F5 is upgrading its customer support chat feature on My.F5.com. Chat support will be unavailable from 6am-10am PST on 1/20/26. Refer to K000159584 for details.

Forum Discussion

GGoran_276252's avatar
GGoran_276252
Icon for Nimbostratus rankNimbostratus
Jul 20, 2016

F5 with Symantec external antivirus (ICAP protocol)

Hi, first time asking a question here. We're trying to setup an F5 ASM to forward files to external antivirus for scanning (Symantec Protection Engine for Cloud Services) with ICAP protocol. There ha...
ASM Advanced WAF
BIG-IP
security
Hannes_Rapp_162's avatar
Hannes_Rapp_162
Icon for Nacreous rankNacreous
Jul 20, 2016

A simple starter: Have you checked your ASM policy blocking settings - Do you have "block" flag ticked for "Virus detected"?

 

GGoran_276252's avatar
GGoran_276252
Icon for Nimbostratus rankNimbostratus
Jul 20, 2016

Also changed one parameter on Symantec: EnableNonViralThreatCategoryResp was false (default), and is now true, but outcome remains the same after Symantec Engine restart and another virus upload.

 

In F5 event log, for these events with virus detections that have Response Code N/A as I mentioned before, in details, I see this: HTTP Response, No response details are available because request was blocked. Does this have any relevance?