Cortado Mobile Solutions

My Tickets
Welcome
Login

How to add an ICAP server to safeguard your uploads

Do your users use the Cortado app to access your network drives? Do you use Cortado virtual data rooms to share files with external users? Then in this How To we’ll show you how to incorporate an ICAP server to elevate the security level of your IT environment, so that no malicious files make their way onto your file server.

Aim

The aim is to install an ICAP server, which is a sensible accompaniment to the Cortado server. The ICAP server is based on the Internet Content Adaptation Protocol (ICAP). This is a protocol for simplifying content routing for HTTP, HTTPS and FTP-based services. This How To explains the installation and configuration options.

Implementation

The ICAP server will be installed with a virus scanner and proxy on the Debian GNU/Linux operating system. Regarding hardware, you should start with 2 cores and 4 GB RAM.

Installing the ICAP server

  • Connect to the Linux server on which you want to install your ICAP server.
  • Install the HTTP proxy (squid3) first.
Sudo apt install squid3
  • Go to the Squid3 configuration file and comment out the following lines, adapting them as required, and then save the configuration again.
....icap_enable on
	
....icap_send_client_ip on
	
....icap_send_client_username on
	
....icap_client_username_encode off
	
....icap_client_username_header X-Authenticated-User
	
....icap_preview_enable on
	
....icap_preview_size 1024
	
....icap_service service_avi_req reqmod_precache
	
....icap://localhost:1344/squidclamav bypass=off
	
....adaptation_access service_avi_req allow all
	
....icap_service service_avi_resp respmod_precache
	
....icap://localhost:1344/squidclamav bypass=on
	
....adaptation_access service_avi_resp allow all
  • Now install c-icap, the actual ICAP server that will later work together with Squid3 and the virus scanner ClamAV.
sudo apt install c-icap
  • Next, install a library, which will be needed to set up squidclamav.
apt install libicapapi-dev
  • Then install ClamAV.
sudo apt install clamav clamav-daemon
  • Now install make, to compile the source of SquidClamAv.
apt-get install build-essential
  • Now install the most recent version of SquidClamav from Sourceforge. In the following example, the current version 6.16 is used. If you use a different version, then please change the version number in the following commands:
wget https://downloads.sourceforge.net/project/squidclamav/squidclamav/6.16/squidclamav-6.16.tar.gz
# tar xvfz squidclamav-6.16.tar.gz
	
# cd squidclamav-6.16
	
./configure –-with-c-icap=/etc/c-icap
	
make
	
make install
  • Next, edit two configuration files, then the ICAP server is ready for service.
  • Add the following under /etc/c-icap/c-icap.conf in Services:
Service squidclamav squidclamav.so
  • Then, with maxsize under /etc/c-icap/squidclamav.conf, set the file size of files up to which the virus scanner should be fed to avoid performance problems, or keep the default setting (Maxsize 5000000).

Configuration steps on the Cortado server

  • Now connect the ICAP server with the Cortado server, so that all future uploads will first be scanned by the ICAP server, before they are allowed to be written.
  • Log in to the Cortado server (Windows machine) with the CortadoService account with which the Cortado installation was carried out. Open the registry there and navigate to:

HKEY_LOCAL_MASCHINE>SOFTWARE>ThinPrint>TPPSrv

Add the following keys:

NameTypeData
IcapUriFilterUploadSTRINGIcap://<address of the ICAP server>:1344/squidclamav
IcapAllow204REG_QWORD1
IcapPreviewREG_QWORD0

Function test

  • Download an EICAR test virus.
  • Upload the test virus into the web app.
  • The file will then appear in the web app. However, it is an already known display error. Click on F5 to refresh the browser.
  • The file with the test virus will not have been uploaded to the server.
  • You should find a corresponding entry on the ICAP server under /var/log/c-icap/server.log. Example: Thu Sep 20 13:17:40 2018, 28936/3040893760, squidclamav.c(685) squidclamav_end_of_data_handler: Thu Sep 20 13:17:40 2018, 28936/3040893760, DEBUG Virus found, sending redirection header

Did you find it helpful? Yes No

Send feedback
Sorry we couldn't be helpful. Help us improve this article with your feedback.