Using Kaspersky Scan Engine in ICAP mode with Squid

Squid is a caching and forwarding web proxy server for Windows and UNIX-like systems. You can use Kaspersky Scan Engine in ICAP mode with Squid.

Configuring Squid for working with Kaspersky Scan Engine in ICAP mode

For Kaspersky Scan Engine to work with Squid in ICAP mode, you must specify Kaspersky Scan Engine as an ICAP service in the Squid configuration file (squid.conf).

In Squid, an ICAP service is defined in the icap_service option and has three mandatory parameters: id, vectoring_point, and uri.

To specify Kaspersky Scan Engine as an ICAP service:

1. Set id to any appropriate identifier.
2. Set vectoring_point to an appropriate *_precache value:
   • For request modification (REQMOD) mode, specify reqmod_precache.
   • For response modification (RESPMOD) mode, specify respmod_precache.
3. Set uri to the location of Kaspersky Scan Engine:
   • For REQMOD mode, the URI must have the following format: icap://servername:port/req.
   • For RESPMOD mode, the URI must have the following format: icap://servername:port/resp.

Following is an example of a Squid configuration file extract. In this example, Squid uses Kaspersky Scan Engine in ICAP mode to scan HTTP messages in both REQMOD mode and RESPMOD mode.

icap_enable on adaptation_send_username on adaptation_send_client_ip on icap_service srv_kl_resp respmod_precache 0 icap://localhost:1344/resp icap_service srv_kl_req reqmod_precache 0 icap://localhost:1344/req adaptation_access srv_kl_resp allow all adaptation_access srv_kl_req allow all icap_service_failure_limit -1 icap_service_revival_delay 30 icap_preview_enable off

Page top