ICAP Servers
Integrate PrivX with ICAP servers, to provide virus and content scanning for users' connections.
| ICAP Support | |
|---|---|
| Servers | ClamAV ClearSwift SIG McAfee WithSecure Atlant |
| Modes | REQMOD RESPMOD |
| Connection Types | SSH via PrivX GUI SCP via native clients SFTP via native clients RDP via PrivX GUI Web file transfers between carrier browser and user |
Enabling ICAP for File Transfers
When ICAP is enabled, all users' file uploads and downloads are scanned. Uploaded files are scanned before they are sent to target hosts; downloads are scanned before they travel from the shared directory to the users' machines. Files that do not comply to corporate policy are blocked.
To enable ICAP for file transfers, first ensure that:
- For best performance, we recommend placing the ICAP server close to your PrivX servers (with fast network connection) to speed up file scanning.
- The ICAP-server hostname and port are accessible from all PrivX servers.
To set up ICAP:
Access the PrivX GUI. On Administration→Settings→Global under ICAP, provide your ICAP settings:
- Enable file-transfer scans for desired connection types.
Note that the setting for web-based RDP also applies to HTTPS file transfers. - Provide the ICAP-server host name and port.
- Provide either ICAP RESPMOD URL or ICAP REQMOD URL (depending on whether your ICAP server uses response modification or request modification). You should verify the correct URL from your ICAP-server configuration.
- ICAP service name is an optional attribute, required by some servers (example value: squidclamav).
For ClearSwift SIG, set the ICAP RESPMOD URL to
clearswift. Do not enter an actual URL.- Enable file-transfer scans for desired connection types.
Restart PrivX to apply your changes.
Example ICAP configuration