ASM ICAP for AV Scanning

Question

Hi All,So i'm looking at AV scanning using ASM's ICAP interface.Now i've found this&nbsp;https://support.f5.com/csp/article/K70941653&nbsp;and&nbsp;https://community.mcafee.com/t5/Web-Gateway/ICAP-Server/td-p/390787&nbsp;identifiying different headers that the ICAP Server can put in the response back to the f5.So namely&nbsp;X-Infection-Found, X-Virus-Name,&nbsp;X-Virus-ID,&nbsp;X-Violations-FoundWhat i can't seem to find is what the f5 is expecting back as part of those headers and how it reacts to them.From the mcafee example (and i know its only an example!) I could send back other headers potentially with other useful information but how do i get ASM/AWAF to respond and act to this information?From the f5 kb, its almost a if header exists act, or id header is not null then block.Is that correct? is there a list of headers the f5 is looking for?Is this detailed anywhere please?&nbsp;

lidev · Answer

Hi PSFletchTheTek ,
Indeed, F5 BIG-IP reacts according to the information present with the ICAP response header extensions. You will find all the headers and their descriptions/examples in the following RFC .
source : http://www.icap-forum.org Regards

Forum Discussion

ASM ICAP for AV Scanning

Recent Discussions

ASM Export JSON - size Limit ?

Can i apply ddos profile on virtual server using port range

I used the wrong email account when take Application Delivery Exam (101)

F5 iControl REST API - viewBy Parameter Issue in Analytics Report

'F5 rules for AWS WAF' ruleset not working for jsp web shell attack

Related Content

F5 ICAP over SSL/TLS (Secure ICAP) with F5 ASM/AWAF Antivirus Protection feature

Continued Intense Scanning From One IP in Lithuania

Advanced iRules: Scan

Advanced iRules: Binary Scan

OWASP Automated Threats - OAT-014 Vulnerability Scanning

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS