Internet Content Adaptation configuration

The Internet Content Adaptation is a well known method aimed at providing object-based content vectoring for HTTP services. It is based on the Internet Content Adaptation Protocol (ICAP) described in the RFC-3507 memo. Configuration for integrating the ICAP services is shown in Figure 5-3:

Figure 5-3. Scheme of ESET Gateway Security as a ICAP server.

esets_icap

The Proxy Cache receives the HTTP request from the User Agent and/or the response from the HTTP server and then encapsulates the message into the ICAP request. The Proxy Cache must also work in this case as the ICAP client and pass the ICAP request for the message adaptation to ESET Gateway Security, namely to a generic ESETS ICAP server - esets_icap. The module provides scanning of the encapsulated message body for infiltration. Based on the scanning result, it then provides an appropriate ICAP response which is sent back to the ICAP client, or to the Proxy Cache, for further delivery.

To configure ESET Gateway Security to scan HTTP messages which are encapsulated in ICAP requests, enter the command:

@SBINDIR@/esets_setup

Follow the instructions provided by the script. When the ‘Available installations/un-installations’ offer appears, choose the ‘ICAP’ option to display the ‘install/uninstall’ options. Choose ‘install’ to automatically configure the module to listen on a predefined port and reload the ESETS daemon service.

In default mode, the installer shows all steps which will be performed and also creates a backup of the configuration, which can be restored later at any time. The detailed installer utility steps for all possible scenarios are also described in ESETS setup and configuration topic of this documentation.

The second step of the ICAP configuration method is activating the ICAP client functionality within the Proxy Cache. The ICAP client must be configured in order to properly request the esets_icap for the infiltration scanning service. The initial request line of the ICAP request must be entered as follows:

METHOD icap://server/av_scan ICAP/1.0

or

METHOD icap://server/avscan ICAP/1.0

In the above example, METHOD is the ICAP method used, ‘server’ is the server name (or IP address), and /av_scan or /avscan is the esets_icap infiltrations scanning service identifier.