Layer7 API Management

  • 1.  ICAP-Enabled Antivirus Assertion

    Posted Apr 18, 2018 09:27 AM

    We have a few questions about how this assertion works that are not answered in the help documentation.

    1. Is there logging that can be turned up to see the actual request sent to the AV software by this assertion and the response returned by the AV software?

    2. Does this assertion fully support the REQMOD function thereby if the AV software returns a modified request the assertion replaces the original request with the modified request before allowing the policy to continue?

    3. If the AV software returns a 403 - Forbidden does the assertion fail with that as the error code or does it simply fail and require the calling policy to have set a custom error response to return the 403 - Forbidden?



  • 2.  Re: ICAP-Enabled Antivirus Assertion

    Posted Apr 24, 2018 02:05 PM

    Hi. Those are good questions. I'll see if I can find anything. 



  • 3.  Re: ICAP-Enabled Antivirus Assertion
    Best Answer

    Posted Apr 25, 2018 12:13 PM

    This is what I've been able to find out from the Engineering team:

    • The assertion does not support REQMOD, only RESPMOD
    • It appears that assertion does not examine the HTTP response--only the ICAP message that is returned. For example, ICAP 200 means something is bad in the RESPMOD
    • As for logging to see requests to AV/response from: this information may be available if you changed the logging level to FINE (or greater). For more information, see Gateway Logging Levels and Thresholds in Docops.