|
|
|
|
|
ICAP/1.0 200 OK Server: Deep Discovery Analyzer 6.8 Build 1165 ISTag: "12.300.1011" X-Virus-ID: TROJ_FRS.0NA103DD20,TROJ_FRS.0NA104DD20 X-Infection-Found: Type=0; Resolution=2; Threat=TROJ_FRS.0NA103 DD20,TROJ_FRS.0NA104DD20; X-Response-Desc: URL: No risk rating from WRS; FILE: Detected b y ATSE Encapsulated: res-hdr=0, res-body=86 Date: Thu, 16 Apr 2020 07:38:01 GMT
|
ICAP Headers
|
Values
|
Examples
|
|---|---|---|
|
ICAP/1.0
|
ICAP status code.
For example:
For more information on the status codes, see the RFC documentation.
|
ICAP 1.0 200 OK
ICAP 1.0 204 No Content
|
|
Server
|
Deep Discovery Analyzer
version and build number
|
Server: Deep Discovery Analyzer 6.8 Build 1165
|
|
ISTag
|
Version of the Advanced Threat Scan Engine for Deep Discovery (Linux, 64-bit) component
This is used to validate that previous Deep Discovery Analyzer responses can still
be considered fresh by an ICAP client that may still be caching them.
|
ISTag: "12.300.1011"
|
|
Encapsulated
|
The offset of each encapsulated section's start relative to the start of the encapsulating message's body |
Encapsulated: req-hdr=0, req-body=86
|
|
Date
|
The date time value provided by the Deep Discovery Analyzer clock, specified as an RFC 1123 compliant date/time string |
Date: Thu, 16 Apr 2020 07:38:01 GMT
|
 |
NoteIf enabled, Deep Discovery Analyzer always returns the X-Response-Desc header, and only returns the X-Virus-ID
and X-Infection-Found headers when a known threat is detected during the pre-scanning
of samples
received from ICAP clients.
|
|
ICAP Headers
|
Values
|
Examples
|
|---|---|---|
|
X-Virus-ID
|
One line of US-ASCII text with the name of the virus or risk encountered
|
X-Virus-ID: TSPY_ONLINEG.MCS
|
|
X-Infection-Found
|
Numeric code for the type of infection, the resolution, and the risk description
|
X-Infection-Found: Type=0; Resolution=2; Threat=TSPY_ONLINEG.MCS;
|
|
X-Response-Desc
|
Reason Deep Discovery Analyzer considers a URL or file sample as malicious or safe
|
X-Response-Desc: URL: No risk rating from WRS; FILE: Detected by ATSE
|
|
NoteTo enable these headers and configure other ICAP settings, go to .
For details, see Configuring ICAP Settings.
|
|
X-Response-Desc Header
|
Description
|
|---|---|
|
No risk rating from WRS
|
The URL is detected by Web Reputation Services (WRS) and is considered as safe.
|
|
Match found in URL exception list
|
The URL matches an entry in the exception list and is displayed on the Exceptions
screen.
|
|
No risk rating from VA
|
The URL is detected by Virtual Analyzer is considered as safe.
|
|
Bypass URL scanning in RESPMOD mode
|
If you select Bypass URL scanning in RESPMOD mode on the ICAP screen, Deep Discovery Analyzer does not scan URLs in
RESPMOD mode.
|
|
Invalid URL
|
The URL is detected with an invalid format.
|
|
Unable to analyze URL in VA
|
The URL is not supported in Virtual Analyzer.
|
|
Detected by WRS
|
The URL is detected by WRS and is considered as malicious.
|
|
Detected by suspicious objects list
|
The URL matches an entry in the suspicious objects list.
|
|
Detected by user-defined suspicious objects list
|
The URL matches an entry in the user-defined suspicious objects list.
|
|
Detected by VA cache
|
The URL is already analyzed by Virtual Analyzer and is considered as malicious.
|
|
URL submitted to VA
|
No pre-scan result is available for the URL. Submit the URL sample to Virtual Analyzer
for
analysis.
|
|
X-Response-Desc Header
|
Description
|
|---|---|
|
Match found in file exception list
|
The file matches an entry in the exception list and is displayed on the Exceptions
screen.
|
|
No risk rating from VA
|
The file is detected by Virtual Analyzer is considered as safe.
|
|
Unsupported file type in VA
|
The file is not analyzed by Virtual Analyzer due to one of the following:
|
|
Bypass MIME content-type scanning
|
If you select Enable MIME content-type exclusion and the
content-type is in the exclusion list, Deep Discovery Analyzer does not scan the file.
|
|
Maximum file size exceeded
|
The file size has exceeded the maximum (60MB).
|
|
Bypass true file type scanning
|
If you select Enable MIME content-type validation and
the file type is in the exclusion list, Deep Discovery Analyzer does not scan the file.
|
|
Detected by ATSE
|
The file is detected by Advanced Threat Scan Engine (ATSE) for Deep Discovery.
|
|
Detected by YARA rule
|
The file matches a YARA rule.
|
|
Detected by suspicious objects list
|
The file matches an entry in the suspicious objects list.
|
|
Detected by user-defined suspicious objects list
|
The file matches an entry in the user-defined suspicious objects list.
|
|
Detected by Predictive Machine Learning engine
|
The file is detected by the Predictive Machine Learning engine.
|
|
Detected by VA cache
|
The file is already analyzed by Virtual Analyzer and is considered as malicious.
|
|
File submitted to VA
|
No pre-scan result is available for the file. Submit the file sample to Virtual Analyzer
for analysis.
|
ICAP/1.0 204 No Content Server: Deep Discovery Analyzer 6.8 Build 1165 ISTag: "12.300.1011" X-Response-Desc: URL: No risk rating from WRS; FILE: No risk ra ting from VA Date: Thu, 16 Apr 2020 07:32:30 GMT
|
NoteIf you configure the redirect page in the management console, Deep Discovery Analyzer sends the redirect page
content after the HTTP 403 Forbidden header.
|
ICAP/1.0 200 OK Server: Deep Discovery Analyzer 6.8 Build 1165 ISTag: "12.300.1011" X-Virus-ID: TROJ_FRS.0NA103DD20,TROJ_FRS.0NA104DD20 X-Infection-Found: Type=0; Resolution=2; Threat=TROJ_FRS.0NA103 DD20,TROJ_FRS.0NA104DD20; X-Response-Desc: URL: Bypass URL scanning in RESPMOD mode; FILE : Detected by ATSE Encapsulated: res-hdr=0, res-body=86 Date: Thu, 16 Apr 2020 07:38:01 GMT HTTP/1.1 403 Forbidden
ICAP/1.0 204 No Content Server: Deep Discovery Analyzer 6.8 Build 1165 ISTag: "12.300.1011" X-Response-Desc: URL: No risk rating from WRS; FILE: File submi tted to VA Date: Thu, 16 Apr 2020 07:22:41 GMT