• For ICAP mode:
  • Server: localhost
  • Port: 8086