ICAP: using a different and dedicated and remote av engine?



  • Hi.

    We are going to use a central ICAP-enabled AV scanner that runs on a dedicated machine.  We do not want to use clamav (neither locally nor remote).
    From looking at the various GUI settings I cannot find an easy way to configure squid to use another ICAP path except the one to the local clamav (c-icap).
    Is there a setting that I am missing or is there another way to set this up in a simple way (means without overriding the GUI config manually).
    I know that we could do that using a parent proxy setup, but we believe that taking the ICAP approach is faster and with less overhead - and makes more sense with regard to structure.
    (At the moment I cannot say which engine we are going to use as this is not yet finally decided.  But a written requirement is that we can talk to it using ICAP because of pfsense.)

    Where is the best place to configure another ICAP machine?

    Thanks for your help!
    demux.



  • @demux:

    Hi.

    We are going to use a central ICAP-enabled AV scanner that runs on a dedicated machine.  We do not want to use clamav (neither locally nor remote).
    From looking at the various GUI settings I cannot find an easy way to configure squid to use another ICAP path except the one to the local clamav (c-icap).
    Is there a setting that I am missing or is there another way to set this up in a simple way (means without overriding the GUI config manually).
    I know that we could do that using a parent proxy setup, but we believe that taking the ICAP approach is faster and with less overhead - and makes more sense with regard to structure.
    (At the moment I cannot say which engine we are going to use as this is not yet finally decided.  But a written requirement is that we can talk to it using ICAP because of pfsense.)

    Where is the best place to configure another ICAP machine?

    Thanks for your help!
    demux.

    I'm looking for the same thing. I would like to have a GUI menu where i can specify the external ICAP Server IP address, reqmode/respmode and port.
    I suppose this could be easily done by developers.

    For now the best way i've found to config these parameters is by using the "Diagnostics –> Edit File" functionality to edit these two files:

    • /usr/local/pkg/squid_antivirus.inc
    • /usr/local/etc/squid/squid.conf

    Just edit the following lines using the correct IP/port/etc...and restart squid:

    icap_service service_req reqmod_precache bypass=1 icap://127.0.0.1:1344/request
    adaptation_access service_req allow all
    
    icap_service service_resp respmod_precache bypass=0 icap://127.0.0.1:1344/response
    adaptation_access service_resp allow all
    

    I hope someone more expert than me can find a simpler way or maybe some developer can introduce this feature :)

    Thanks