4.9.3 FILEMOD

Besides the standard REQMOD and RESPMOD, ICAP Server supports the FILEMOD (file modification) ICAP methods.

FILEMOD lets the client to pass a file name and path to the ICAP Server so that it can scan the file in place (rather than streaming the file to the ICAP Server through TCP for scanning).

The FILEMOD method deviates from the ICAP 1.0 specification that is defined in RFC 3507.

MetaDefender ICAP Server can be integrted to ICAP clients that implement the FILEMOD method. As FILEMOD is non-standard, the integration may, however, not be as smooth as expected.

Example

Client FILEMOD request

FILEMOD icap://172.16.201.195:1344/ ICAP/1.0
Host: 172.16.201.195:1344
X-Filepath: C:\Viruses\eicar.com
Connection: close
Encapsulated: null-body=0

Server response to FILEMOD

This response returns a 403 Forbidden status, which indicates that -in this example- a virus was found, which is indicated in the X-Violations-Found header.

ICAP/1.0 403 Forbidden.
ISTag: "1605188845"
Date: Thu Nov 12 13:47:25 2020 GMT
Service: MetaDefender ICAP Server
Service-ID: Metascan
X-Violations-Found: 1
eicar.com
EICAR Test String
11101
2
X-Outer-Container-Is-Mime: 0
Encapsulated: null-body=0