Versions Compared

Old Version 8

changes.mady.by.user Katie Murphy

Saved on

compared with

New Version 9

changes.mady.by.user Katie Murphy

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Step 1

From the UDMG Admin UI navigation pane, select Rules. The Rules list displays.

Step 2

Select a rule from the Rule list or create a new one. The Rule Details panel displays displays.

Step 3

Scroll down to the Post-Tasks box on the Rule Details paneltab.

  • Edit the form to add an ICAP task and set the parameters for the ICAP server, see below for an example.

Step 4

Click Save

and Confirm

icon (Image Added).

Step 5

The rule is updated to include the ICAP task as part of the UDMG file transfer workflow.

The task tab shows a green dot to indicate that a task is configured. — what task tab? shouldn't this be rule tab?

Step 6

Proceed with attempting to transfer the EICAR Anti-Virus Test File.

Step 7

After the file upload, it is transferred to the ICAP antivirus server during the post-task processing and stops in ERROR status. The Error Message indicates that an infection is found.

If the ICAP antivirus server does not find an infection, then the transfer is considered complete with a successful status. 

Step 8

The infection error details can be forwarded to UAC as a universal event. See the Universal Event Integration documentation for the list of corrective actions that can be triggered by the Controller.

Step 9

The scanning details from the interrogation to the ICAP antivirus server are kept as transfer metadata with the "udmg_icap" prefix. In particular, the X-headers show the type of infection as reported by the server.

The scanning details can be displayed using the command line interface and the ‘transfer get’ command.

Code Block
languagetext
$ udmg-client transfer get 56
● Transfer 56 (receive as server) [ERROR]
    Remote ID:         1765696868924260352
    Protocol:          sftp
    Rule:              stonebranch-sftp-01_receive
    Requester:         user
    Requested:         stonebranch-sftp-01
    Local filepath:    /home/udmg/udmg-server/data/data/sftp-01/in/eicar-com.zip
    Remote filepath:   eicar-com.zip
    File size:         184
    Start date:        2024-03-07T11:11:53.265317Z
    End date:          N/A
    Step:              StepPostTasks
    Bytes transferred: 184
    Error code:        TeExternalOperation
    Error message:     Post-tasks failed: [1/1] Task ICAP @ stonebranch-sftp-01_receive POST[0]: error file infected detected
    Transfer info:
      - udmg_file_computed_extension: .zip
      - udmg_file_computed_mimetype: application/zip
      - udmg_icap_Connection: keep-alive
      - udmg_icap_Encapsulated: res-hdr=0, res-body=108
      - udmg_icap_Istag: CI0001-66wOY91q7DqWWdCBj7SFEgAA
      - udmg_icap_Server: C-ICAP/0.5.3
      - udmg_icap_Status: OK
      - udmg_icap_Statuscode: 200
      - udmg_icap_X-Infection-Found: Type=0; Resolution=2; Threat=Win.Test.EICAR_HDB-1;
      - udmg_icap_X-Violations-Found: 1
      - udmg_session_id: 3D3D824887D503B2AA11362490F2301FEC3A64803148C2F48CC7546CD5CE32B8
      - udmg_xfer_log: /var/opt/udmg/logs/56.log

Or on the Info tab of the transfer details on UDMG Admin UI.

The transfer log also shows an error with an infection detection.


...