1. ICAP server Configuration

Configuration via Metadefender Core Management Console

To start the ICAP server from the Metadefender Core Management Console, follow the steps below and see the screenshot:

  1. In your browser, go to http://localhost:8008/management

  2. Click on the 'Sources' tab.

  3. Click on 'Metadefender Proxy' on the left side.

  4. Select 'Apply'.


Configuration via INI

Metadefender Core ICAP server can be configured using an ini configuration file which is installed under Metadefender Core install directory.

The ICAP server configuration is done in omsConfig.ini. Applying configuration changes requires to restart the ICAP server.




Range: 1~1000
Defaut: 60

Number of worker threads to handle ICAP requests. Configures the number of threads that will be used by the Metadefender Core ICAP server for handling requests. For optimal performance, this should be set to a value higher than the number of processor cores available to the Metadefender Core system


Default: 355

The maximum number of simultaneous connections that the ICAP server is able to support. Certain proxy servers will use this value to restrict the requests that are made of the Metadefender Core ICAP server and will not send more than this number of simultaneous requests to the Metadefender Core ICAP server.

  • By ICAP specs, the client (proxy) is not supposed to send more requests than what is advertised by the ICAP server.

  • If the client receives more than this number of connections, it is supposed to handle the overload itself (i.e. queuing, bypassing, rejecting...)

  • The ICAP server does not enforce that number, this means that if the client does not respect the rules and sends more than the advertised max number of connections, we will still process them.


Range: 1 - 65535
Default: 1344

Port the server is listening to. If you are installing with other product which have ICAP interface, you must change to different port.


Range: 0 - 1
Default: 0

Blocking (i.e. return 403 forbidden to HTTP clients) every request coming in when Metadefender Core is overloaded (i.e. "Metascan server too busy"). A "Metascan server is too busy. Please try again later." message will be displayed in clients browsers.

  • 0: Allow files when overloaded

  • 1: Block files when overloaded


Value: Absolute file path or file path relative to omsICAPServer.exe directory
Default: omsICAPdefault.htm

Path to custom HTML page to be displayed to the user when content is blocked, request rejected due to license, server too busy, etc.

  • Content is parsed by ICAP server.

  • Use the "%%%icap_block_message%%%" macro in the web page as a place holder for the ICAP message. ICAP server will replace that message by whatever message it has to say.


Range: 0 - 1
Default: 0

Scan client specific health checks.
Disabling scanning health checks improves performance as it reduces the load on Metascan.

  • Only implemented for BlueCoat for now.

  • Easy to add support for different health checks

  • BlueCoat periodically sends requests to the ICAP server to make sure it's working fine.

    • Disabling scanning health checks improves performance.


Range: 0 - 1
Default: 0

Outputs the invalid buffer to a file ending in "_400_Bad_Request.txt" Slight performance impact when invalid requests are processed. Should only be enabled for investigation purpose.

  • 0: Disables dumping invalid (ICAP 400 response) raw requests to a file.

  • 1: Dumps invalid (ICAP 400 response) raw requests to a file.


Value: Absolute file path or file path relative to omsICAPServer.exe directory
Default: Empty (Logs folder under install directory)

The path to the debug log file.


Range: 0 - Max Unsigned Long
Default : 0

Allows the ICAP server to skip scanning a file if the file is too large. The value specifies in bytes the threshold for skipping files. A value of 0 means this feature is off, anything greater than 0 indicates this feature is on


Range: 0 - 1
Default: 0

This should be used for improved performance. The ICAP server keeps the connections open, so they can be reused for several requests.

  • 0 : ICAP server is not using persistent connections. Connections are closed after serving a request.

  • 1 : ICAP server is using persistent connections. Connections are kept open after serving a request.


Value: Custom text postfix, that will be appended to Content-Disposition header's filename if the file is sanitized.
Default: No postfix will be appended.

This postfix can be used to indicate if a file is sanitized. If the key is not set or set to empty string, no postfix will be appended.

For example (PDF to PDF sanitization is enabled in Core workflow) and this configuration is done as follows. For the following HTTP header,

Content-Disposition: attachment; filename="report.pdf";

will be modified to

Content-Disposition: attachment; filename="report[sanitized].pdf";