You are here

Configure ICAP for Symantec Antivirus

The ICAP module allows to connect your antivirus solution with Airlock 4.1 or later (AV server must have an ICAP 1.0 interface). This article describes the necessary configuration steps for making the Symantec Protection Engine for Cloud Services (formerly Symantec Scan Engine) work with Airlock.

For using ICAP, Airlock needs a license with the ICAP capability. Make sure your license has this feature enabled.

Protection Engine setup

After installation of the Protection Engine, go to its configuration center. Set the communication protocol to ICAP and choose a listening port for the ICAP server (default is 1344).

Ensure that virus scanning is enabled in the scanning policies.

Airlock configuration

You can add several ICAP services to Airlock, either in request or in response mode. Do this in the Airlock Configuration Center under "System Setup" - "Network Services" as follows:

symantec ICAP

The ICAP service names "avscanreq", "avscan" and "avscanresp" are legacy service names. We recommend to use the new service names "symcscanreq-av" and "symcscanresp-av". You will also find additional service names in the documentation "Symantec Protection Engine Software Developer's Guide".

Be sure that the ICAP service URL does not end with a slash.

Now you can select this ICAP configuration in all Mappings for which you want virus scanning activated. In the following example the requests respectively the responses are only scanned for uploads (path /upload/.*) and downloads (path /download/.*).

The Reqmod scans uploaded files and the Respmod scans downloaded data.

This is it! Now activate your configuration and the Mapping paths with enabled ICAP module are secured against virus intrusion. If you want to test if the scanner really works, get this Anti-Malware testfile.

Tested with:
- Symantec Scan Engine Version and 5.2.10
- Symantec Protection Engine Version 7.5.1

Knowledge Base Categories: