Guides
Log In
Guides

Configuring ICAP Integration

Suggest Edits

Internet Content Adaptation Protocol (ICAP) is a protocol that scans files. ICAP allows for real-time analysis and modification as it passes through the network.

The Cyolo platform can integrate antivirus and anti-malware solutions using ICAP. Cyolo transfers the files to the ICAP server, which scans them before they are accessed by others. This prevents the spread of malware and other security threats.

Currently ICAP scans files when they are uploaded or downloading during an SMB or File Transfer session.

Prerequisite

• The anti-virus or anti-malware software must be installed before integrating into the Cyolo admin portal.

Configuration

  1. Log in to the admin portal and navigate to the Integrations > Anti Malware page.
  2. Click the ICAP Servers tab.
  1. Click New in the top right-hand corner.
  2. Server name - Enter the name of the server.
  3. Site - Click the drop-down under Sites to select the sites this configuration will apply to. In the example below, All Sites is selected.
  4. Host: - Enter the IP address or hostname of the server. The IP address or hostname must be reachable from the portal.
  5. Maximum file size (GB) – Enter the maximum size of the file to be scanned. Although the default size is 30 GB, the maximum permissible size is unlimited. However, the larger the file, the longer it will take to scan - which could affect user experience.
  6. Port – This is the port number that the server is listening on. The default is 1344. You can change it based on the server.
  7. Service Name – This is the path within the ICAP server in which the application is hosted.
  8. Client certificate (Optional) – If the server is configured to require the client certificate before establishing connection, click the drop-down and select the certificate. The certificate must have been uploaded on the Trusted Certificates page under Policies.
  9. Click Save.

Service Selection

  1. Click the Settings tab.
  2. Under Service Selection, select External ICAP server. The default is Cyolo.
  3. The following options decide what happens when an error or failure occurs at the ICAP server that prevents it from scanning the file:
    a. Fail open: Allow the file to be transferred without scanning and send a log notification to the administrator.
    b. Fail Close: Block the file from being downloaded or uploaded; display an error message to the end user and send a message to the administrator about the action
  4. Click Save.

Enable ICAP Scan in Actions Profile

  1. Navigate to the Policies > Actions page.
  2. Create a new actions profile with protocol set to SMB or edit the default profile for SMB.
  3. Under the Actions section, enable the toggle-button Anti malware scan to enable it.
  4. Click the drop-down to select either of the following options:
    a. Report - When this option is selected, if the file being transferred fails the malware scan or exceeds the configured maximum size, a message will be displayed and a log message will be generated.
    b. Block - When this option is selected, if the malware scan fails or the file size exceeds the configured maximum, the file will be discarded, an error message will be displayed, and an appropriate log message will be generated.
  5. Save the profile.

Enable Malware Scan for File Transfer

  1. Navigate to the File Transfer page.
  2. Enable the Anti malware detection for uploaded files checkbox. This option is enabled by default.
  3. Click Save.

Updated 3 days ago