File scan function in ASM

Hi,

I am looking for anti virus feature in F5 ASM, when user upload file to server through website, it can be scanned by antivirus. I have gone through couple of articles, but like

1.  to understand cons and pros on solution from actually implementation. 

2. Is any header or irule required to configure antivirus for return traffic from icap server 

3. How actually traffic flows between icap server and f5 ASM.

4. What ip address to configure at icap server

5. I could see some real header like, Value of virus_header_name..

Is any a chance someone use same header for insert virus payload from internet, because it is known.

6. When traffic interpret by F5 ASM, how application follows flow..

Thank you in advance