Using Kaspersky Scan Engine in ICAP mode with GoAnywhere MFT
You can configure Kaspersky Scan Engine to work with GoAnywhere MFT. For convenience, this process is separated into several steps.
Configuring Kaspersky Scan Engine
To be integrated with GoAnywhere MFT, Kaspersky Scan Engine must be working in ICAP mode.
To configure Kaspersky Scan Engine,
Enable sending a 204 No Content HTTP status code. You can do it in the following ways:
- In the Kaspersky Scan Engine GUI, by turning on the Send code 204 toggle switch on the Service settings page.
- In the ICAP mode configuration file, by specifying
1in theAllow204element.
Configuring GoAnywhere MFT to work with Kaspersky Scan Engine
To add Kaspersky Scan Engine into GoAnywhere MFT:
- In the GoAnywhere MFT web console, open the Resources page.
- In the Resource Types list, choose ICAP Servers.
GoAnywhere MFT. ICAP servers
- Click the Add ICAP Server button.
- Fill out the form that opens:
- Name. Specify any name for the Kaspersky Scan Engine server. For example, Kaspersky Scan Engine ICAP.
- URL. Specify the URL that Kaspersky Scan Engine uses in response mode. That is, the URL must contain the part that specifies the RESP method. For example, icap://{KSE_ICAP}:1344/resp.
GoAnywhere MFT. Kaspersky Scan Engine ICAP server settings
- Click the Test button.
GoAnywhere MFT tests the connection with the newly added Kaspersky Scan Engine server. An example of a successful test is shown in the picture below.
GoAnywhere MFT. Successful connection to the Kaspersky Scan Engine ICAP server
- Click Save.
You can now use Kaspersky Scan Engine to scan objects from GoAnywhere MFT.
GoAnywhere MFT configuration complete
Creating a regular scan task
You can create a task to scan objects in Kaspersky Scan Engine on a regular basis.
To create a regular scan task:
- In the GoAnywhere MFT web console, open the Workflow/Projects page.
- Click the Create a Project button.
- In the form that opens, fill in the Project Name field (for example, Kaspersky Scan Engine regular scan).
- Click Save.
The page with the Component Library list opens.
GoAnywhere MFT. Component Library
- In the Component Library list:
a. Double-click the File System/Create File List element, and then fill out the form that opens:
- File List Variable. Specify files.
- Base Directory. Specify the path to the directory that contains the objects to send for scanning in Kaspersky Scan Engine.
GoAnywhere MFT. File List settings
b. Double-click the Loops/For-Each Loop element, and then fill out the form that opens:
- Items Variable. Specify ${files}.
- Current Item Variable. Specify file.
c. Double-click the Integration/ICAP element, and then fill out the form that opens:
- ICAP Server. Specify Kaspersky Scan Engine ICAP.
- Source File. Specify ${file}.
- Output Variables/ICAP Status Code Variable. Specify icap_resp_code.
GoAnywhere MFT. ICAP server integration settings
d. Double-click the Job Control/If element, and then fill out the form that opens:
- Condition. Specify ${icap_resp_code == 200}.
GoAnywhere MFT. "If" condition
e. Double-click the File System/Delete element, and then fill out the form that opens:
- Input Files Variable. Specify ${file}.
GoAnywhere MFT. Input Files Variable
Kaspersky specialists recommend removing malware instantly, but you can specify a different action, such as moving the malware to another directory, renaming the malware, or configuring GoAnywhere MFT to send a notification to a security specialist.
- After creating these elements, arrange them in the following hierarchy:
- File System/Create File List
- Loops/For-Each Loop
- Integration/ICAP
- Job Control/If
- File System/Delete
GoAnywhere MFT. Settings hierarchy
- Open the Workflow/Schedule page, and then fill out the form:
a. In the Project field, specify Kaspersky Scan Engine regular scan.
GoAnywhere MFT. Regular scan project
b. In the Schedule tab, specify the required scanning frequency.
GoAnywhere MFT. Regular scan schedule
c. Click Save.