About Antivirus Scan Filter
You can use the antivirus scan filter to configure Enterprise Gateway to interact with an Internet Content Adaptation Protocol (ICAP)-compliant server. An ICAP server is capable of hosting multiple services that you can use to implement features such as virus scanning or content filtering. Using the antivirus scan filter, Enterprise Gateway Server can leverage the ICAP protocol to scan all incoming HTTP requests and payloads for viruses.
Note:
The antivirus scan filter feature is certified on c-icap server, which is an implementation of an ICAP server, and can be integrated with all ICAP-compliant virus scanning applications.
If the antivirus scan filter is enabled as part of an Enterprise Gateway rule, Enterprise Gateway Server validates all incoming payloads by using the capabilities of the ICAP server in the following steps:
1. Enterprise Gateway Server requests the ICAP server to scan the request.
2. If the response from ICAP server includes a preview header, then Integration Server performs the following steps:
a. Integration Server requests the ICAP server to specify the preview size.
b. Enterprise Gateway responds with the amount data in bytes as specified in the preview header received from the ICAP server.
c. The ICAP server scans the preview content using the registered ICAP service.
d. If the ICAP server detects any malicious content in the request, depending on how the Enterprise Gateway rule is configured, Enterprise Gateway Server denies the request and sends an alert about the violation of the rule. Otherwise, Enterprise Gateway sends the rest of the file to the ICAP server to scan.
If the response from ICAP server does not include a preview header, then Integration Server performs the following steps:
a. Integration Server requests the ICAP server to scan the entire request using the registered ICAP service.
b. If the ICAP server detects any malicious content in the request, depending on how the Enterprise Gateway rule is configured, Enterprise Gateway Server denies the request or allows the request and sends an alert about the violation of the rule.
Before enabling the antivirus scan filter, ensure that the following prerequisites are met:
An ICAP-compliant server must be installed and configured in the DMZ and the
Enterprise Gateway Server must be able to access the ICAP-compliant server.
The ICAP-compliant server must have an ICAP service registered and the service must be accessible using the following format:
icap://<icap_server>:<icap_port>/serviceName
Enterprise Gateway Server must be configured to send emails so that
Integration Server can send alerts in case of any configuration or connectivity issues with the ICAP server. The email alerts are sent to the e-mail address of the administrator specified in the
Internal Email field on the Settings > Resources screen.