How virus scanning with the ICAP server works

Solution

Overview

How virus scanning with the ICAP server works
You want to know how virus scanning with the ICAP server works

Cause
Resolution

The ProxySG uses content scanning policies to determine whether a client request or retrieved object should be sent to the ICAP server for scanning. Consider the following example:

  • A business wants to scan software downloaded by employees from popular shareware Web sites. To do this, the business defines a policy that includes a custom scan shareware action, which could includes URL domains related to the relevant shareware Web sites.

The ProxySG can use Request modification, in which it sends client requests to the ICAP server for scanning prior to retrieving the requested object, or it can use Response modification, in which it retrieves the requested object and then sends the object to the ICAP server for scanning.

The ICAP server can respond to the request by sending an HTTP response (ex. error message) or modifying the request/response (ex. stripping content).

 

For help writing policies for ICAP content scanning, please see the Configuration and Management Guide (CMG) for the version of SGOS that you are running.  The CMGs are located at https://bto.bluecoat.com/documentation/pubs/ProxySG .

If you are running SGOS 5.x, please see Volume 7: Managing Content; Chapter 3: Malicious Content Scanning Services; Section D: Creating ICAP Policy in the CMG.

If you are running SGOS 4.x, please see Chapter 11: External Services; Section A: ICAP; Creating ICAP Policy in the CMG.

Workaround
Additional Information
Bug Number
InQuira Doc IdKB1676
Attachment

Article Feedback

Did this Article solve your issue?
Additional Comments:
 
Previous MonthNext Month
SunMonTueWedThuFriSat