Internet Content Adaptation Protocol (ICAP) is the standard for communication between proxy servers and service providers. In ICAP mode, Kaspersky Scan Engine works with ICAP-compliant proxy servers. Kaspersky Scan Engine scans HTTP traffic that passes through a proxy server, and URLs requested by users.
In ICAP mode, Kaspersky Scan Engine consists of the kavicapd service, configuration files, and libraries, and has the following features:
Kaspersky Scan Engine allows you to scan URLs that users request from a proxy server. This function is available in both the request modification (REQMOD) mode and response modification (RESPMOD) mode of ICAP.
Kaspersky Scan Engine allows you to scan incoming and outgoing HTTP traffic that passes through a proxy server. This function is available in both the request modification (REQMOD) mode and response modification (RESPMOD) mode of ICAP.
Scanning of multipart objects is supported.
204 No
Content
HTTP status codeThe kavicapd service can be configured to reply with this status code if the message sent by a client does not require modification.
In this mode, also known as Data Trickling, the ICAP plug-in scans files as a whole, and then divides them into batches, and sends the batched files to the user. The plug-in continues to scan files at the same time that it is sending the first batches of files to the user. This function allows users to receive large scanned files quickly.
In this mode, the ICAP client sends preview requests to the ICAP plug-in. The preview requests allow you to skip objects that the plug-in does not consider malicious.
The ISTag value in the Kaspersky Scan Engine ICAP response header is updated every time after one of these events happens:
Keep-Alive connections
By default, Kaspersky Scan Engine supports Keep-Alive connections, so it can process multiple objects one after another, by using the same connection.
To open a Keep-Alive connection, an ICAP request has to contain the Connection
field with the Keep-Alive
value.
To close the connection, an ICAP request has to contain the Connection
field with the close
value.