Response headers
March 5, 2024
ID 221159
X-Include
Kaspersky Scan Engine includes this header in its response to the OPTIONS request from the ICAP client when the following conditions are met:
- There is at least one ICAPHeader element and it contains either the
HTTPUserNameICAPHeaderorHTTPClientIpICAPHeadervalue:- If
HTTPUserNameICAPHeaderis specified inICAPHeader, there must be the HTTPUserNameICAPHeader element and it should not be empty. - If
HTTPClientIpICAPHeaderis specified inICAPHeader, there must be the HTTPClientIpICAPHeader element and it should not be empty.
- If
The X-Include header includes headers specified in HTTPUserNameICAPHeader and HTTPClientIpICAPHeader as a comma-separated list. The default values for these headers are X-Client-Username and X-Client-IP respectively. The following is an example of the X-Include header:
X-Include: X-Client-IP, X-Client-Username
The X-Include header can also include only one of these headers, for example:
X-Include: X-Client-Username
RequestingICAPHeaders specifies which headers are included in X-Include.
X-Infection-Found
This header contains types of the detected threats or legitimate objects that can be used by attackers. You can specify whether Kaspersky Scan Engine includes this header in its response in the SendInfectionFoundICAPHeader element. The header will be present only if a threat or legitimate object that can be used by attackers is detected during scanning.
The header has the following format:
X-Infection-Found: Type=0; Resolution=0; Threat={Threat_type};
Here, {Threat_type} is the type of the threat or legitimate software that can be used by intruders. If Kaspersky Scan Engine detects several objects, all types are listed, separated by the comma symbol (,).
In the current version of Kaspersky Scan Engine, the values of Type and Resolution are always 0.
X-Response-Desc
This header contains the descriptions of the detected threats or legitimate objects that can be used by attackers. You can specify whether Kaspersky Scan Engine includes this header in its response in the SendResponseDescICAPHeader element. The header will be present only if a threat or legitimate object that can be used by attackers is detected during scanning.
The header has the following format:
X-Response-Desc: {Text}
Here, {Text} can have the following values:
Value | Description |
|---|---|
Trojan malicious object detected | A Trojan was detected. |
Malicious tool detected | Malware was detected. |
Highly dangerous malicious object detected | A highly dangerous malicious object that cannot be classified using either of available classes of malware was detected. |
Medium dangerous malicious object detected | A mediumly dangerous malicious object that cannot be classified using either of available classes of malware was detected. |
Virware malicious object detected | A program that infects other files by adding its own code to them in order to gain control of the infected files when they are opened was detected. |
Malicious URL | A malicious URL was detected. |
Phishing URL | A phishing URL was detected. |
Malicious host | An IP address of a malicious host was detected. |
Adware URL | A URL that leads to adware was detected. |
Riskware URL | A URL that leads to legitimate software that can be used by intruders was detected. |
Adware host | An IP address of adware was detected. |
Riskware host | An IP address of a host that stores legitimate software that can be used by intruders was detected. |
Detected legitimate software that can be used by intruders to damage your computer or personal data | An application that has no malicious features but could be a part of the development environment for malicious programs was detected. |
Detected an attempt of unauthorized use of pay-per-use Internet services which are commonly pornographic websites (pornodialer), or pornotools, or a pornodownloader | An attempt of unauthorized use of pay-per-use Internet services (which are commonly pornographic websites) was detected. |
Adware detected | A URL that leads to adware was detected. |
Multiple threats detected | Multiple objects were detected. |
Detected a highly dangerous malicious object that cannot be classified using either of available classes of malware | A highly dangerous unclassified object was detected. |
MS Office document containing a macro is detected | A Microsoft Office document containing a macro was detected. |
X-Response-Info
This header contains the status of the scanned object or the response to the OPTIONS requests. You can specify whether Kaspersky Scan Engine includes this header in its response in the SendResponseInfoICAPHeader element.
The header has the following format:
X-Response-Info: {Token}
Here, {Token} can have the following values:
Value | Description |
|---|---|
| The scanned file or URL is not malicious. |
| This response can appear for the following reasons:
|
| The answer to the |
X-Violations-Found
This header contains information about the scanned file and the threats or legitimate software that can be used by intruders detected in this file. You can specify whether Kaspersky Scan Engine includes this header in its response in the SendViolationsFoundICAPHeader element. The header will be present only if a threat or legitimate object that can be used by attackers is detected during scanning.
The header has the following format:
X-Violations-Found: {Count}
{File_name}
{Description}
{Problem_ID}
{Resolution_ID}
Here, {count} is the number of the objects that were detected in the file, {File_name} is the name of the file, {Description} is the name of the first detected threat or legitimate object that can be used by attackers in the file, {Problem_ID} is the identifier of the detected threat or legitimate object that can be used by attackers, {Resolution_ID} is the identifier of the action performed on the object by Kaspersky Scan Engine.
In the current version of Kaspersky Scan Engine, the value of {Resolution_ID} is always 0.
