ICAP virus response headers

Secure ICAP Gateway supports the ICAP virus response headers X-Virus-ID, X-Infection-Found, and X-Violations-Found.

You do not need to perform any configuration, but you may choose to configure your proxy to make use of the headers.

 

  • Headers are returned in the same order as they appear in the table below.

  • Headers are only available if the content was scanned and violations identified.

  • All three headers are returned whenever a virus or a policy violation is identified.
Header name Description Example
X-Virus-ID A short description of the identified threat. If multiple threats are identified, only the first is returned.

X-Virus-ID: EICAR Test String

 

X-Virus-ID: Encrypted Archive

X-Infection-Found

A description of the identified threat. If multiple threats are identified, only the first is returned.

It contains a semicolon-separated list with three parameters:

Type:

  • 0 - A virus has been identified

  • 1 - A policy violation has been identified

Resolution:

  • 1 - The suspicious content was repaired

  • 2 - The suspicious content was blocked

Threat:

  • Threat name

X-Infection-Found: Type=0; Resolution=0; Threat=EICAR Test String;

 

X-Infection-Found: Type=1; Resolution=0; Threat=Encrypted Archive;

X-Violations-Found

A detailed description of the violations found. If multiple threats were found for a single file, only the first one is returned. If the scanned content was an archive, the scan results for the contained files are listed.

The first line header value is 1 if any policy violations occurred.

The remaining lines contain four additional lines per violation:

File name

Threat Name

Problem ID:

  • Currently returns 0 for all threats

Resolution ID

  • 0 - File was not repaired

  • 1 - File was repaired

X-Violations-Found: 1

test.zip

EICAR Test String

0

0

\eicar.txt

EICAR Test String

0

0