Forum Discussion
THE_BLUE
Cirrostratus
CirrostratusASM INtegrated services
in f5 under ASM there is :
Security ›› Application Security : Integrated Services : Anti-Virus Protection
there is 2 option:
1-Inspect file uploads within HTTP requests
2- XML Profiles
so if i enabled this, it will works? or i have to integrate the F5 with Antivirus first?
or it can work without antivirus?
- Daniel_Wolf
MVP
Hi THE_BLUE,
it won't work out the box, you have to configure ICAP first.
This is a general config guide: K70941653: Configuring BIG-IP ASM antivirus protection
And fellow MVP Nikoolayy1 wrote a nice article on how to setup the whole things for AWAF and ICAP over TLS:
F5 ICAP over SSL/TLS (Secure ICAP) with F5 ASM/AWAF Antivirus Protection featureMy personal opinion on that: Don't use this feature. The fact that a file is sent to an ICAP server for scanning, means that the end user will experience the upload as slow or slower than usual and might become impatient.
KR
Daniel- zamroni777
Nacreous
i think there are some use cases that really need the feature, such as application that expect to receive pdf or microsoft word files.
even jpeg can contain malware
https://umbrella.cisco.com/blog/picture-perfect-how-jpg-exif-data-hides-malwareas alternative to waf integrated antivirus, simply store the files in file servers that has up to date antivirus so the files are automatically inspected and cleaned.
VidalUptonNimbostratus
Ok, thanks. I will keep it in my mind.
