The ICAP settings page allows you to configure the ProxyAV to perform content scanning of HTTP content sent as an ICAP request by the Blue Coat ProxySG appliance (serving as the ICAP client). AS the ProxyAV uses its own antivirus scanning interface, deploying the ProxyAV as an ICAP server is interdependent of other antivirus vendors; the only impact is how each vendor prcesses errors. These configurations apply to all ICAP clients.
Currently, the ProxyAV only supports the ProxySG as an ICAP client.
To configure ICAP:
- Select ICAP Server enabled.
- In the ICAP server port field, enter port number used ot connect to the ICAP server. The default is 1344.
- (Optional) Click the Permitted clients link to go to the Management Console page that defines the IP address of the ICAP client (the ProxySG).
- Select Allow 204 response to allow the return of a 204 Not Modified response to the ICAP client when content is not changed.
- In the Options TTL field, enter the number of seconds the OPTIONS response remains valid. If Do not include is selected, the options-ttl tag is not included in the response to the client.
- In the Max size of file to scan (KB) field, enter largest file size that is allowed to be sent to the ICAP server. If the incoming file exceeds this value, no scanning is performed an a 500 Server error is returned.
- Specify file types:
- In the Transfer Complete field, specify file extensions types (separated by commas) that are returned in the OPTIONS response to the ICAP client (the ProxySG) suggesting which file types can e forwarded the ProxyAV. All received files are scanned.
- In the Transfer Ignore field, enter file extensions that exempt specific file types from scanning (this saves resources). One of the fields must contain the * character, which means all other files. The other field lists the file extensions or can be blank. For example:
- Transfer Complete: *
- Transfer Ignore: gif, jpg, jpeg
- Specifies: Do not send files with the extensions of gif, jpg, or jpeg; send everything else.
- In the Antivirus service name field, specify the name of the ICAP service performing the scanning. See the example on the page.
- Select X-Include to include the X-Include tag (original source and original destinations) in the OPTIONS response to the ICAP client (the ProxySG); thus, the ICAP client is informed that these tags are supported. This tag includes the X-Client-IP and X-Server-IP values.
- Under Include extension headers in response, the default option is X-Virus-ID, which includes the known virus identification. Select X-Infection-Found or X-Violations-Found if your deployment warrants their use.