Create a CIC Profile
The Content Integrity Control (CIC) profile is used in the File: Scan Action to allow ICAP clients to pass HTTP messages to ICAP servers to scan the file(s) in the Event Rule that is passing through EFT.
You can create reusable profiles on the Content Integrity Control Tab as you need it.
To create a profile to be used in the File Scan Action (CIC)
-
In the administration interface, connect to EFT and click the Server tab.
-
On the Server tab, click the node of the Site you want to configure.
-
In the right pane, click the Content Integrity Control tab.
-
Click Add. The tab becomes editable.
-
Profile name - Provide a descriptive name for the profile
-
Host, Path, Port - These settings depend on settings in the antivirus or DLP (ICAP) server.
-
The Host field cannot be blank.
-
By default, the port is set to 1344.
-
-
Mode - Specify one of the following:
-
Request modification (REQMOD) Request modification mode - Embeds file contents in an HTTP PUT request body, which is then sent in the body of an ICAP request to the server. The ICAP server may respond with a modified version of the embedded request, or a new HTTP response. The ICAP response will depend on your ICAP server’s implementation.
-
Response modification (RESPMOD) Response modification mode - Embeds file contents in an HTTP 200 OK response body, which is then sent in the body of an ICAP request to the server. The ICAP server may respond with a modified version of the embedded response. The ICAP response will depend on your ICAP server’s implementation.
-
-
Test Connection - After you specify the connection to the ICAP server, test the connection. If connection fails, verify these settings match the settings defined in the antivirus or DLP solution.
-
Limit scans to first - (Optional) Specify the number of bytes to scan. Some antivirus solutions only require a subset of a file's contents to test against their database of malware signatures. To keep from transferring large files in their entirety when we only need the first X bytes, you can specify how many bytes are sent to the ICAP server.
When this check box is cleared, the entire file is transferred to the ICAP server. If the file is smaller than the size you've specified, the entire file will be transferred for processing.
-
(Optional) Headers - Only set these values if needed for problematic ICAP connections. These headers are used in the ICAP server logs.
-
HTTP host - The EFT site's local host address (do not use "localhost")
-
X-Client-IP, X-Server-IP, X-Subscriber-ID, X-Authenticated Groups - Blank by default
-
X-Authentication User - Provide a string with variables.
-
LDAP - Example: "LDAP://pdc/samaccountName=%LOGIN.LOGIN%,DC=s5development,DC=local"
-
AD - Examples: WinNT://{NetBIOSDomainName/sAMAccountName}, WinNT://pdc/s5dev\arybin
-
Other - Examples: Local://%USER.LOGIN%, Local://%SERVER.NODE_NAME%
-
User can override and use context variables if desired as field elements. EFT will base-64 encode.
-
Under Response handling, specify whether to content should be blocked when the following occur: Connection errors, HTTP errors, or ICAP redactions.
-
(Optional) Audit and put into variables these ICAP response "X-" headers - Specify “X-“ headers for auditing using ARM. If this option is enabled and no “X-“ headers are specified, all “X-“ headers will be audited. Use semicolons between multiple items. Note this check box only affects whether the specified headers are audited by ARM, regardless of success or failure.
-
Click Apply to save the new profile. The new profile name appears in the Profiles list and is now available in the Content Integrity Control dialog box in the File Scan Action.