ICAP Tab

Deep Discovery Analyzer supports integration with Internet Content Adaptation Protocol (ICAP) clients. An ICAP client can be a proxy server or network storage that submits samples to Deep Discovery Analyzer for analysis. The ICAP client performs an action (pass or block) on the sample based on the analysis result from Deep Discovery Analyzer .

After ICAP integration, Deep Discovery Analyzer can perform the following functions:

  • Work as an ICAP server that analyzes samples submitted by ICAP clients

  • Serve User Configuration Pages to the end user when the specified network behavior (URL access / file upload / file download) is blocked

  • Control which ICAP clients can submit samples by configuring the ICAP Client list

  • Bypass file scanning based on selected MIME content-types

  • Bypass file scanning based on true file types

  • Bypass URL scanning in RESPMOD mode

  • Scan samples using different scanning modules

  • Filter sample submissions based on the file types that Virtual Analyzer can process.

Deep Discovery Analyzer supports the following ICAP specifications.

Protocol

ICAP Mode

ICAP URL

ICAP

REQMOD

icap://<DDAN_IP>:1344/request

RESPMOD

icap:// <DDAN_IP>:1344/response

ICAPS

REQMOD

icaps://<DDAN_IP>:11344/request

RESPMOD

icaps://<DDAN_IP>:11344/response

The following describes the ICAP modes:

  • REQMOD (Request Modification Mode): Checks the contents of the HTTP request body, including URLs and uploaded files

  • RESPMOD (Response Modification Mode): Checks the contents of the HTTP response body, including URLs and downloaded files

For full compatibility with Deep Discovery Analyzer, set both Request Modification and Response Modification modes on ICAP clients.