Deployment: ICAP Settings

Note: ICAPS is not available for ICAP clients using SSLv2 or SSLv3 for SSL handshake. IWSVA only supports TLSv1, TLSv1.1, and TLSv1.2 for secure ICAP communication.

Deploying in ICAP Mode requires addition configuration settings.

IWSVA can return four optional headers from the ICAP server whenever a virus is found or for information about users and groups. "X-Virus-ID" and "X-Infection-Found" are not returned by default for performance reasons, because many ICAP clients do not use these headers. They must be enabled in the IWSVA Web console.

X-Virus-ID: Contains one line of US-ASCII text with a name of the virus or risk encountered. For example:
X-Virus-ID: EICAR Test String

X-Infection-Found: Returns a numeric code for the type of infection, the resolution, and the risk description.

For more details on the parameter values, see:

http://www.icap-forum.org/

X-Authenticated - User: If enabled, IWSVA requests the username sent in the X-Authenticated-User ICAP header. The username obtained from the ICAP header allows IWSVA to identify of the user issuing the request if you configure IWSVA to use the user/groupname method of user identification.
X-Authenticated - Group: If enabled, IWSVA requests the group membership information sent in the X-Authenticated-Groups ICAP header if you configure IWSVA to use the user/groupname method of user identification. If disabled, IWSVA queries LDAP for the group membership information.

Note: Some ICAP clients do not offer the recursive group membership search. For example, if a user belongs to group A, and group A belongs to group B, the ICAP client only sends group A information in the header. If you require recursive group membership information, Trend Micro recommends disabling the x_authenticated_groups header.

To configure the ICAP settings:

Select the ICAP mode radio button on the Deployment Mode page.
Click Next.
Follow the configuration recommendations:

Configuration Parameter	Details	Recommended Value
HTTP Listening port	This is the port that IWSVA listens on to receive connections for ICAP.	1344
Enable ICAP over SSL	Enable/Disable secure ICAP communication	Disable
ICAPS Port Number	This is the port that IWSVA listens on to receive connections for ICAPS.	11344
Certificate	Import server certificates for SSL-secured requests from clients.
Private Key	Import the private key for SSL-secured communication.
Passphrase	Enter the passphrase for the private key.
Confirm Passphrase	Enter the passphrase again to confirm.
Enable X-Virus-ID ICAP header (check box)	Enable / Disable the ICAP short name of the infection detected being recorded.	Disable
Enable X-Infection-Found ICAP header (check box)	Enable / Disable ICAP details regarding malware detected and passing details back to the ICAP device	Disable
Enable X-Authenticated-User ICAP header	Enable / Disable ICAP details about username information.	Check (enable)
Enable X-Authenticated-Groups ICAP Header	Enable / Disable ICAP details about group membership information.	Disable

Click Next.
Set up the Network Interface to continue the deployment.
Note: Complete all steps in the Deployment Wizard to deploy in ICAP mode. After receiving a successful deployment message, configure the IWSVA ICAP set up.