Forum Discussion
Hi All,
I was interested to test ICAP integration with CLAMAV (for testing purpose) with ASM.
On a Ubuntu server configured with only SSH server and IP address fixed (better for a server), I used the following commands to install C-ICAP with clamAV and make it available for ASM:
Install packages with dependencies
apt-get update
apt-get -y install c-icap
apt-get -y install libc-icap-mod-virus-scan
Configure c-icap with expected parameters
sed -i.back /etc/c-icap/c-icap.conf -e 's/${prefix}/\/usr/'
sed -i.back /etc/c-icap/c-icap.conf -e "s/^ServerName.*/ServerName $(hostname)/g"
echo "Include virus_scan.conf" >> /etc/c-icap/c-icap.conf
sed -i.back /etc/c-icap/virus_scan.conf -e "/^Include clamav_mod.conf/s/^//"
Start the service ... don't know why not enabled
sed -i.back /etc/default/c-icap -e 's/START=no/START=yes/'
Restart services
service c-icap restart
service clamav-freshclam restart
On the ASM, configure the following parameters
-
Security ›› Options : Application Security : Advanced Configuration : System Variables
- icap_uri : /avscan (default value is /reqmod)
- virus_header_name : let default value X-Virus-Name,X-Infection-Found
-
Security ›› Options : Application Security : Integrated Services : Anti-Virus Protection
- Server Host Name/IP Address : IP of ubuntu server
- Server Port Number : 1433 (default port)
- Guarantee Enforcement : Enabled
For each security Policy :
-
Security ›› Application Security : Integrated Services : Anti-Virus Protection
- Inspect file uploads within HTTP requests : Enabled
-
Security ›› Application Security : Policy Building : Learning and Blocking Settings (version 13 menu... Security ›› Application Security : Blocking in previous versions)
- Virus Detected : Learn, Alarm, Block
- GymJun 12, 2020Cirrus
Why would you set "Learn" in the policy? The article https://support.f5.com/csp/article/K70941653 only says Alarm and Block. Why would you want to learn a virus?
I think you have a typo as well: the default port would be 1344, not 1433 (MS-SQL).