Hi,
I have a squid reverse proxy configured to send to the protection engine market place AMI on AWS. The setup is only partly working though. It detects the some virus but not others. We have a test file with a virus in a pdf and squid passes it ( icap doesnt detect a virus) but running the java client ( ssecls.jar ) with the same icap connection detects it. Runnig tcpdump on the scanner we can see both methods are sending the file to the icap service. So it would seem the proxy is changing the file somehow or the test java client and the squid icap config aren't calling the service in the same way.
Our icap settings are
icap_enable on
icap_send_client_ip on
adaptation_send_username on
icap_client_username_header X-Authenticated-User
icap_persistent_connections on
icap_preview_enable on
icap_preview_size 0
# fragment for icap service service_avi_req
icap_service service_avi_req reqmod_precache icap://x.x.x.x:1344/SYMCScanReq-AV bypass=off
# fragment for icap service service_avi_resp
icap_service service_avi_resp respmod_precache icap://x.x.x.x:1344/SYMCScanResp-AV bypass=off
# adaptation_access entries for service_avi_req
adaptation_access service_avi_req allow all
# adaptation_access entries for service_avi_resp
adaptation_access service_avi_resp allow all
Any thoughts very much appreciated.
Mark