Procedure

1. Go to Administration → Integrated Products/Services → ICAP.
2. Select Enable ICAP.
3. Type the ICAP port number.
   The default value is 1344.
4. To connect the ICAP client over a secure connection, select Enable ICAP over SSL and specify the following details:
   • ICAPS port number: Default value is 11344
   • Certificate: Certificates must use base64-encoding
   • Private key: Private keys must use base64-encoding

     Important Only encrypted private keys are supported.

   • Passphrase
   • Confirm Passphrase
5. Specify the number of Max connections allowed.
   The default value is 1000.
6. Specify how Deep Discovery Analyzer handles ICAP headers.
   If Deep Discovery Analyzer detects a high-risk sample, Deep Discovery Analyzer sends these headers to the ICAP client.

   • Enable X-Virus-ID ICAP header
   • Enable X-Infection-Found ICAP header

   For details, see ICAP Header Responses.

   If Deep Discovery Analyzer receives these headers from the ICAP client, Deep Discovery Analyzer stores them on the server.

   • Enable X-Client-IP ICAP header
   • Enable X-Server-IP ICAP header
   • Enable X-Authenticated-User ICAP header
   • Enable X-Authenticated-Groups ICAP header
7. (Optional) Under User Notification Pages, select Use a user notification page whenever the ICAP client blocks network traffic for the following events and specify a file that contains the page contents.

   Note This setting allows Deep Discovery Analyzer to display a custom page whenever the ICAP client blocks network traffic for specific events. The ICAP client may override this setting. If the setting is enabled and the custom page are not displayed, verify that there are no conflicts with the ICAP client configuration.

   Deep Discovery Analyzer supports custom pages for the following events:

   • URL access
   • File upload
   • File download

   Note Use any text editor to create the pages, and save as plain text. HTML tags may be used to apply formatting. Ensure that files are smaller than 5 MB.

8. (Optional) Under ICAP Client List, select Accept scan request from the following ICAP clients only to limit submissions to specific clients only.
   • To add a new IP address or IP address range, click Add.
   • To remove an existing entry, select an entry and click Delete.

   Note By default, all ICAP clients can submit samples to the Deep Discovery Analyzer server.

9. Click Save.
10. Verify that Deep Discovery Analyzer integration is working correctly.
    For high-risk samples:

    • Deep Discovery Analyzer returns an HTTP 403 Forbidden message to the ICAP client
    • If the User Notification Page setting is enabled, Deep Discovery Analyzer includes the uploaded page as part of the message.
    • If X-Virus-ID and X-Infection-Found ICAP headers are enabled, Deep Discovery Analyzer includes these headers within the message.

    For no-risk samples::

    • Deep Discovery Analyzer returns the original message it receives from the ICAP client.
    • If the ICAP client supports ICAP 204 No Content, it returns an ICAP 204 No Content response without the original message.