thready
asked on
ICAP and anti-virus
Hi Experts,
I'd researching ICAP and its ability to scan files individually. I'd need my ICAP server to be on the same machine as my server application so that it can locally scan files for viruses. Can anyone point me to a good implemnetation of ICAP that they would recommend that could help me here?
Many thanks,
Mike
I'd researching ICAP and its ability to scan files individually. I'd need my ICAP server to be on the same machine as my server application so that it can locally scan files for viruses. Can anyone point me to a good implemnetation of ICAP that they would recommend that could help me here?
Many thanks,
Mike
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
I doubt there is any other supporting FILEMOD (besides Symantec) even as stated in the ICAP forum product list though it is not updated with other AV including Symantec. http://www.icap-forum.org/icap?do=products&isServer=checked
I am thinking a lot if there is means for translation from FILEMOD to RESPMOD mode instead but also to no avail and not worth the effort since FILEMOD itself is already not widely supported by existing ICAP server.
Even common (and well recognised online) VirusTotal came up with API for HTTP request/post instead of direct file based (file:\\) APIs (based on hash or file upload etc) https://www.virustotal.com/en/documentation/public-api/
https://www.virustotal.com/en/documentation/public-api/#scanning-files
I am thinking a lot if there is means for translation from FILEMOD to RESPMOD mode instead but also to no avail and not worth the effort since FILEMOD itself is already not widely supported by existing ICAP server.
Even common (and well recognised online) VirusTotal came up with API for HTTP request/post instead of direct file based (file:\\) APIs (based on hash or file upload etc) https://www.virustotal.com/en/documentation/public-api/
https://www.virustotal.com/en/documentation/public-api/#scanning-files
ASKER
Yep, FILEMOD doesn't look very popular at all.
I don't even understand how one could use RESPMOD to scan individual files. Do you? :-)
I don't even understand how one could use RESPMOD to scan individual files. Do you? :-)
C-ICAP has document on that with its client (most it Squid) and C-ICAP server handling those request.
More details in the ietf run through - see the encapsulated http hdr req https://tools.ietf.org/html/rfc3507#section-4.3.3. Via 1344 (TCP), URI-icap:
icap_enable onDo catch those link which also share the use case and step though the details will need further understanding.
icap_service service_req reqmod_precache bypass=1 icap://127.0.0.1:1344/request
adaptation_access service_req allow all
icap_service service_resp respmod_precache bypass=0 icap://127.0.0.1:1344/response
adaptation_access service_resp allow all
More details in the ietf run through - see the encapsulated http hdr req https://tools.ietf.org/html/rfc3507#section-4.3.3. Via 1344 (TCP), URI-icap:
ICAP is, in essence, a lightweight protocol for executing a "remote procedure call" on HTTP messages. It allows ICAP clients to pass HTTP messages to ICAP servers for some sort of transformation or other processing ("adaptation"). The server executes its transformation service on messages and sends back responses to the client, usually with modified messages. Typically, the adapted messages are either HTTP requests or HTTP responses.http://www.networksorcery.com/enp/protocol/icap.htm
ICAP is a request/response protocol similar in semantics and usage to HTTP/1.1. Despite the similarity, ICAP is not HTTP, nor is it an application protocol that runs over HTTP. This means, for example, that ICAP messages can not be forwarded by HTTP surrogates.
ASKER
Thanks for your help with this! :)
ASKER