How virus scanning with the ICAP server works

Solutions ID:    KB1676
Version:    2.0
Status:    Published
Published date:    03/02/2009
Updated:    05/19/2009

Problem Description

How virus scanning with the ICAP server works
You want to know how virus scanning with the ICAP server works


The ProxySG uses content scanning policies to determine whether a client request or retrieved object should be sent to the ICAP server for scanning. Consider the following example:

  • A business wants to scan software downloaded by employees from popular shareware Web sites. To do this, the business defines a policy that includes a custom scan shareware action, which could includes URL domains related to the relevant shareware Web sites.

The ProxySG can use Request modification, in which it sends client requests to the ICAP server for scanning prior to retrieving the requested object, or it can use Response modification, in which it retrieves the requested object and then sends the object to the ICAP server for scanning.

The ICAP server can respond to the request by sending an HTTP response (ex. error message) or modifying the request/response (ex. stripping content).


For help writing policies for ICAP content scanning, please see the Configuration and Management Guide (CMG) for the version of SGOS that you are running.  The CMGs are located at .

If you are running SGOS 5.x, please see Volume 7: Managing Content; Chapter 3: Malicious Content Scanning Services; Section D: Creating ICAP Policy in the CMG.

If you are running SGOS 4.x, please see Chapter 11: External Services; Section A: ICAP; Creating ICAP Policy in the CMG.

Rate this Page

Please take a moment to complete this form to help us better serve you.

Did this document help answer your question?
If you are finished providing feedback, please click the RATE CONTENT button. Otherwise, please add more detail in the following text box and then click RATE CONTENT.

Your response will be used to improve our document content.

Ask a Question