Connecting to ICAP Servers
With the ICAP protocol, Antivirus scans your system's files for viruses using a remote system.
Virus scans tend to be CPU-intensive because they scan millions of possible virus signatures. Using ICAP reduces the load that virus scanning can demand from IBM i servers by distributing the CPU-intensive part of virus scanning onto separate external ICAP servers. When iSecurity Antivirus intends to scan an object, with the addition of the ICAP Client, it passes the file to the ICAP server for processing. The file can be simultaneously scanned by multiple ICAP servers. Those servers send responses back to the iSecurity ICAP client clearing the object for use or flagging it as infected. Using ICAP ensures that your IBM i is always protected without a performance drop. Scan time is faster – by twenty times in some tests. The portion of the IBM i CPU that would have been used for virus scanning becomes available for other purposes.
The ICAP Client can communicate with any ICAP server. When you use an external ICAP server, the main Antivirus subsystem, ZANTIVIRUS, only runs two or three monitoring jobs and one to four real time scanning jobs. The local IBM i CLAMAV engine remains in silent mode (effectively off) and uses a very limited percentage of CPU.
NOTE: The ICAP Client is an add-on to Antivirus and requires an additional license. To define ICAP servers, you must have licensed the ICAP client.
To use an ICAP server, the Type of virus scanner Local/ICAP field on the Antivirus General Definitions screen (STRAV> 81) must be set to "5" (as shown in Setting General Definitions).
To define ICAP servers, select 21. Server Definitions from the Antivirus Definitions and Refresh screen (STRAV> 21). The Work with ICAP Servers screen appears:
| Work with ICAP Servers Type options, press Enter. Subset . . . . . . . 1=Select 3=Copy 4=Delete Opt Server Active Usage CLAMAV@RL Y ClamAV server built by Raz-Lee. Near Ilan. Small L MCAFEE N MCAFEET N SYMAN@DX N ICAP server of Symantec at Dachser SYMAN@DX1 N ICAP server of Symantec at Dachser SYMAN@RL N ICAP server of Symantec which is in Raz-Lee VM-ICAP N C-ICAP on Virtual Machine Bottom To enable ICAP, PC Virus scanner in General Definitions must be set to 5=ICAP. F3=Exit F6=Add new |
The body of the screen lists the servers known to the system. For each, it shows the fields
Server
The name of the server
Active
Whether Antivirus is using this server. Possible values are:
- Y: Antivirus is using this server
- N: Antivirus is not using this server
Usage
A free-form description of the server.
To activate, deactivate, and change details of a server, enter 1 in the Opt field for that server and press Enter. The Modify Server screen appears.
To add a server, press the F6 key. The Add New Server screen appears, which has the same fields as the Modify Server screen.
| Modify Server Type choices, press Enter. Server . . . . . . . . . CLAMAV@RL Active . . . . . . . . . Y Y=Yes, N=No Application . . . . . . AV AV Description of usage . . ClamAV server built by Raz-Lee. Near Ilan. Small L aptop. Server address . . . . . 1.1.1.79 Port . . . . . . . . . . 1344 Service name . . . . . . srv_clamav Timeout . . . . . . . . 20 Seconds Additional params . . . ?allow204=on&force=on&sizelimit=on&mode=simple F3=Exit F12=Cancel |
The screen contains these fields:
Server
The name of the server. (Read only)
Active
Whether the system is actively using the server. Possible values are:
- Y: Active
- N: Inactive
Application
The type of application. This is always AV.
Description of usage
A free-from description of the server, also used for the Usage field on the Work with ICP Server screen.
Server address
The IP address of the server.
Port
The port on the server. 1344 is the default port for ICAP.
Service name
The name of the server.
- For ClamAV servers, this is srv_clamav
- For McAfee servers, this is respmod
- For Symantec servers, this is avscan
Timeout
The maximum number of seconds that a request to the server may take before timing out.
Additional params
Additional parameters to be passed to the server. These will differ, based on the server type and the requirements of your installation.
For McAfee and Symantec, set the field to ?allow204=on&force=on&sizelimit=on&mode=simple
To check that the values for the client are correct, enter the commands
CALL QP2TERM
cat /SMZVDTA/conf/icapsf.stmf
The output should resemble the following with values matching what has been entered:
--icap-host="1.1.1.122" --icap-port="01344" --icap-Server="srv_clamav" --icap-timout="00020" --icap-Additional-Parameters="?alw204=on&force=on&sizelimit=on&mode=simple"