3.1.2 MetaDefender ICAP Server configuration file

Linux

Configuration upgrades on RHEL/CentOS

When ICAP Server is upgraded on RHEL/CentOS, then the configuration file is not automatically upgraded if there were modifications to it.

In this case the installer (RPM) creates a file called mdicapsrv.rpmnew with the upgraded configuration entries, and this file needs to be merged manually to the actual configuration file.

The configuration file for the server is located in /etc/mdicapsrv/mdicapsrv.conf.

After modifying the server configuration file you must restart the MetaDefender ICAP Server service in order for the changes to take effect. You should use the distribution-standard way to restart the mdicapsrv service.

[global] section

parameter

default value

required

description

icapaddress

0.0.0.0

required

One of the IP addresses of the computer that runs the product to serve ICAP interface (0.0.0.0 means all interface)

icapport

1344

required

Designated port number for the ICAP interface

restaddress

0.0.0.0

required

One of the IP addresses of the computer that runs the product to serve REST API and web user interface (0.0.0.0 means all interface)

restport

8048

required

Designated port number for the web and REST interface

tempdirectory

/var/tmp/mdicapsrv/temp

optional

Root directory for temporary files creation.

A /temp subdirectory is automatically created within a customized directory. For example:

  • If /tmp is configured as tempdirectory then

  • /tmp/temp will be used for creating temporary files

skip_multipart_without_filename

false

optional

When enabled the ICAP server won't send files from a multipart request for scanning when the given part does not have a filename key in it's own Content-Disposition header

enable_message_header_encoding

false

optional

When enabled the ICAP server will decode Base64 encoded UTF-8 filenames in HTTP Content-Disposition headers that are misused for MIME Content-Disposition (https://tools.ietf.org/html/rfc2047).

Details

Certain webmail providers misuse HTTP Content-Disposition header for MIME Content-Disposition header and put Base64 encoded strings into it. In this case -after ICAP Server side processing- the file name may be broken or even empty at the downloading side.

Enabling this option can counter the situation.

[logger] section

key

default value

required

description

logfile

/var/log/mdicapsrv/mdicapsrv.log

optional

Full path of a logfile to write log messages to

loglevel

info

optional

Level of logging. Supported values are: debug, info, warning, error

syslog

 

optional

Switch on logging to a local ('local') or remote ('protocol://hostname:port') syslog server. (Multiple server can be specified separated with comma)

syslog_level

 

optional

Level of logging. Supported values are: debug, info, warning, error

override

 

optional

Override specific log ids to display them on another level e.g.: "1723:error,663:info". Note: when displaying these log ids their original level will remain the same.

capture_traffic

 

optional

Capture raw TCP traffic in case of bad requests. See 3.5.4 Logging traffic of bad requests.

cef

false

optional

If true, the log format is Common Event Format

local_timezone

false

optional

If true, the times sent in syslog messages will be in the server's local timezone. This does not effect entries in the log file/Windows event log.

When syslog is used with cef and local_timezone enabled the timezone name can vary based on the underlying system and it's settings.

Examples

  • Syslog

    • UTC: 2018-09-19T13:07:36Z

    • Local: 2018-09-19T15:07:36+02:00

  • Syslog with CEF

    • UTC: Sep 19 13:12:47 UTC

    • Local 1: Sep 19 15:12:47 CEST

    • Local 2: Sep 19 15:12:47 Central Europe Daylight Time

nginx_logfile

/var/log/mdicapsrv/nginx-mdicapsrv.log

optional

File name and path to store the NGINX logs. If this value is changed, the /etc/logrotate.d/mdicapsrv should be changed accordingly.

You should set both of syslog and syslog_level or none of them and you should set both of logfile and loglevel or none of them.

Windows

The configuration for the server is located in Windows Registry.

After modifying the server configuration file you must restart the MetaDefender ICAP Server service in order for the changes to take effect.

Default logging target is Windows event log with default level of info (see below).

HKEY_LOCAL_MACHINE\SOFTWARE\OPSWAT\ICAP Server\global

parameter

default value

type

required

description

icapaddress

0.0.0.0

string value

required

One of the IP addresses of the computer that runs the product to serve ICAP interface (0.0.0.0 means all interface)

icapport

1344

string value

required

Designated port number for the ICAP interface

restaddress

0.0.0.0

string value

required

One of the IP addresses of the computer that runs the product to serve REST API and web user interface (0.0.0.0 means all interface)

restport

8048

string value

required

Designated port number for the web and REST interface

tempdirectory

C:\Program Files\OPSWAT\Metadefender ICAP Server\data\temp

string value

optional

Root directory for temporary files creation.

A \temp subdirectory is automatically created within a customized directory. For example:

  • If C:\Temp is configured as tempdirectory then

  • C:\Temp\temp will be used for creating temporary files

skip_multipart_without_filename

false

string value

optional

When enabled the ICAP server won't send files from a multipart request for scanning when the given part does not have a filename key in it's own Content-Disposition header

enable_message_header_encoding

false

string value

optional

When enabled the ICAP server will decode Base64 encoded UTF-8 filenames in HTTP Content-Disposition headers that are misused for MIME Content-Disposition (https://tools.ietf.org/html/rfc2047).

Details

Certain webmail providers misuse HTTP Content-Disposition header for MIME Content-Disposition header and put Base64 encoded strings into it. In this case -after ICAP Server side processing- the file name may be broken or even empty at the downloading side.

Enabling this option can counter the situation.

HKEY_LOCAL_MACHINE\SOFTWARE\OPSWAT\ICAP Server\logger

parameter

default value

type

required

description

logfile

 

string value

optional

Location of a logfile to write log messages to

loglevel

 

string value

optional

Level of logging. Supported values are: debug, info, warning, error

wineventlog_level

info

string value

optional

Level of logging. Supported values are: debug, info, warning, error

syslog

 

string value

optional

Value can only by in form of 'udp://<hostname>:<port>'. (Multiple server can be specified separated with comma)

syslog_level

 

string value

optional

Level of logging. Supported values are: debug, info, warning, error

override

 

string value

optional

Override specific log ids to display them on another level e.g.: "1723:error,663:info" . Note: when displaying these log ids their original level will remain the same.

capture_traffic

 

DWORD

optional

Capture raw TCP traffic in case of bad requests. See 3.5.4 Logging traffic of bad requests.

cef

false

string value

optional

If true, the log format is Common Event Format

local_timezone

false

string value

optional

If true, the times sent in syslog messages will be in the server's local timezone. This does not effect entries in the log file/Windows event log.

When syslog is used with cef and local_timezone enabled the timezone name can vary based on the underlying system and it's settings.

Examples

  • Syslog

    • UTC: 2018-09-19T13:07:36Z

    • Local: 2018-09-19T15:07:36+02:00

  • Syslog with CEF

    • UTC: Sep 19 13:12:47 UTC

    • Local 1: Sep 19 15:12:47 CEST

    • Local 2: Sep 19 15:12:47 Central Europe Daylight Time

nginx_logfile

[installdir]\nginx\nginx.log

string value

optional

File name and path to store the NGINX logs. (Rotation of this log has not yet been solved on Windows systems)

You should set both of syslog and syslog_level or none of them and you should set both of logfile and loglevel or none of them.