ENSSP makes sure that viruses and malware aren’t spread through remote shares. It scans files that are copied to and from NAS devices used for file storage. Its multi-scanner and multi-filer configurations deliver parallel processing for optimal load balancing and flexible failover protection.
This article is a self-certification document to understand how third-party NAS appliances integrate with ENSSP. ENSSP provides an antivirus scanning solution to NAS ICAP clients.
ICAP Protocol
- It allows ICAP clients to pass HTTP messages to ICAP servers, for transformation or other processing (adaptation).
- The server executes its transformation service on messages and sends back responses to the client, usually with modified messages.
- Typically, the adapted messages are either HTTP requests or HTTP responses.
- ICAP uses RFC 3507.
NOTES:
- ENSSP supports Response Modification (RESPMOD) and Request Modification (REQMOD) commands only. It doesn't support the FILEMOD command.
- ENSSP supports RESPMOD in a specific format only:
RESPMOD icap://<ICAP Server>:1344/AVSCAN ICAP/1.0
- ENSSP supports version 1.0 of the ICAP standard.
- ENSSP supports only 8k chunks of data; it rejects anything larger.
Basic Architecture of ICAP [Generic model, HTTP request]
Request Modification by ICAP Server
- In REQMOD mode, an ICAP client sends an HTTP request to an ICAP server. The ICAP server can then send back a modified version of the request. The ICAP client can then perform the modified request by contacting an origin server, or pipeline the modified request to another ICAP server for further modification.
- The ICAP server sends back an HTTP response to the request. The response provides information useful to the user if there’s an error. For example: you sent a request to view a page you are not allowed to see.
- The ICAP server returns an error.
Request Modification Data Flow
- A client makes a request to an ICAP-capable surrogate (ICAP client) for an object on an origin server.
- The surrogate sends the request to the ICAP server.
- The ICAP server executes the ICAP resource's service on the request and sends the possibly modified request or a response to the request, back to the ICAP client.
- The following occurs if step 3 returned a request:
- The surrogate sends the request, possibly different from the original client request, to the origin server.
- The origin server responds to the request.
- The surrogate sends the reply, from either the ICAP server or the origin server, to the client.
- In the RESPMOD mode, an ICAP client sends an HTTP response to an ICAP server.
- The ICAP server can then:
- Send back a modified version of the response.
- Return an error.
Examples: Include formatting HTML for display on special devices, human language translation, virus checking, and so forth.
Response Modification - Data Flow
- A client makes a request to an ICAP-capable surrogate (ICAP client) for an object on an origin server.
- The surrogate sends the request to the origin server.
- The origin server responds to the request.
- The ICAP-capable surrogate sends the origin server's reply to the ICAP server.
- The ICAP server executes the ICAP resource's service on the origin server's reply and sends the possibly modified reply to the ICAP client.
- The surrogate sends the reply, possibly modified from the original origin server's reply, to the client.