Versions Compared

Old Version 2

changes.mady.by.user Olivier Michaut

Saved on

compared with

New Version 3

changes.mady.by.user Olivier Michaut

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...


Panel
titleExample of rule post-tasks configuration for ICAP
[
    {
        "type": "ICAP",
        "args": {
            "path": "#TRUEFULLPATH#",
            "hostname": "icap-server",
            "serviceName": "avscan",
            "port": "1344"
        }
    }
]

Checking connectivity to ICAP server


A simple ICAP client tool is provided with UDMG software package to test the connectivity and the validity of the configuration options.

Panel

Usage of icap-client:
  -filename string
Specifies the path of the file.
-maxSize int
Specifies the maximum size of a file to use. (default 2048)
-port int
Specifies the port to use. (default 1344)
-previewSize int
Specifies the preview size to use .
-retry int
Specifies the maximum retry to send the file. (default 1)
-secureConnection
Use a secure connection.
-service string
Specifies the ICAP service name. (default "avscan")
-timeout duration
Specifies the time limit to use in minutes. (default 10m0s)
-to string
Specifies the address (via DNS or IP) of the ICAP server (default "localhost")
-vendor string
Specifies the ICAP service vendor. (default "c-icap")
-version
Show Version.

Example for an infected file:

Code Block
languagetext
$ /opt/udmg/bin/icap-client -filename eicar.com
2024/03/07 09:30:07 ICAP Status Code: 200
2024/03/07 09:30:07 HTTP Status Code: 403
2024/03/07 09:30:07 Headers: udmg_icap_Istag CI0001-fKM8uYIum6NGTsCfkaivwgAA
2024/03/07 09:30:07 Headers: udmg_icap_X-Infection-Found Type=0; Resolution=2; Threat=Win.Test.EICAR_HDB-1;
2024/03/07 09:30:07 Headers: udmg_icap_X-Violations-Found 1
2024/03/07 09:30:07 Headers: udmg_icap_Encapsulated res-hdr=0, res-body=108
2024/03/07 09:30:07 Headers: udmg_icap_Status OK
2024/03/07 09:30:07 Headers: udmg_icap_Statuscode 200
2024/03/07 09:30:07 Headers: udmg_icap_Server C-ICAP/0.5.3
2024/03/07 09:30:07 Headers: udmg_icap_Connection keep-alive
2024/03/07 09:30:07 Detected

Example for a not infected file:

...

languagetext

...

See more details on the utilities reference page: icap-client