You are here

Configure ICAP for Trend Micro Antivirus

The Airlock ICAP module allows to connect your antivirus solution with Airlock 4.1 or later (AV-Server must have an ICAP 1.0 interface). This article describes the necessary configuration steps for making Trend Micro's Interscan Web Security Suite work with Airlock.

For using ICAP, Airlock needs a license with the ICAP capability. Make sure your license has this feature enabled.

IWSS setup

When you install IWSS, you must enable ICAP mode as the HTTP handler. Be sure to configure the server as forward proxy. Please refer to the readme file of IWSS for more information. After installation of IWSS, go to its configuration center. Set the "HTTP traffic" switch to "on" and enable HTTP scanning. On the HTTP tab you must enable virus scanning and choose a listening port for the ICAP server (default is 1344).

Airlock configuration

You can add several ICAP services either in request or in response mode to Airlock. Do this in the Airlock Configuration Center under "System Setup" - "Network Services" as follows:

Now you can select this ICAP configuration in all Mappings for which you want virus scanning activated. In the following example the requests respectively the responses are only scanned for uploads (path /upload/.*) and downloads (path /download/.*).

The Reqmod scans uploaded files and the Respmod scans downloaded data.

This is it! Now activate your configuration and the Mappings with enabled ICAP module are secured against virus intrusion. If you want to test if the scanner really works, get this Anti-Malware testfile.

Tested with Trend Micro Interscan Web Security Suite 2.5 1334

Knowledge Base Categories: