ICAP Anti-Virus Scanning

IBM® Sterling Secure Proxy supports the Internet Content Adaptation Protocol (ICAP) to enable communication with external servers hosting third-party anti virus software to scan inbound data (files) in transit via Secure Proxy before it is sent to the backend destination server.

Secure Proxy implements an inflight dynamic virus and malware scan using virus and malware scanning engines that can be interfaced through ICAP server during data transfer using SFTP and Connect:Direct protocols. This provides significant benefits to trading partners, system administrators and your business in general by offloading scanning responsibilities to an ICAP Anti-Virus server configured via Secure Proxy, before it is sent to the backend destination server.
Note: Currently ICAP AV scanning is supported only for SFTP and Connect:Direct protocol and not for SCP protocol. If you have configured an SFTP Adapter and associated an ICAP Server for Anti virus scanning, disable SCP protocol to prevent files being uploaded without Anti virus scanning through SCP protocol. Set scp.enable=false in the SFTP Adapter properties to disable SCP protocol.

The inflight dynamic virus and malware scanning is enabled at the adapter level and is not enabled by default.

Enabling ICAP Server Anti-Virus scanning over SFTP protocol

To prepare IBM Sterling Secure Proxy to use an ICAP Server for Anti-Virus scanning, use Configuration Manager (CM) to create configuration definitions and to set SFTP properties.

Use the:
  • Advanced menu to configure ICAP server connection details and other settings. For more information, see the procedure defined in the following sections and ICAP Configuration Field Definitions.
  • Secure Proxy Adapter configuration screen to configure a SFTP Adapter and push the configuration to multiple engines. Users can specify the ICAP Server configuration and Perimeter Server, available under Basic tab, to connect to ICAP Server per engine basis for a given Adapter. For more information see, define ICAP PS and ICAP Server fields in SFTP Adapter Configuration - Basic.

Enabling ICAP Server Anti-Virus scanning over Connect:Direct protocol

To prepare IBM Sterling Secure Proxy to use an ICAP Server for Anti-Virus scanning, use Configuration Manager (CM) to create configuration definitions and to set Connect:Direct properties.

Use the:
  • Advanced menu to configure ICAP server connection details and other settings. For more information, see the procedure defined in the following sections and ICAP Configuration Field Definitions.
  • Connect:Direct Adapter configuration screen to configure a Connect:Direct Adapter and push the configuration to multiple engines.
    • Users can specify ICAP Server configuration and Perimeter Server value in the Basic tab to connect to ICAP Server per engine basis for a given Adapter. For more information, seeConnect:Direct Adapter Configuration - Basic.
    • Users can also specify if anti virus scanning be enabled depending on whether Secure Proxy is providing forward/reverse proxy services for Connect:Direct servers in the Advanced tab. Note that file transfer from PNode to SNode (reverse proxy) is enabled by default. For more information see, Connect:Direct Adapter Configuration - Advanced.