Support

Support for business applications

Kaspersky Scan Engine

Using Kaspersky Scan Engine in ICAP mode

Kaspersky Scan Engine and ICAP mode
Kaspersky Scan Engine
Нет результатов
Knowledge Base Online Help
FAQ System requirements Forum Contact support Recovery tools Product videos

Kaspersky Scan Engine and ICAP mode

March 5, 2024

ID 192987

Internet Content Adaptation Protocol (ICAP) is the standard for communication between proxy servers and service providers. In ICAP mode, Kaspersky Scan Engine works with ICAP-compliant proxy servers. Kaspersky Scan Engine scans HTTP traffic that passes through a proxy server, and URLs requested by users.

In ICAP mode, Kaspersky Scan Engine consists of the kavicapd service, configuration files, and libraries, and has the following features:

  • URL scan

    Kaspersky Scan Engine allows you to scan URLs that users request from a proxy server. This function is available in both the request modification (REQMOD) mode and response modification (RESPMOD) mode of ICAP.

  • HTTP traffic scan

    Kaspersky Scan Engine allows you to scan incoming and outgoing HTTP traffic that passes through a proxy server. This function is available in both the request modification (REQMOD) mode and response modification (RESPMOD) mode of ICAP.

    Scanning of multipart objects is supported.

  • Support for the 204 No Content HTTP status code

    The kavicapd service can be configured to reply with this status code if the message sent by a client does not require modification.

  • Configuring the kavicapd service behavior with service rules
  • Partial mode

    In this mode, also known as Data Trickling, the ICAP plug-in scans files as a whole, and then divides them into batches, and sends the batched files to the user. The plug-in continues to scan files at the same time that it is sending the first batches of files to the user. This function allows users to receive large scanned files quickly.

  • Preview mode

    In this mode, the ICAP client sends preview requests to the ICAP plug-in. The preview requests allow you to skip objects that the plug-in does not consider malicious.

  • ISTag updates

    The ISTag value in the Kaspersky Scan Engine ICAP response header is updated every time after one of these events happens:

    • Kaspersky Scan Engine is initialized.
    • Kaspersky Scan Engine settings are changed.
    • The anti-virus database is updated.

Keep-Alive connections

By default, Kaspersky Scan Engine supports Keep-Alive connections, so it can process multiple objects one after another, by using the same connection.

To open a Keep-Alive connection, an ICAP request has to contain the Connection field with the Keep-Alive value.

To close the connection, an ICAP request has to contain the Connection field with the close value.

Kaspersky Professional Services
Implementation services. Health check and security system configuration. Contact us if you need expert help.
Kaspersky Premium Support (MSA): High‑priority incident processing
Telephone and web ticket support. Fast response, monitoring and health check. Submit a request and activate the contract (MSA).
Did you find this article helpful?
What can we do better?
Thank you for your feedback! You're helping us improve.
Thank you for your feedback! You're helping us improve.