ASM ICAP for AV Scanning

Question

Hi All,So i'm looking at AV scanning using ASM's ICAP interface.Now i've found this&nbsp;https://support.f5.com/csp/article/K70941653&nbsp;and&nbsp;https://community.mcafee.com/t5/Web-Gateway/ICAP-Server/td-p/390787&nbsp;identifiying different headers that the ICAP Server can put in the response back to the f5.So namely&nbsp;X-Infection-Found, X-Virus-Name,&nbsp;X-Virus-ID,&nbsp;X-Violations-FoundWhat i can't seem to find is what the f5 is expecting back as part of those headers and how it reacts to them.From the mcafee example (and i know its only an example!) I could send back other headers potentially with other useful information but how do i get ASM/AWAF to respond and act to this information?From the f5 kb, its almost a if header exists act, or id header is not null then block.Is that correct? is there a list of headers the f5 is looking for?Is this detailed anywhere please?&nbsp;

lidev · Answer

Hi PSFletchTheTek ,
Indeed, F5 BIG-IP reacts according to the information present with the ICAP response header extensions. You will find all the headers and their descriptions/examples in the following RFC .
source : http://www.icap-forum.org Regards

Forum Discussion

ASM ICAP for AV Scanning

1 Reply

Recent Discussions

F5Access | MacOS Sonoma

Overwriting or adding LTM SSL Traffic cert and key using iControlREST

Enabling AVR and creating Profiles

Get associated pool name from VIP IP using F5-LTM

Disacard SSL::cert mode to ignore when default SSLClient profile is set to request or require

Related Content

F5 ICAP over SSL/TLS (Secure ICAP) with F5 ASM/AWAF Antivirus Protection feature

OWASP Automated Threats - OAT-014 Vulnerability Scanning

Advanced iRules: Scan

Advanced iRules: Binary Scan

Integrating WhiteHat Scans With BIG-IP ASM