Forum Discussion
ICAP server reachable, however ASM claims communication issues
Greetings,
I have encountered a situation where I have implemented basic AV protection to a server. Tests with EICAR file work fine from internal and external networks (should not really matter).
The thing is that on some occasions I noticed that the file upload had been blocked but the Virus violation states: "Virus detection was not performed due to communication problem. See details here: /ts/log/bd.log" There is no relevant info in that log file.
Guaranteed enforcement was turned on, so I guess that's why the block took place. But the real question is - why is it complaining about not being able to communicate with the ICAP server? When I run a test from any network, it blocks it just right and the violation is described accurately.
Whenever this has happened there have been multiple generic violations detected with the traffic as well, but ONLY AV protection is in Blocking mode - generic signatures are just alerting for analysis.
Does anyone have more experience with such cases? Any ideas why this is happening?
Thank you!
- samstepCirrocumulus
I think you need to raise a support case. They will check your config, also ICAP is known to have some issues on some versions of BIG-IP and some AV Vendors
- SipheNimbostratus
Hi,
Was this resolved i am getting the same error message, and this generates false positives.
when i do a packet captures i see bidirectional communication with the ICAP server, and the ICAP server responds with code 204 unmodified
- dupapaNimbostratus
I've recently encountered the same issue with our BigIP v16.1.3.3. Can anyone shed the light of how this issue can be solved?
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com