The ability to support ICAP antivirus scanning is one of the key features of JSCAPE MFT Server 10.2. But what is it? How can your end users, trading partners, and system administrators benefit from it? How does it match up against traditional file transfer virus scanning solutions? We answer these questions and more in this blog post.
How it works - a general overview
Now that JSCAPE MFT Server supports ICAP antivirus scanning, you can set MFT Server up so that it will forward each file it receives to an ICAP antivirus server. Here's an illustration depicting what will happen when an ICAP AV scanning-enabled MFT Server instance receives a file.
1. JSCAPE MFT Server receives a file from a client. The client can be an end user's client application or another file transfer server application that acts as a client.
2. JSCAPE MFT Server forwards the contents of the file to an ICAP AV server (you need to configure MFT Server to connect to the appropriate ICAP server).
3. The ICAP AV server scans the contents and prompts JSCAPE MFT Server if a malware is detected. This will in turn raise an Antivirus Violation event.
4. JSCAPE MFT Server can then respond to the event (e.g. delete the file or quarantine the file) using a preconfigured trigger action.
5. If no malware is detected, the file can be stored as normal.
Antivirus scanning is one of the many "adaptations" (i.e. processes carried out by ICAP servers in behalf of ICAP clients) supported by the Internet Content Adaption Protocol or ICAP. This protocol enables servers (that act as ICAP clients) to offload certain processes to ICAP servers that focus on specific functions. Aside from virus scanning, other adaptations include content translation, content filtering, ad insertion, and many others.
The ICAP protocol is described in detail in RFC 3507.
ICAP antivirus scanning, in particular, frees your managed file transfer server from the resource-hungry task of virus scanning by offloading all virus scanning duties to an ICAP AV server.
Advantages over traditional antivirus scanning
Traditionally, you would run a virus scan using an AV solution that's installed on the same machine as the file transfer server application. In fact, this was the only way you would have been able to do AV scanning in older versions of JSCAPE MFT Server.
You would install an AV solution like Kaspersky, Avast, or ClamAV on your server, and then set up an on-demand scan through the use of triggers. ICAP AV scanning is also carried out through triggers. But unlike in older versions where the AV solution runs in the local machine, the AV solution employed in an ICAP scan runs on a remote server. There are a couple of benefits when it is done this way.
First, your file transfer server gets a performance boost. Virus scanning is a resource intensive process. So, if the AV scanning itself takes place in the same machine as the file transfer service, file transfer processes could suffer a performance hit every time a scan is made. This usually happens on every upload. In high-traffic servers, that practically means all the time.
In an ICAP AV scan, the scanning happens on a remote server specifically dedicated for that particular purpose, i.e. virus scanning. Thus, your file transfer processes don't have to suffer a performance drop while a scan is going on.
Reduced administrative responsibilities
Secondly, this means one less responsibility for your managed file transfer server admins. They no longer have to install, configure, and maintain an antivirus solution. The folks administering the ICAP sever will take charge of that.
Benefits to your file transfers
ICAP antivirus scanning provides significant benefits to your end users, trading partners, system administrators and your business in general.
Benefits to users
Because the virus scanning is carried out on the server side (actually, as explained earlier, it's offloaded to an ICAP server), it frees end users from the burden of having to scan files they download from your MFT server. So, even if they don't have an antivirus installed on their client machine, your end users can download files from your sever with confidence, knowing that those files have already been scanned at your end.
Benefits to trading partners
The same holds true for trading partners. Customers, suppliers, and other trading partners can also rest assured the files uploaded to them by your managed file transfer server are already malware-free or at least have already undergone a process that minimizes the risk of a malware infection.
Benefits to system administrators
With ICAP virus scanning, there's no need to install or configure any antivirus solution on your local server. All you need to do is configure your managed file transfer server to connect to the remote ICAP AV server. Barring any unforeseen circumstances, this should be a one-time activity. Once your MFT Server's configured, the administrators of the ICAP AV server will take care of the rest, i.e. maintain the ICAP server, update virus signatures, etc.
Benefits to your business
When end users and trading partners don't have to worry about malware issues when receiving files from your server, it can boost your reputation from a security standpoint and eliminate security issues that often get in the way of business transactions.
In addition, the presence of ICAP virus scanning will enable you to demonstrate the ability to mitigate risks of virus/malware infections, which would in turn help you meet compliance requirements for regulations like HIPAA and PCI DSS.
ICAP antivirus in JSCAPE MFT Server
If you're using the latest version of JSCAPE MFT Server, you can configure ICAP virus scanning in the triggers module. It's incorporated into MFT Server as a trigger action, so you can initiate the scan in response to certain events.
For instance, you could run the scan upon every file upload to scan each uploaded file. Or you can scan files that arrive at a certain directory using a 'Directory Monitor File Added' event type. While these are the usual events that go with this kind of trigger action, you can use any trigger event whose properties include a file path.
ICAP virus scanning through JSCAPE MFT Server is independent of the file transfer protocol used, so you can perform a scan in response to a file upload regardless whether the file came in via, say, FTP, FTPS, SFTP, HTTP, or HTTPS.
Once a virus or any piece of malware is detected by the antivirus solution on the remote server, it will trigger an event on JSCAPE MFT Server, which can in turn be configured to respond accordingly. For example, MFT Server can automatically delete or quarantine the file in question.
We intend to post a tutorial showing how to configure ICAP virus scanning on JSCAPE MFT Server, so stay tuned for that.
Want to try ICAP virus scanning on a managed file transfer server?
Download the latest version of JSCAPE MFT Server now.
Want to be updated on posts like this? Connect with us...