I see that some implementations of ICAP may by mistake not return an HTTP payload to the F5 Internal Virtual server but they have ICAP headers that a virus has been detected.
For now I found no way to manipulate this data as I do not seem be able to change the ICAP status to "respond" with the ICAP events or to insert HTTP payload so to be able to match the ADAPT::result with the ADAPT_REQUEST_RESULT event on the real web virtual server so I am stuck.
As of now I am thinking that without HTTP payload provided by the ICAP server in clear text (some hide the HTTP payload in the ICAP response as json like type) then the Adaptation Virtual server will not get the "respond" event From the F5 Internal Virtual Server as described in https://clouddocs.f5.com/api/irules/ADAPT__result.html that shows that there is HTTP response pange in the reply from the external ICAP server but I decided to check with the community.
It would have neen a nice workaround if the ICAP server returns 544 for example response ICAP code as some ICAP servers can be configured what ICAP code to return and the F5 internal VS to be able with an ICAP irule to pass the code as a part ''ADAPT::result'' or to instert it as an HTTP payload Header in a iRule Generated Payload to the Adaptation Web VS that then can trigger again with an iRule for some some custom response page to be provided to the end user but maybe this is asking for too much hah.
Not an area of expertise for me, and after looking at all the ADAPT, ICAP, and IVS events/commands, my head is spinning... 😫😫
Will need to (eventually) mock up a scenario so I can better understand the iRules entry points around the workflow, which is better known to me as described in this lightboard lesson. It looks like TCP commands are allowed in ICAP events, so you could try a TCP::collect (not sure this specific action is allowed) and then modify in SERVER_DATA if it is...but again, never tried that and I haven't done anything outside of concepts with this.