Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    ICAP: using a different and dedicated and remote av engine?

    Scheduled Pinned Locked Moved Cache/Proxy
    2 Posts 2 Posters 511 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • D
      demux
      last edited by

      Hi.

      We are going to use a central ICAP-enabled AV scanner that runs on a dedicated machine.  We do not want to use clamav (neither locally nor remote).
      From looking at the various GUI settings I cannot find an easy way to configure squid to use another ICAP path except the one to the local clamav (c-icap).
      Is there a setting that I am missing or is there another way to set this up in a simple way (means without overriding the GUI config manually).
      I know that we could do that using a parent proxy setup, but we believe that taking the ICAP approach is faster and with less overhead - and makes more sense with regard to structure.
      (At the moment I cannot say which engine we are going to use as this is not yet finally decided.  But a written requirement is that we can talk to it using ICAP because of pfsense.)

      Where is the best place to configure another ICAP machine?

      Thanks for your help!
      demux.

      1 Reply Last reply Reply Quote 0
      • M
        metteus
        last edited by

        @demux:

        Hi.

        We are going to use a central ICAP-enabled AV scanner that runs on a dedicated machine.  We do not want to use clamav (neither locally nor remote).
        From looking at the various GUI settings I cannot find an easy way to configure squid to use another ICAP path except the one to the local clamav (c-icap).
        Is there a setting that I am missing or is there another way to set this up in a simple way (means without overriding the GUI config manually).
        I know that we could do that using a parent proxy setup, but we believe that taking the ICAP approach is faster and with less overhead - and makes more sense with regard to structure.
        (At the moment I cannot say which engine we are going to use as this is not yet finally decided.  But a written requirement is that we can talk to it using ICAP because of pfsense.)

        Where is the best place to configure another ICAP machine?

        Thanks for your help!
        demux.

        I'm looking for the same thing. I would like to have a GUI menu where i can specify the external ICAP Server IP address, reqmode/respmode and port.
        I suppose this could be easily done by developers.

        For now the best way i've found to config these parameters is by using the "Diagnostics –> Edit File" functionality to edit these two files:

        • /usr/local/pkg/squid_antivirus.inc
        • /usr/local/etc/squid/squid.conf

        Just edit the following lines using the correct IP/port/etc...and restart squid:

        icap_service service_req reqmod_precache bypass=1 icap://127.0.0.1:1344/request
adaptation_access service_req allow all

icap_service service_resp respmod_precache bypass=0 icap://127.0.0.1:1344/response
adaptation_access service_resp allow all

        I hope someone more expert than me can find a simpler way or maybe some developer can introduce this feature :)

        Thanks

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.