Back=right mouse click.
ICAP Request Mode: When a new request is received, the request is sent to the scanning server to ensure it is a valid access request.
ICAP Response Mode: When the new request is valid, any returned content is scanned.
It is possible to use only one scanning vector; however, this reduces the ability to scan all appropriate traffic by 50 percent.
The steps outlined below are specifically for the triggering of a request mode action through the InterScan Web Security Virtual Appliance that further triggers a Damage Cleanup Services (DCS) attempt (if a DCS server is used and IWSVA has registered to the DCS server successfully):
Log into a client that is passes traffic through IWSVA.
Open a Web browser and open the site www.goodclup.com/caiink/t1.exe
The outbound URL is passed to InterScan Web Security Suite and is blocked. If a DCS server is used and IWSVA has registered to the DCS server successfully, as Damage Cleanup Services is still configured to perform an automatic cleanup, the workstation also has an automatic remediation attempt performed against it.
The following outlined steps are designed specifically for the triggering of a response mode action through IWSVA.
Open a Web browser and open the site www.eicar.org.
Click the button labeled AntiMalware Testfile.
Scroll to the bottom of the page where it details Download area using the standard protocol http.
Select the eicar.com.txt file to download.
The outbound URL is valid, thus the request mode allowed the URL to pass. The response of the traffic — the actual download triggers InterScan Web Security to block the download from occurring.