Antivirus scanning and Data Loss Prevention (DLP) using the ICAP protocol
This integration is based on the ICAP extension in S-Filer Portal. See Setting up extensions for more information.
This extension is triggered at the end of a file upload. It decrypts the content of the file and sends it to an ICAP capable service to determine if the content is safe. It can take advantage of advanced features of the ICAP protocol, such as preview mode where only the file header is sent to the ICAP server and the ICAP server can ask for more data if needed. This is most commonly used for antivirus scanning, but can also be used for Data Loss Prevention (DLP) if an ICAP interface is available to the organization's DLP solution.
| Attribute | Description | Example |
|---|---|---|
| Hostname | The IP address or the hostname of the ICAP server | Icap.example.com or 192.168.0.50 |
| Port | The port on which to connect (default: 1344) | 1344 |
| URI | The query string to use. Many ICAP servers use the Query string to pass parameters. The exact syntax depends on your ICAP server. | Service specific |
| Use REQMOD | Whether to use REQMOD or RESPMOD in ICAP protocol. The default value (false) will use RESPMOD and should work for most ICAP servers. Use REQMOD only if advised from Okiok support. | True or False |
| SSL Connection (true/false) | Whether the ICAP server listens using a TLS connection | True (TLS) or False (plaintext) |
To use TLS connectivity, you need to import the ICAP server certificate into the management console's certificate manager. On first connection, the certificate will be considered as an "untrusted certificate". An operator must therefore accept it before it is considered valid. Once validated, the communication between S-Filer Portal and the ICAP server is possible.