ICAP antivirus integration is available in FileCloud Server version 18.2.
ICAP scans are noted in audit logs beginning with version 19.3.
FileCloud gives you maximum flexibility when choosing an antivirus product to scan uploaded files. FileCloud uses Internet Content Adaption Protocol (ICAP) to integrate with any antivirus product currently supporting ICAP.
ICAP is a generic protocol that allows web servers to offload specialized tasks to custom-built servers. Examples of such specialized tasks include DLP (data loss prevention) based content scanning, URL filtering and antivirus scanning.
FileCloud's ICAP integration feature:
If you have already purchased your own antivirus solution and want to use it, or if you do not want to use ClamAV for various reasons, it is highly recommended to use this feature.
We also recommend that the ICAP Antivirus server administrator must consult the antivirus product documentation to understand the operational and configuration parameters, capabilities and limitations. As virus scanning is a critical feature for maintaining water-tight security and smooth functioning of any workplace, consulting the documentation is important before configuring FileCloud's ICAP integration settings, it would also help in troubleshooting and maintenance.
Similar to the case of ClamAV, if FileCloud's ICAP Client has been configured correctly with a properly deployed ICAP AV server, when a virus is detected in an uploaded file, the following actions occur:
Using ICAP to integrate Antivirus capabilities into FileCloud requires customers to:
FileCloud has made it easy for administrators to connect a FileCloud server to your antivirus server by including an inbuilt ICAP Client.
The easy configuration steps apply to both Windows and Linux servers.
To configure FileCloud to use your antivirus server:
Table 1. ICAP Client Parameters
|Server Local IP||In most cases, leave the default value of 0.0.0.0. If you are using a separate FileCloud policy with ICAP, enter the Private (LAN) IP of the FileCloud server.|
|ICAP Remote Hostname|
Enter the hostname or IP of the system where the ICAP AV is deployed.
|ICAP Port||Leave the default value of 1344 as it is. In rare cases, this might need to be changed to whatever port the ICAP AV server is listening on.|
|Secure ICAP||Enable if the ICAP server is running with SSL or TLS protocols.|
|File Size Limit||This is the file limit in bytes that will be scanned. For example, very large files can be excluded from scanning. Default value is 25MB|
|ICAP Service Name||Consult the ICAP AV server product documentation to know this value. It must be set correctly otherwise integration wont work.|
|Enable Basic Debug Logging||Check this to enable logging of detailed operational debug messages in the (error) logs.|
|Enable Network Payload Debug Logging||Check this to enable logging of detailed network communication related debug messages in the (error) logs.|