Hello, we are building a ICAP scan client and we wrote our program based on integration with Symanec Scan Engine and its development document. However customer has Symantec Data Loss Protection Web Prevent. Based on ICAP protocol, it looks like that we have implemented ICAP correctly, however it only triggers AV scan but not DLP scan when requests sent to DLP Web Prevent. here is a sample request:
REQMOD icap://<server>:1344/reqmod ICAP/1.0 Host: <server>:1344 Connection: close Encapsulated: req-hdr=0, req-body=123 POST testfile.txt HTTP/1.1 Host: 10.2.30.30 Accept: text/html, text/plain Accept-Encoding: compress Pragma: no-cache <file content>
Here is the scan result we got:
Finish Scan Document:testfile.txt, Detail:Scan File:testfile.txt,Status:CLEAN,Tota l Infection:0,Definition Date:6/27/2017 12:00:00 AM,Definition Rev Number:001; ConnectionHost:10.2.30.30,ConnectionPort:1344,ConnectionStatus:ERR_SUCCESSFUL_CO NN;CLEAN,IsPassed:True
Just wonder what we did wrong here. It would be really appreciated if anyone could shed some lights about what we could do to trigger the DLP scan on “DLP Web Prevent”. Thanks very much in advance.