Forum Discussion

PSFletchTheTek's avatar
Jun 06, 2022

ASM ICAP for AV Scanning

Hi All,

So i'm looking at AV scanning using ASM's ICAP interface.

Now i've found this and identifiying different headers that the ICAP Server can put in the response back to the f5.

So namely X-Infection-Found, X-Virus-Name, X-Virus-ID, X-Violations-Found
What i can't seem to find is what the f5 is expecting back as part of those headers and how it reacts to them.
From the mcafee example (and i know its only an example!) I could send back other headers potentially with other useful information but how do i get ASM/AWAF to respond and act to this information?

From the f5 kb, its almost a if header exists act, or id header is not null then block.
Is that correct? is there a list of headers the f5 is looking for?

Is this detailed anywhere please?