Versions Compared

Old Version 9

changes.mady.by.user Katie Murphy

Saved on

compared with

New Version Current

changes.mady.by.user Olivier Michaut

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Parameter

Description

path

The actual path of the file on the disk, the substitution variable #TRUEFULLPATH# will be replaced by the actual location of the file being transferred.

hostname

The hostname or IP address of the ICAP; server defaults to "localhost".

port

The port of the ICAP server; defaults to 1344.

serviceName

The name of the ICAP service on the endpoint; defaults to "avscan".

timeout

The timeout while waiting for a response from the ICAP server, in seconds; defaults to 10s.

retry

The number of times allowed to retry after a connection's failure; defaults to 1.

maxSize

The identifier of the partner who requested the transfer.

receiveSize

Specifies the receive size to use; defaults to 65536 bytes.

blockSize

Specifies the send size to use for chunk-encoding; defaults to 8192 bytes.

ignoreNetworkError

Do not raise an error if the file cannot be sent to the ICAP server due to network issues or the server is not available; defaults to false.

ignoreTooBigFileError

Do not raise an error if the file is too big for scanning, bigger than maxSize; defaults to false.


Panel
titleExample of rule post-tasks configuration for ICAP
[
    {
        "type": "ICAP",
        "args": {
            "path": "#TRUEFULLPATH#",
            "hostname": "icap-server",
            "serviceName": "avscan",
            "port": "1344"
        }
    }
]


Step 1

From the UDMG Admin UI navigation pane, select Rules. The Rules list displays.

Step 2

Select a rule from the Rule list or create a new one. The Rule Details displays.

Step 3

Scroll down to the Post-Tasks box on the Rule tab.

  • Edit the form to add an ICAP task and set the parameters for the ICAP server, see below for an the example above.

Step 4

Click Save icon ().

Step 5

The rule is updated to include the ICAP task as part of the UDMG file transfer workflow.The task tab shows a green dot to indicate that a task is configured. — what task tab? shouldn't this be rule tab?

Step 6

Proceed with attempting to transfer the EICAR Anti-Virus Test File.

Step 7

After the file upload, it is transferred to the ICAP antivirus server during the post-task processing and stops in ERROR status. The Error Message indicates that an infection is found.

Image RemovedImage Added

If the ICAP antivirus server does not find an infection, then the transfer is considered complete with a successful status. 

Step 8

The infection error details can be forwarded to UAC as a universal event. See the Universal Event Integration documentation for the list of corrective actions that can be triggered by the Controller.

Step 9

The scanning details from the interrogation to the ICAP antivirus server are kept as transfer metadata with the "udmg_icap" prefix. In particular, the X-headers show the type of infection as reported by the server.

The scanning details can be displayed using the command line interface and the ‘transfer get’ command.

Code Block
languagetext
$ udmg-client transfer get 56
● Transfer 56 (receive as server) [ERROR]
    Remote ID:         1765696868924260352
    Protocol:          sftp
    Rule:              stonebranch-sftp-01_receive
    Requester:         user
    Requested:         stonebranch-sftp-01
    Local filepath:    /home/udmg/udmg-server/data/data/sftp-01/in/eicar-com.zip
    Remote filepath:   eicar-com.zip
    File size:         184
    Start date:        2024-03-07T11:11:53.265317Z
    End date:          N/A
    Step:              StepPostTasks
    Bytes transferred: 184
    Error code:        TeExternalOperation
    Error message:     Post-tasks failed: [1/1] Task ICAP @ stonebranch-sftp-01_receive POST[0]: error file infected detected
    Transfer info:
      - udmg_file_computed_extension: .zip
      - udmg_file_computed_mimetype: application/zip
      - udmg_icap_Connection: keep-alive
      - udmg_icap_Encapsulated: res-hdr=0, res-body=108
      - udmg_icap_Istag: CI0001-66wOY91q7DqWWdCBj7SFEgAA
      - udmg_icap_Server: C-ICAP/0.5.3
      - udmg_icap_Status: OK
      - udmg_icap_Statuscode: 200
      - udmg_icap_X-Infection-Found: Type=0; Resolution=2; Threat=Win.Test.EICAR_HDB-1;
      - udmg_icap_X-Violations-Found: 1
      - udmg_session_id: 3D3D824887D503B2AA11362490F2301FEC3A64803148C2F48CC7546CD5CE32B8
      - udmg_xfer_log: /var/opt/udmg/logs/56.log

Or on the Info tab of the transfer details on UDMG Admin UI.

The transfer log also shows an error with an infection detection.




panel

Checking Connectivity to ICAP Server

A simple ICAP client tool is provided with the UDMG software package to test the connectivity and the validity of the configuration options.


...

Code Block
languagetext
title

...

icap-client usage
Usage of /opt/udmg/bin/icap-client:
  -filename string

...

 Specifies the path of the file.

...

-maxSize int
        Specifies the maximum size of

...

a file to use. (default 2048)
  -port int

...

...

   Specifies the port to use. (default 1344)

...

-previewSize int
        Specifies the preview size to

...

use .
  -retry int

...

    Specifies

...

Checking Connectivity to ICAP Server

A simple ICAP client tool is provided with the UDMG software package to test the connectivity and the validity of the configuration options.

...

the maximum retry to send the file. (default 1)
  -secureConnection
        Use a secure connection.
  -service string
        Specifies the ICAP service name. (default "avscan")
  -timeout duration
        Specifies the time limit to use in minutes. (default 10m0s)
  -to string
        Specifies the address (via DNS or IP) of the ICAP server (default "localhost")
  -vendor string
        Specifies the ICAP service vendor. (default "c-icap")
  -version
        Show Version.



See additional details on the Utilities Reference Guide page: icap-client.

...