Forum Discussion
A simple starter: Have you checked your ASM policy blocking settings - Do you have "block" flag ticked for "Virus detected"?
- GGoran_276252Jul 20, 2016Nimbostratus
Yes, ASM is in blocking mode. We tried with Transparent policy, but it didnt block files, only logged it with responce 200 (OK), so we had to change it to Blocking policy. I should add that it sucessfully removes the file from attachment, but it doesn't give user any notification of this. User only gets a message as usual "message sent", and we'd like it to give notification to user about a problem with file.
- Hannes_RappJul 20, 2016Nimbostratus
Alright, do you have an ICAP response header in place? For reference, check here for a similar ICAP setup with another vendor: https://devcentral.f5.com/questions/asm-icap-integration-with-mcafee
- GGoran_276252Jul 20, 2016Nimbostratus
We changed the virus_header_name to X-Violations-Found and icap_uri to /symcscanreq-av-url as default values are for McAfee.
Not sure if you meant anything else by it?
- GGoran_276252Jul 20, 2016Nimbostratus
Also changed one parameter on Symantec: EnableNonViralThreatCategoryResp was false (default), and is now true, but outcome remains the same after Symantec Engine restart and another virus upload.
In F5 event log, for these events with virus detections that have Response Code N/A as I mentioned before, in details, I see this: HTTP Response, No response details are available because request was blocked. Does this have any relevance?