ICAP mode

In ICAP mode, Kaspersky Scan Engine consists of an ICAP server called kavicapd, Kaspersky Anti-Virus Engine, and Kaspersky Scan Engine GUI.

When you use Kaspersky Scan Engine in ICAP mode, the interaction between the components occurs in the following order:

  1. An ICAP client (for example, a proxy server) sends ICAP requests to kavicapd.
  2. The kavicapd service sends files to Kaspersky Anti-Virus Engine for scanning.
  3. Kaspersky Anti-Virus Engine scans the contents of HTTP messages and URLs that are encapsulated in these ICAP requests.

    If you are using File and URL Reputation Checking, the contents of HTTP messages and URLs are also sent to KSN for reputation checking.

  4. After scanning, Kaspersky Anti-Virus Engine returns the results to the kavicapd service.
  5. The kavicapd service sends ICAP responses with scan results to the ICAP client.

    If you are using Kaspersky Scan Engine GUI, the scanning results are displayed on the Scan results page.

Kaspersky Scan Engine can work with several ICAP clients at once.

The following example shows the interaction between a proxy server and Kaspersky Scan Engine working in ICAP mode.

Diagram that shows how a proxy server interacts with Kaspersky Scan Engine via the ICAP protocol.

Interaction between a proxy server and the Kaspersky Scan Engine working in ICAP mode

Page top