Forum Discussion
Sophos Antivirus Integration
Hello,
I am deploying an ASM policy which offloads antivirus scanning of file uploads to an external ICAP server. I am following the below configuration guide:
http://support.f5.com/kb/en-us/prod...ml1037564
The ICAP server is running Sophos antivirus. The default settings in the ASM policy are tailored to a McAfee solution. The above guide advises the advanced settings for "virus_header_name" and "icap_uri" need to be re-configured to suit the software running on the ICAP server.
I have been provided the below examples, but nothing for the Sophos software.Can anyone tell me what these string values need to be set to in order to support the Sophos software?
virus_header_name:
Specifies the header name used by an anti-virus program on an ICAP server. By default, the system supports an ICAP server with McAfee anti-virus protection. If you are using a different ICAP server, change this to the appropriate header value.
Values for supported anti-virus programs:
McAfee: X-Virus-Name (default)
Trend Micro InterScan Web Security: X-Virus-ID
Kaspersky: X-Virus-ID
Symantec: X-Violations-Found
icap_uri :
Specifies the URI for the ICAP service, which checks requests for viruses by connecting to an Internet Content Adaptation Protocol (ICAP) server.
Values for supported ICAP services:
McAfee: /reqmod
Trend Micro InterScan Web Security: /reqmod
Kaspersky: /av/reqmod
Symantec: /symcscanreq-av-url
SimonS_84965Nimbostratus
Sophos have this great document that has lots of the information you where (all those years back) looking for. http://www.sophos.com/en-us/medialibrary/PDFs/documentation/SAVDIICAP_ICAP_Implementation.pdf?la=en
I only noted this because i am working through the process of implementing this same functionality now
Daniel_KopfenstHi Simon,
did you manage to integrate Sophos via ICAP, if so what values have you used for icap_uri and virus_header_name ?
Thanks, Daniel