ICAP Anti-Virus Scanning

IBM® Sterling Secure Proxy supports the Internet Content Adaptation Protocol (ICAP) to enable communication with external servers hosting third-party anti virus software to scan inbound data (files/ requests) in transit via Secure Proxy before it is sent to the backend destination server.

Secure Proxy implements an inflight dynamic virus and malware scan using virus and malware scanning engines that can be interfaced through ICAP server during data transfer using SFTP, HTTP and Connect:Direct protocols.

This provides significant benefits to trading partners, system administrators and your business in general by offloading scanning responsibilities to an ICAP Anti-Virus server configured via Secure Proxy, before it is sent to the backend destination server.
Attention: Secure Proxy ICAP virus scan support is based upon ICAP protocol RFC3507. The protocol allows support to an ICAP virus scan server, which claims adherence to the RFC. If that ICAP virus scan server does not function properly with Secure Proxy, we will analyze the problem by reviewing logs and traces. If possible, we will provide a code fix to support that ICAP Virus Scan server. However, if there is too much uniqueness in the implementation of an ICAP virus scan server, then you must request a product enhancement (RFE).
Note: Currently ICAP AV scanning is supported only for SFTP, HTTP, and Connect:Direct protocols and not for SCP protocol. If you have configured an SFTP Adapter and associated an ICAP Server for Anti virus scanning, disable SCP protocol to prevent files being uploaded without Anti virus scanning through SCP protocol. Set scp.enable=false in the SFTP Adapter properties to disable SCP protocol.

The inflight dynamic virus and malware scanning is enabled at the adapter level and is not enabled by default.

Enabling ICAP Server Anti-Virus scanning over SFTP protocol

To prepare IBM Sterling Secure Proxy to use an ICAP Server for Anti-Virus scanning, use Configuration Manager (CM) to create configuration definitions and to set SFTP properties.

Use the:
  • Advanced menu to configure ICAP server connection details and other settings. For more information, see the procedure defined in the following sections and ICAP Configuration Field Definitions.
  • Secure Proxy Adapter configuration screen to configure a SFTP Adapter and push the configuration to multiple engines. You can specify the ICAP Server configuration and Perimeter Server, available under Basic tab, to connect to ICAP Server per engine basis for a given Adapter. For more information see, define ICAP PS and ICAP Server fields in SFTP Adapter Configuration - Basic.

Enabling ICAP Server Anti-Virus scanning over Connect:Direct protocol

To prepare IBM Sterling Secure Proxy to use an ICAP Server for Anti-Virus scanning, use Configuration Manager (CM) to create configuration definitions and to set Connect:Direct properties.

Use the:
  • Advanced menu to configure ICAP server connection details and other settings. For more information, see the procedure defined in the following sections and ICAP Configuration Field Definitions.
  • Connect:Direct Adapter configuration screen to configure a Connect:Direct Adapter and push the configuration to multiple engines.
    • You can specify ICAP Server configuration and Perimeter Server value in the Basic tab to connect to ICAP Server per engine basis for a given Adapter. For more information, seeConnect:Direct Adapter Configuration - Basic.
    • You can also specify if anti virus scanning be enabled depending on whether Secure Proxy is providing forward/reverse proxy services for Connect:Direct servers in the Advanced tab. Note that file transfer from PNode to SNode (reverse proxy) is enabled by default. For more information see, Connect:Direct Adapter Configuration - Advanced.

Enabling ICAP Server Anti-Virus scanning over HTTP protocol

To prepare IBM Sterling Secure Proxy to use an ICAP Server for Anti-Virus scanning, use Configuration Manager (CM) to create configuration definitions and to set HTTP properties. Use the:
  • Advanced menu to configure ICAP server connection details and other settings. For more information, refer the procedure defined in the subsequent sections and ICAP Configuration Field Definitions.
  • Secure Proxy Adapter configuration screen to configure a HTTP Adapter and push the configuration to multiple engines. You can specify the ICAP Server configuration and Perimeter Server, available under Basic tab to connect to ICAP Server per engine basis for a given Adapter. For more information refer, HTTP Adapter Configuration - Basic.