What is ICAP protocol?

ICAP is a lightweight, HTTP-like protocol that allows ICAP clients, like JSCAPE MFT Server, to communicate HTTP messages to ICAP servers for modification or other value-added services. These services can include virus scanning, content filtering, language translation, ad insertion and more. ICAP allows proxy servers or webservers to offload specific processing tasks to ICAP services. MFT solutions like JSCAPE implement ICAP’s virus scanning capabilities to provide your organization with real-time malware checks.

What is the ICAP protocol used for?

ICAP is mainly used to offload specific content processing or modification tasks from web servers and proxy servers to ICAP servers. For example, an ICAP server can be used to scan for viruses and ensure that HTTP requests and HTTP responses are malware-free before they’re delivered to end-users. ICAP can also be used for content filtering, language translation for web pages in different languages and for ad insertion to add advertisements to web pages. In JSCAPE, ICAP is used to offload virus scanning and ensure that transferred files are scanned before storage.

Is the ICAP protocol secure?

ICAP’s security doesn’t come from the protocol itself. Its level of security depends on how you deploy it, along with other security measures like SSL/TLS to securely send HTTP messages between the ICAP client and the ICAP server. This secure transmission helps encrypt client requests and responses. You should also regularly update the ICAP service you use to prevent malware. JSCAPE implements the ICAP framework and underscores security by using it for virus scanning to reinforce its security policy and protect end-users.

What does an ICAP server do?

An ICAP server completes specific tasks for an ICAP client. If an ICAP client sends an HTTP message or file to the ICAP server, the ICAP server can scan it to check for malware and communicate the antivirus scan’s results back to the ICAP client. If the ICAP server detects malware, it can let the ICAP client know to delete or quarantine the file.

What ICAP antivirus scanning means for your file transfers

Words By John Carl Villanueva

ICAP antivirus scanning, enabled by JSCAPE MFT Server by Redwood, offloads virus detection to a dedicated server, boosting system efficiency and security. It allows real-time malware checks, enhancing compliance with HIPAA and PCI DSS standards without the local system's burden. This method ensures secure, seamless file transfers across all protocols, simplifying administration and maintaining up-to-date protection.

Blog

Internet content adaptation protocol (ICAP) antivirus scanning, enabled within JSCAPE MFT Server by Redwood, offloads virus detection to a dedicated server, boosting system efficiency and security. It allows real-time malware checks and enhances compliance with the Health Insurance Portability and Accountability Act (HIPAA) and Payment Card Industry Data Security Standard (PCI DSS) without the local system's burden. This method ensures secure, seamless file transfers across all protocols, which simplifies administration and maintains up-to-date protection.

One of the key features of JSCAPE MFT Server by Redwood is the ability to support ICAP antivirus scanning. But what is it? How can it benefit your end-users, trading partners and system administrators? How does it compare to traditional file transfer virus scanning solutions? In this blog post, we answer these questions and more.

ICAP benefits

ICAP, as defined in RFC 3507, allows JSCAPE MFT Server to offload virus scanning tasks to a dedicated ICAP server, enhancing security policies without burdening the local server with the heavy lifting. This advanced scanning method enables real-time antivirus checks by forwarding HTTP messages to an ICAP service for evaluation.

End-users benefit from ICAP client technology by receiving and sending malware-free files without local antivirus software, relying instead on ICAP server-side scanning. Trading partners enjoy a similar peace of mind, knowing that all files transferred via FTP, HTTP or any file transfer protocol are pre-scanned for threats.

For system administrators, ICAP virus scanning simplifies security management. By configuring the MFT server to connect with an ICAP service, they delegate the resource-intensive process of virus scanning to external specialists. This setup reduces the proxy server's overhead and ensures virus signatures are always up-to-date without additional intervention.

This shift toward a more centralized and advanced antivirus approach underscores a commitment to security and compliance, which is critical for adhering to regulations like HIPAA and PCI DSS. It represents a significant leap forward in managed file transfer technology, offering value-added services like content filtering and malware protection with minimal impact on bandwidth and server performance.

How ICAP works

ICAP is a lightweight, HTTP-like protocol that allows external services like virus scanners or content filters to adapt or modify HTTPS requests and HTTP responses. It uses a transparent proxy environment and helps ICAP clients, like proxy servers, web servers and load balancing applications, communicate with ICAP servers.

Here's an example of how ICAP works:

An ICAP client sends an HTTP request or response to a web server. This request may go through a proxy server, such as a transparent proxy server, a reverse proxy or even other security devices like a firewall.
The client intercepts the request before it reaches the web server and sends it to an ICAP server instead.
The ICAP server performs relevant tasks, such as authentication, language translation, checking for malware or filtering content.
If the ICAP client determines the request needs to be adapted, the client will send a request modification mode (REQMOD) to the ICAP server. This decision could be based on factors like the URL, IP address or other metadata within the request. In request modification mode (REQMOD), the ICAP client sends an HTTP request, and the ICAP server either sends a modified response, sends the original HTTP response or returns an error code.
In response modification mode (RESPMOD), an ICAP client sends an HTTP response, and the ICAP server either sends back a modified response or returns an error code.
After the ICAP server sends a modified request or response to the ICAP client, the ICAP client interacts with the original web server.

How ICAP works with JSCAPE

Now that JSCAPE MFT Server supports ICAP antivirus scanning, you can set it up to forward each file it receives to an ICAP antivirus server. Here's what will happen when an ICAP antivirus scanning-enabled MFT server instance receives a file.

JSCAPE MFT Server receives a file from a client. The client can be an end-user's client application or another file transfer server application that acts as a client.
JSCAPE MFT Server forwards the file's contents to an ICAP antivirus server (you must configure JSCAPE to connect to the appropriate ICAP server).
The ICAP antivirus server scans the contents and prompts JSCAPE if malware is detected. This raises an antivirus violation event.
JSCAPE MFT Server can then respond to the event (e.g., delete or quarantine the file) using a pre-configured trigger action.
The file can be stored normally if no malware is detected.

This process, empowered by ICAP, leverages advanced virus scanning techniques to secure file transfers. By offloading the scanning to a specialized ICAP server, JSCAPE MFT Server enhances performance. It maintains high-security standards, ensuring that files transferred via FTP, FTPS, SFTP, HTTP or HTTPS are meticulously checked for malware and other security threats.

The ICAP service bolsters antivirus defenses and integrates seamlessly with existing security policies, firewalls and SSL/TLS protocols to safeguard end-users and client requests against potential malware infections, thereby upholding stringent security policies and compliance standards.

Antivirus scanning is one of the many "adaptations" (i.e., processes carried out by ICAP servers on behalf of ICAP clients) supported by ICAP. This protocol enables ICAP clients to offload certain processes that focus on specific functions to ICAP servers. Other adaptations include content translation, filtering, ad insertion and many others.

Advantages over traditional antivirus scanning

Traditionally, you would run a virus scan using an antivirus solution installed on the same machine as the file transfer server application. This was the only way to do antivirus scanning in older versions of JSCAPE MFT Server.

You would install an antivirus solution like Kaspersky, Avast, or ClamAV on your server and then set up an on-demand scan using triggers. ICAP antivirus scanning is also carried out through triggers. However, unlike in older versions, where the antivirus solution ran on the local machine, the antivirus solution employed in an ICAP scan runs on a remote server. This has a few benefits.

Performance gain

First, your file transfer server gets a performance boost. Virus scanning is a resource-intensive process. So, if the antivirus scanning itself takes place in the same machine as the file transfer service, file transfer processes could suffer a performance hit every time a scan is made. This usually happens on every upload. In high-traffic servers, that practically means all the time.

In an ICAP antivirus scan, the scanning happens on a remote server specifically dedicated to that particular purpose, i.e., virus scanning. Thus, your file transfer processes don't have to suffer a performance drop while a scan occurs.

Reduced administrative responsibilities

Secondly, this means one less responsibility for your managed file transfer server admins. They no longer have to install, configure and maintain an antivirus solution. The folks administering the ICAP server will take charge of that.

Benefits to your file transfers

ICAP antivirus scanning significantly benefits end-users, trading partners, system administrators and businesses.

Benefits to users

Because the virus scanning is carried out on the server side (as explained earlier, it's offloaded to an ICAP server), it frees end-users from having to scan files they download from your MFT server. Even if they don't have an antivirus installed on their client machine, your end-users can confidently download files from your server, knowing those files have already been scanned.

Benefits to trading partners

The same holds true for trading partners. Customers, suppliers and other trading partners can also rest assured the files they receive from your managed file transfer server are already malware-free or, at least, have already undergone a process that minimizes the risk of a malware infection.

Benefits to system administrators

With ICAP virus scanning, installing or configuring any antivirus solution on your local server is unnecessary. All you need to do is configure your managed file transfer server to connect to the remote ICAP antivirus server. Barring any unforeseen circumstances, this should be a one-time activity. Once your MFT server is configured, the administrators of the ICAP antivirus server will take care of the rest: maintaining the ICAP server, updating virus signatures and more, to ensure a robust security policy and adherence to ICAP as detailed in RFC 3507.

This advanced setup not only reduces the workload for system administrators but also leverages the efficiency and specialization of ICAP services. It focuses on virus scanning and malware detection without the need for local server resources. It exemplifies a modern approach to network security, allowing administrators to focus on other critical aspects of system maintenance and management.

Benefits to your business

When end-users and trading partners don't have to worry about malware issues when receiving files from your server, it can boost your reputation from a security standpoint and eliminate security issues that often get in the way of business transactions.

In addition, ICAP virus scanning, facilitated through ICAP servers, will enable you to demonstrate your ability to mitigate risks of virus/malware infections. Unlike traditional antivirus solutions that may require local server installation and configuration, this advanced virus scanning technique leverages remote scanning capabilities, thus enhancing server performance and security policies.

This strategic approach to malware prevention, supported by ICAP clients within JSCAPE MFT Server, ensures compliance with regulations such as HIPAA and PCI DSS and fosters a secure environment for file transfers. It reassures end-users, trading partners and system administrators of the integrity of your digital ecosystem, elevating your business's security posture in the digital marketplace.

ICAP and JSCAPE: A powerhouse pairing

Leveraging JSCAPE’s latest version introduces the capability to configure ICAP virus scanning via the triggers module, a pivotal enhancement for security policies in file transfer management. This functionality, deeply integrated as a trigger action, facilitates proactive virus scanning responses to specific file transfer events, underscoring the advanced security framework provided by ICAP.

For example, administrators can automate scans for every file upload, ensuring malware detection at entry points. Alternatively, ICAP virus scanning can target files newly added to specified directories, leveraging Directory Monitor File Added events. This versatility allows for comprehensive virus scanning across all file transfer protocols, like FTP, FTPS, SFTP, HTTP and HTTPS, which makes it a protocol-agnostic solution.

When the ICAP server detects a virus or malware, it triggers and event in JSCAPE, prompting predefined actions such as file deletion or quarantine. This process exemplifies an ICAP client's integration with ICAP services for enhanced file transfer security.

ICAP antivirus scanning represents a paradigm shift in managed file transfer security, offloading virus scanning to specialized ICAP services. This optimizes bandwidth and system resources by decentralizing malware detection and aligns with security policies requiring external virus scanning solutions. Protocols like SSL and TLS for encrypted HTTP message transmission further support this.

Try ICAP virus scanning on a managed file transfer server

To explore the full potential of ICAP virus scanning within your managed file transfer server environment, downloading the latest version of JSCAPE MFT Server is the first step toward enhancing your system's security. This cutting-edge feature leverages ICAP to streamline virus-scanning processes and significantly boost your defense against malware and other cyber threats.

Enhance your file transfer system's integrity and compliance with a solution designed for the evolving digital landscape.

Posts By Category

Explore All Topics