Technical Forum
Ask questions. Discover Answers.
Showing results for 
Search instead for 
Did you mean: 
Custom Alert Banner

File scan function in ASM



I am looking for anti virus feature in F5 ASM, when user upload file to server through website, it can be scanned by antivirus. I have gone through couple of articles, but like

1.  to understand cons and pros on solution from actually implementation. 

2. Is any header or irule required to configure antivirus for return traffic from icap server 

3. How actually traffic flows between icap server and f5 ASM.

4. What ip address to configure at icap server

5. I could see some real header like, Value of virus_header_name..

Is any a chance someone use same header for insert virus payload from internet, because it is known.

6. When traffic interpret by F5 ASM, how application follows flow..

Thank you in advance 








Yes, it has, but how F5 ASM understand return response from Mcafee?

also how application follow traffic flows 



It speaks ICAP protocol. ICAP was meant to give high-speed allow / deny messages to proxies, so the architecture is what we call a 3-legged proxy. The BIG-IP sends the flow to the AV and waits for AV to allow the flow via ICAP. In this way, the AV and Proxy do not need to know how to talk to eachother.

Community Manager
Community Manager

Hi @peddi - I see nobody has answered your question yet, so I featured it in the Unanswered Questions section of this week's Highlights article. I've also asked a colleague to take a look.