Hi All,
I was interested to test ICAP integration with CLAMAV (for testing purpose) with ASM.
On a Ubuntu server configured with only SSH server and IP address fixed (better for a server), I used the following commands to install C-ICAP with clamAV and make it available for ASM:
Install packages with dependencies
apt-get update
apt-get -y install c-icap
apt-get -y install libc-icap-mod-virus-scan
Configure c-icap with expected parameters
sed -i.back /etc/c-icap/c-icap.conf -e 's/${prefix}/\/usr/'
sed -i.back /etc/c-icap/c-icap.conf -e "s/^ServerName.*/ServerName $(hostname)/g"
echo "Include virus_scan.conf" >> /etc/c-icap/c-icap.conf
sed -i.back /etc/c-icap/virus_scan.conf -e "/^Include clamav_mod.conf/s/^//"
Start the service ... don't know why not enabled
sed -i.back /etc/default/c-icap -e 's/START=no/START=yes/'
Restart services
service c-icap restart
service clamav-freshclam restart
On the ASM, configure the following parameters
For each security Policy :
-
Security ›› Application Security : Integrated Services : Anti-Virus Protection
- Inspect file uploads within HTTP requests : Enabled
-
Security ›› Application Security : Policy Building : Learning and Blocking Settings (version 13 menu... Security ›› Application Security : Blocking in previous versions)
- Virus Detected : Learn, Alarm, Block