Good question - here is what I think (without knowing what application server you are using or having seen any pcaps):
It depends on how it is implemented on your application server, but yes, it's possible.
According to the RFC 3507 in RESPMOD the ICAP Client should send the original request from the HTTP client along with the response from the HTTP server "if available".
The ICAP server (CAS) scans whatever it receives, and yes, in RESPMOD it could be both - HTTP Request and Response data.
And if it works for you - that's all that matters :)
The big question is not WHAT is scannend but WHEN it is scannend.
In case of a HTTP conversation REQMOD is designed to scan the a HTTP Request BEFORE it is let out to the server. If something is wrong the request can be stopped or modified.
RESPMOD however - while still being able to scan the HTTP Request - will take place after the HTTP response comes back from the HTTP server.
BR!
Gunnar