Response headers

X-Include

Kaspersky Scan Engine includes this header in its response to the OPTIONS request from the ICAP client when the following conditions are met:

The X-Include header includes headers specified in HTTPUserNameICAPHeader and HTTPClientIpICAPHeader as a comma-separated list. The default values for these headers are X-Client-Username and X-Client-IP respectively. The following is an example of the X-Include header:

X-Include: X-Client-IP, X-Client-Username

The X-Include header can also include only one of these headers, for example:

X-Include: X-Client-Username

RequestingICAPHeaders specifies which headers are included in X-Include.

X-Infection-Found

This header contains types of the detected threats or legitimate objects that can be used by attackers. You can specify whether Kaspersky Scan Engine includes this header in its response in the SendInfectionFoundICAPHeader element. The header will be present only if a threat or legitimate object that can be used by attackers is detected during scanning.

The header has the following format:

X-Infection-Found: Type=0; Resolution=0; Threat={Threat_type};

Here, {Threat_type} is the type of the threat or legitimate software that can be used by intruders. If Kaspersky Scan Engine detects several objects, all types are listed, separated by the comma symbol (,).

In the current version of Kaspersky Scan Engine, the values of Type and Resolution are always 0.

X-Response-Desc

This header contains the descriptions of the detected threats or legitimate objects that can be used by attackers. You can specify whether Kaspersky Scan Engine includes this header in its response in the SendResponseDescICAPHeader element. The header will be present only if a threat or legitimate object that can be used by attackers is detected during scanning.

The header has the following format:

X-Response-Desc: {Text}

Here, {Text} can have the following values:

Value

Description

Trojan malicious object detected

A Trojan was detected.

Malicious tool detected

Malware was detected.

Highly dangerous malicious object detected

A highly dangerous malicious object that cannot be classified using either of available classes of malware was detected.

Medium dangerous malicious object detected

A mediumly dangerous malicious object that cannot be classified using either of available classes of malware was detected.

Virware malicious object detected

A program that infects other files by adding its own code to them in order to gain control of the infected files when they are opened was detected.

Malicious URL

A malicious URL was detected.

Phishing URL

A phishing URL was detected.

Malicious host

An IP address of a malicious host was detected.

Adware URL

A URL that leads to adware was detected.

Riskware URL

A URL that leads to legitimate software that can be used by intruders was detected.

Adware host

An IP address of adware was detected.

Riskware host

An IP address of a host that stores legitimate software that can be used by intruders was detected.

Detected legitimate software that can be used by intruders to damage your computer or personal data

An application that has no malicious features but could be a part of the development environment for malicious programs was detected.

Detected an attempt of unauthorized use of pay-per-use Internet services which are commonly pornographic websites (pornodialer), or pornotools, or a pornodownloader

An attempt of unauthorized use of pay-per-use Internet services (which are commonly pornographic websites) was detected.

Adware detected

A URL that leads to adware was detected.

Multiple threats detected

Multiple objects were detected.

Detected a highly dangerous malicious object that cannot be classified using either of available classes of malware

A highly dangerous unclassified object was detected.

MS Office document containing a macro is detected

A Microsoft Office document containing a macro was detected.

X-Response-Info

This header contains the status of the scanned object or the response to the OPTIONS requests. You can specify whether Kaspersky Scan Engine includes this header in its response in the SendResponseInfoICAPHeader element.

The header has the following format:

X-Response-Info: {Token}

Here, {Token} can have the following values:

Value

Description

Allowed

The scanned file or URL is not malicious.

Blocked

This response can appear for the following reasons:

  • A threat or legitimate software that can be used by intruders was detected
  • A macros was detected

Options

The answer to the OPTIONS requests.

X-Violations-Found

This header contains information about the scanned file and the threats or legitimate software that can be used by intruders detected in this file. You can specify whether Kaspersky Scan Engine includes this header in its response in the SendViolationsFoundICAPHeader element. The header will be present only if a threat or legitimate object that can be used by attackers is detected during scanning.

The header has the following format:

X-Violations-Found: {Count}

{File_name}

{Description}

{Problem_ID}

{Resolution_ID}

Here, {count} is the number of the objects that were detected in the file, {File_name} is the name of the file, {Description} is the name of the first detected threat or legitimate object that can be used by attackers in the file, {Problem_ID} is the identifier of the detected threat or legitimate object that can be used by attackers, {Resolution_ID} is the identifier of the action performed on the object by Kaspersky Scan Engine.

In the current version of Kaspersky Scan Engine, the value of {Resolution_ID} is always 0.

Page top