Internet Content Adaptation Protocol (ICAP) is a standard or URL modification, web cache management, and anti‐virus scanning of URL, HTTP posts, and file server files. The node uses ICAP as a client to send file content to antivirus servers for virus scanning.
Use the ICAP Un‐Quarantine page to determine whether an ICAP server is responding, to quarantine files if that has not been done by the ICAP server, and to release quarantine as needed.
To access ICAP operations options, navigate to the following page:
Maintenance > ICAP Operations
The following table describes the node's diagnostic tools.
|Packet Capture Option||Description|
|ICAP Server Test|
Enter the IP address or hostname of an ICAP server and click Test Communication to verify that the node can communicate with the server.
|ICAP Log||Displays the ICAP log.|
|ICAP File Quarantine|
|File path and name||File path and name Specify the path of the file to quarantine or un‐quarantine.|
|Quarantine||Quarantine the specified file.|
|Un‐Quarantine||Remove quarantine status from the specified file.|
Display the current quarantine status.
The following notes apply to the node's ICAP operations options:
- This feature is available only if the ICAP license is installed.
- Specify the ICAP parameters on the License Manager page.
- If you have specify an ICAP server on the License Manager page, the IP address of the server is filled in automatically on the ICAP page. You can probe another server in this section by entering an IP address and clicking Probe Server. however, the address you enter is not saved.
- Results of the server probe are displayed in a pop‐up window.
- Quarantining of files is typically done by the ICAP server. If needed, you can manually quarantine or un‐quarantine files in the ICAP Un‐Quarantine page.
- Any viruses that are found are listed in /var/log/avquarantine, which is accessible on the Maintenance > Diagnostics page.
To use ICAP, specify the following ICAP parameters on the Configuration > Licenses Manager page under AS‐ICAP. See License Manager.
The following table lists the ICAP parameters.
|Port||The default ICAP port is 1344. Change the value if the ICAP server is listening on a different port.|
|Service||ICAP service name. This is ignored by most ICAP servers; however, some vendors require specific values. The most common service name is "avscan".|
|include‐files||Comma‐separated list of of glob based file paths that will be scanned. Use * as a wildcard.|
|exclude‐files||Comma‐separated list of of glob based file paths that will not be scanned. Use * as a wildcard.|
Scan files when they are open for reading.
Scan files when they are closed following write operation.
|denyonerror||If no scanner is available or some system error has occurred, assume that the content is suspicious and deny client access.|
|allow206||Not currently supported.|