Deployment: ICAP Settings

Deploying in ICAP Mode requires addition configuration settings.

IWSVA can return four optional headers from the ICAP server whenever a virus is found or for information about users and groups. These headers are not returned by default for performance reasons, because many ICAP clients do not use these headers. They must be enabled in the IWSVA Web console.

X-Virus-ID: Contains one line of US-ASCII text with a name of the virus or risk encountered. For example:
X-Virus-ID: EICAR Test String

X-Infection-Found: Returns a numeric code for the type of infection, the resolution, and the risk description.

For more details on the parameter values, see:

X-Authenticated - User: If enabled, IWSVA requests the username sent in the X-Authenticated-User ICAP header. The username obtained from the ICAP header allows IWSVA to identify of the user issuing the request if you configure IWSVA to use the user/groupname method of user identification.

X-Authenticated - Group: If enabled, IWSVA requests the group membership information sent in the X-Authenticated-Groups ICAP header if you configure IWSVA to use the user/groupname method of user identification. If disabled, IWSVA queries LDAP for the group membership information.

Note: Some ICAP clients do not offer the recursive group membership search. For example, if a user belongs to group A, and group A belongs to group B, the ICAP client only sends group A information in the header. If you require recursive group membership information, Trend Micro recommends disabling the x_authenticated_groups header.

To configure the ICAP settings:

Select the ICAP mode radio button on the Deployment Mode page.

Click Next.

Follow the configuration recommendations:

Configuration Parameter	Details	Recommended Value
HTTP Listening port	This is the port that IWSVA listens on to receive connections for ICAP.	1344
Enable X-Virus-ID ICAP header (check box)	Enable / Disable ICAP details regarding malware detected being recorded.	Check (enable)
Enable X-Infection-Found ICAP header (check box)	Enable / Disable ICAP details regarding malware detected and passing details back to the ICAP device	Check (enable)
Enable X-Authenticated-User ICAP header	Enable / Disable ICAP details regarding
Enable X-Authenticated-Groups ICAP Header	Enable / Disable ICAP details regarding

Click Next.

Set up the Network Interface to continue the deployment.

Note: Complete all steps in the Deployment Wizard to deploy in ICAP mode. After receiving a successful deployment message, configure the IWSVA ICAP set up.