The ProxySG uses content scanning policies to determine whether a client request or retrieved object should be sent to the ICAP server for scanning. Consider the following example:
- A business wants to scan software downloaded by employees from popular shareware Web sites. To do this, the business defines a policy that includes a custom scan shareware action, which could includes URL domains related to the relevant shareware Web sites.
The ProxySG can use Request modification, in which it sends client requests to the ICAP server for scanning prior to retrieving the requested object, or it can use Response modification, in which it retrieves the requested object and then sends the object to the ICAP server for scanning.
The ICAP server can respond to the request by sending an HTTP response (ex. error message) or modifying the request/response (ex. stripping content).
For help writing policies for ICAP content scanning, please see the Configuration and Management Guide (CMG) for the version of SGOS that you are running. The CMGs are located at https://bto.bluecoat.com/documentation/pubs/ProxySG .
If you are running SGOS 5.x, please see Volume 7: Managing Content; Chapter 3: Malicious Content Scanning Services; Section D: Creating ICAP Policy in the CMG.
If you are running SGOS 4.x, please see Chapter 11: External Services; Section A: ICAP; Creating ICAP Policy in the CMG.