Understanding Request and Response Mode Differences

• ICAP Request Mode: When a new request is received, the request is sent to the scanning server to ensure it is a valid access request.

• ICAP Response Mode: When the new request is valid, any returned content is scanned.

It is possible to use only one scanning vector; however, this reduces the ability to scan all appropriate traffic by 50 percent.

Triggering a Response Mode Action

The following outlined steps are designed specifically for the triggering of a response mode action through IWSVA.

1. Log into a client that is passes traffic through IWSVA.

2. Open a Web browser and open the site www.eicar.org.

3. Click the button labeled AntiMalware Testfile.

4. Scroll to the bottom of the page where it details Download area using the standard protocol http.

5. Select the eicar.com.txt file to download.

The outbound URL is valid, thus the request mode allowed the URL to pass. The response of the traffic — the actual download triggers InterScan Web Security to block the download from occurring.