ICAP Virus Response Headers

The Gateway supports the ICAP virus response headers X-Virus-ID, X-Infection-Found, and X-Violations-Found.

You do not need to perform any configuration on the Gateway, but you may choose to configure your proxy to make use of the headers.

Note that:

Headers are returned in the same order as they appear in the table below.
They are only available if the content was scanned and violations identified.

All three headers are returned whenever a virus or a policy violation is identified.

Header name Description Example

Header name	Description	Example
X-Virus-ID	A short description of the identified threat. If multiple threats are identified, only the first is returned.	`X-Virus-ID: EICAR Test String` `X-Virus-ID: Encrypted Archive`
X-Infection-Found	A description of the identified threat. If multiple threats are identified, only the first is returned. It contains a semicolon-separated list with three parameters: Type: 0 - A virus has been identified 1 - A policy violation has been identified Resolution: 1 - The suspicious content was repaired 2 - The suspicious content was blocked Threat: Threat name	`X-Infection-Found: Type=0; Resolution=0; Threat=EICAR Test String;` `X-Infection-Found: Type=1; Resolution=0; Threat=Encrypted Archive;`
X-Violations-Found	A detailed description of the violations found. If multiple threats were found for a single file, only the first one is returned. If the scanned content was an archive, the scan results for the contained files are listed. The first line contains the number of identified violations. The remaining lines contain four additional lines per violation: File name Threat name Problem ID (currently returns 0 for all threats) Resolution ID: 0 - File was not repaired 1 - File was repaired	`X-Violations-Found: 2` `test.zip` `EICAR Test String` `0` `0` `\eicar.txt` `EICAR Test String` `0` `0`

X-Virus-ID

A short description of the identified threat. If multiple threats are identified, only the first is returned.

X-Virus-ID: EICAR Test String

X-Virus-ID: Encrypted Archive

X-Infection-Found

A description of the identified threat. If multiple threats are identified, only the first is returned.

It contains a semicolon-separated list with three parameters:

Type:
- 0 - A virus has been identified
- 1 - A policy violation has been identified
Resolution:
- 1 - The suspicious content was repaired
- 2 - The suspicious content was blocked
Threat: Threat name

X-Infection-Found: Type=0; Resolution=0; Threat=EICAR Test String;

X-Infection-Found: Type=1; Resolution=0; Threat=Encrypted Archive;

X-Violations-Found

A detailed description of the violations found. If multiple threats were found for a single file, only the first one is returned. If the scanned content was an archive, the scan results for the contained files are listed.

The first line contains the number of identified violations. The remaining lines contain four additional lines per violation:

File name
Threat name
Problem ID (currently returns 0 for all threats)
Resolution ID:
- 0 - File was not repaired
- 1 - File was repaired

X-Violations-Found: 2

test.zip

EICAR Test String

0

\eicar.txt

EICAR Test String

0