Kaspersky Scan Engine and ICAP mode
Internet Content Adaptation Protocol (ICAP) is the standard for communication between proxy servers and service providers. In ICAP mode, Kaspersky Scan Engine works with ICAP-compliant proxy servers. Kaspersky Scan Engine scans HTTP traffic that passes through a proxy server, and URLs requested by users.
In ICAP mode, Kaspersky Scan Engine consists of the kavicapd service, configuration files, and libraries, and has the following features:
- URL scan
Kaspersky Scan Engine allows you to scan URLs that users request from a proxy server. This function is available in both the request modification (REQMOD) mode and response modification (RESPMOD) mode of ICAP.
- HTTP traffic scan
Kaspersky Scan Engine allows you to scan incoming and outgoing HTTP traffic that passes through a proxy server. This function is available in both the request modification (REQMOD) mode and response modification (RESPMOD) mode of ICAP.
Scanning of multipart objects is supported.
- Support for the
204 NoContentHTTP status codeThe kavicapd service can be configured to reply with this status code if the message sent by a client does not require modification.
- Configuring the kavicapd service behavior with service rules
- Partial mode
In this mode, the ICAP plugin scans files as a whole, and then divides them into batches, and sends the batched files to the user. The plugin continues to scan files at the same time that it is sending the first batches of files to the user. This function allows users to receive large scanned files quickly.
This element is available starting from Kaspersky Scan Engine version 1.0.1.51.
- Preview mode
In this mode, the ICAP client sends preview requests to the ICAP plugin. The preview requests allow you to skip objects that the plugin does not consider malicious.
This element is available starting from Kaspersky Scan Engine version 1.0.1.51.