Internet Content Adaptation Configuration; Large Http Objects Handling - ESET GATEWAY SECURITY - FOR LINUX BSD AND SOLARIS Installation Manual

5.3 Internet Content Adaptation configuration

The Internet Content Adaptation is a well known method aimed at providing object-based content vectoring for
HTTP services. It is based on the Internet Content Adaptation Protocol (ICAP) described in the RFC-3507 memo.
Configuration for integrating the ICAP services is shown in Figure 5-3:
Figure 5-3. Scheme of ESET Gateway Security as a ICAP server.
The Proxy Cache receives the HTTP request from the User Agent and/or the response from the HTTP server and
then encapsulates the message into the ICAP request. The Proxy Cache must also work in this case as the ICAP client
and pass the ICAP request for the message adaptation to ESET Gateway Security, namely to a generic ESETS ICAP
server - esets_icap. The module provides scanning of the encapsulated message body for infiltration. Based on the
scanning result, it then provides an appropriate ICAP response which is sent back to the ICAP client, or to the Proxy
Cache, for further delivery.
To configureESET Gateway Security to scan HTTP messages which are encapsulated in ICAP requests, enter the
command:
/usr/sbin/esets_setup
Follow the instructions provided by the script. When the 'Available installations/un-installations' offer appears,
choose the 'ICAP' option to display the 'install/uninstall' options. Choose 'install' to automatically configure the module
to listen on a predefined port and reload the ESETS daemon service.
In default mode, the installer shows all steps which will be performed and also creates a backup of the
configuration, which can be restored later at any time. The detailed installer utility steps for all possible scenarios are
also described in appendix A of this documentation.
The second step of the ICAP configuration method is activating the ICAP client functionality within the Proxy Cache.
The ICAP client must be configured in order to properly request the esets_icap for the infiltration scanning service. The
initial request line of the ICAP request must be entered as follows:
METHOD icap://server/av_scan ICAP/1.0
In the above example, METHOD is the ICAP method used, 'server' is the server name (or IP address), and /av_scan is
the esets_icap infiltrations scanning service identifier.

5.4 Large HTTP Objects Handling

Under normal conditions, objects are first transferred from the HTTP server (or client) to esets_http, scanned for
infiltrations and then transferred to the HTTP client (or server). For large files (the large objects whose transfer time is
larger than the timeout defined by the parameter 'lo_timeout') this is not an optimal scenario - the user agent's timeout
setting or the user's impatience can cause interrupts or even canceling of the object transfer. Therefore, other
methods of processing large objects must be implemented. These are described in the following two sections.
12