Deployment: ICAP Settings Parent topic

Note
Note
ICAPS is not available for ICAP clients using SSLv2 or SSLv3 for SSL handshake. IWSVA only supports TLSv1, TLSv1.1, and TLSv1.2 for secure ICAP communication.
Deploying in ICAP Mode requires addition configuration settings.
IWSVA can return four optional headers from the ICAP server whenever a virus is found or for information about users and groups. "X-Virus-ID" and "X-Infection-Found" are not returned by default for performance reasons, because many ICAP clients do not use these headers. They must be enabled in the IWSVA Web console.
  • X-Virus-ID:Contains one line of US-ASCII text with a name of the virus or risk encountered. For example:X-Virus-ID: EICAR Test String
  • X-Infection-Found:Returns a numeric code for the type of infection, the resolution, and the risk description.
    For more details on the parameter values, see:
    http://www.icap-forum.org/
  • X-Authenticated - User:If enabled, IWSVA requests the username sent in the X-Authenticated-User ICAP header. The username obtained from the ICAP header allows IWSVA to identify of the user issuing the request if you configure IWSVA to use the user/groupname method of user identification.
  • X-Authenticated - Group:If enabled, IWSVA requests the group membership information sent in the X-Authenticated-Groups ICAP header if you configure IWSVA to use the user/groupname method of user identification. If disabled, IWSVA queries LDAP for the group membership information.
    Note
    Note
    Some ICAP clients do not offer the recursive group membership search. For example, if a user belongs to group A, and group A belongs to group B, the ICAP client only sends group A information in the header. If you require recursive group membership information, Trend Micro recommends disabling the x_authenticated_groups header.
To configure the ICAP settings:
  1. Select the ICAP mode radio button on the Deployment Mode page.
  2. Click Next.
  3. Follow the configuration recommendations:
    Configuration Parameter Details Recommended Value
    HTTP Listening port This is the port that IWSVA listens on to receive connections for ICAP. 1344
    Enable ICAP over SSL Enable/Disable secure ICAP communication Disable
    ICAPS Port Number This is the port that IWSVA listens on to receive connections for ICAPS. 11344
    Certificate Import server certificates for SSL-secured requests from clients.  
    Private Key Import the private key for SSL-secured communication.  
    Passphrase Enter the passphrase for the private key.  
    Confirm Passphrase Enter the passphrase again to confirm.  
    Enable X-Virus-ID ICAP header (check box) Enable / Disable the ICAP short name of the infection detected being recorded. Disable
    Enable X-Infection-Found ICAP header (check box) Enable / Disable ICAP details regarding malware detected and passing details back to the ICAP device Disable
    Enable X-Authenticated-User ICAP header Enable / Disable ICAP details about username information. Check (enable)
    Enable X-Authenticated-Groups ICAP Header Enable / Disable ICAP details about group membership information. Disable
  4. Click Next.
  5. Set up the Network Interface to continue the deployment.
Note
Note
Complete all steps in the Deployment Wizard to deploy in ICAP mode. After receiving a successful deployment message, configure the IWSVA ICAP set up.