-
ICAP Request Mode: When a new request is received, the request is sent to the scanning server to ensure
it is a valid access request.
-
ICAP Response Mode: When the new request is valid, any returned content is scanned.
It is possible to use only one scanning vector; however, this reduces the ability
to scan all appropriate traffic by 50 percent.
Triggering a Response Mode Action
The following outlined steps are designed specifically for the triggering of a response
mode action through IWSVA.
-
Log into a client that is passes traffic through IWSVA.
-
Open a Web browser and open the site www.eicar.org.
-
Click the button labeled AntiMalware Testfile.
-
Scroll to the bottom of the page where it details Download area using the standard protocol http.
-
Select the eicar.com.txt file to download.
The outbound URL is valid, thus the request mode allowed the URL to pass. The response
of the traffic — the actual download triggers InterScan Web Security to block the
download from occurring.
