I am looking for anti virus feature in F5 ASM, when user upload file to server through website, it can be scanned by antivirus. I have gone through couple of articles, but like
1. to understand cons and pros on solution from actually implementation.
2. Is any header or irule required to configure antivirus for return traffic from icap server
3. How actually traffic flows between icap server and f5 ASM.
4. What ip address to configure at icap server
5. I could see some real header like, Value of virus_header_name..
Is any a chance someone use same header for insert virus payload from internet, because it is known.
6. When traffic interpret by F5 ASM, how application follows flow..
Thank you in advance
Yes, it has, but how F5 ASM understand return response from Mcafee?
also how application follow traffic flows
It speaks ICAP protocol. ICAP was meant to give high-speed allow / deny messages to proxies, so the architecture is what we call a 3-legged proxy. The BIG-IP sends the flow to the AV and waits for AV to allow the flow via ICAP. In this way, the AV and Proxy do not need to know how to talk to eachother.
Hi @peddi - I see nobody has answered your question yet, so I featured it in the Unanswered Questions section of this week's Highlights article. I've also asked a colleague to take a look.