Forum Discussion
R_Marc
Nimbostratus
NimbostratusASM ICAP integration with McAfee
I've set up my ASM policy to utilize ICAP to a McAfee appliance. That part seems to be working fine. My files are getting over to the McAfee appliance and I see hits there (38 to be specific) in the ICAP logs for Malware hits.
I do not see any blocks on the ASM logs, however. I'm not exactly sure how it would show up, but I would have thought under attack signature "Virus detected." I have no hits on that particular signature though.
I followed these instructions.
8 Replies
Philipp_Stadlerdid you apply a log profile to the corresponding vserver?
- R_MarcIndeed. It's part of my default configuration (necessary for anything useful from ASM).
- Philipp_Stadlerdo the block works correctly - I have the same issue, malware found on McAfee AV, but the request isn't really blocked or seen on F5 side.
- R_MarcThe blocks do not work for me, no.
- R_Marc
Thank you very much. Worked as you noted, though I had to move it up to the top of the policies, not just add it.
Now I see: Virus detected
In ASM.
R. Marc
- Philipp_Stadlercan you please flag the answer as correct. Thanks, Philipp
MarvinCirrocumulus
Hi Philipp, Do you have experience in configuring F5 ASM with Mcafee Virusscan for storage using ICAP? Thing is requests are being sent from ASM towards the ICAP server (Mcafee Virusscan for storage) but ICAP server responds with ICAP/1.0 400 Bad request. I used /REQMOD as the variable to send the requests as stated in the documentation.- Marvinhttps://devcentral.f5.com/s/feed/0D51T00006i7dErSAI
