cancel
Showing results for 
Search instead for 
Did you mean: 
McAfee Employee jscholte
McAfee Employee
Report Inappropriate Content
Message 11 of 11

Re: Don´t wait for ICAP Server response

Jump to solution

Hi Roy,

I think I'm with Andre on this one, I'd probably want an example use case.

In my example, the headers are just for demonstration purposes, by no means required. There's a ton of ICAP properties, so I figured I'd show proper usage so you didnt have to rip your hair out.

What's your goal or rough setup?

Perhaps I'm having trouble because you might be asking something aside from the original thread. The rough idea for this original thread was to force the ICAP scan "offline" or in other words initiate an asynchronous background scan so the user can get his/her download/upload without waiting.

Here's a run down.

Transaction #1

1. User requests LargeFile.rar

2. MWG passes LargeFile.rar through rules, hits the "Init Offline Scan" Rules -- for this example its the response cycle since its a download

3. MWG forks a new transaction (because of the property Antimalware.MATD.InitBackgroundScan(5)), with a response timer of 5 seconds

    

4. If the forked transaction takes longer than 5 seconds, transaction #1 moves on, if it takes less than 5 seconds, the user will receive whatever modified content is returned by the Offline scann

Transaction #2

1. The new transaction is copied/forked from Transaction #1, but the cycle is now all held within the request cycle, this new request will be marked as a BackgroundScan

2. This new transaction is monitored by MWG until it is finished, an action asynchronous to the original action must be taken (send email, write to log, etc...) because the original could be long gone

Best Regards,

Jon

More McAfee Tools to Help You
  • Subscription Service Notification (SNS)
  • How-to: Endpoint Removal Tool
  • Support: Endpoint Security
  • eSupport: Policy Orchestrator