cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
GunSling1
Level 7
Report Inappropriate Content
Message 1 of 4
‎08-30-2019 09:35 AM

VirusScan For Storage ICAP not working - ParseICAPHeaders : Bad request, invalid size

We have VSES with ICAP installed on Windows 2016 server.  Configured ICAP but it is not working as expected. The ICAP stats are showing zero from the console when conducting ICAP client testing from  using icapclient.pl' perl script. Note the scanResult returned is 'File is Allowed'.

I have debug turned on the ICAP server and the log is showing 'Bad request Invalid Size':

08/30/2019 10:54:36:491 5724 Request SocketManager::AcceptConnection : Client successfully connected from: 10.10.1.48 ClientId: 0

08/30/2019 10:54:36:506 6504 Request ICAPDataHandler::ParseICAPMethod : RESPMOD Request - 10.10.1.48 ClientId: 0

08/30/2019 10:54:36:506 6504 Request ICAPDataHandler::ParseICAPMethod : RESPMOD Request - 10.10.1.48 ClientId: 0

08/30/2019 10:54:36:506 5252 Warning ClientContext::ParseICAPHeaders : Bad request, invalid size, ClientId: 0

08/30/2019 10:54:36:522 3096 Warning SocketManager::ReuseOrDisconnectClients Client 0 is deleted at step -1


08/30/2019 10:54:36:522 3096 Warning ClientContext::~ClientContext reuse START Client 0 at step -1

Any ideas what might be missing?

Thanks

 

0 Kudos
Reply
3 Replies
akatt
Employee
Employee
Report Inappropriate Content
Message 2 of 4
‎08-30-2019 03:49 PM

Re: VirusScan For Storage ICAP not working - ParseICAPHeaders : Bad request, invalid size

The VSES scan server can only accept chunks of 8k or less.   It will reject anything larger.  Below is a KB that will provide the requirements.  Also, make sure to check the Supported Environments KB, as not all ICAP Clients are certified to work with VSES.  If the ICAP Client isn't on the KB, it usually means that the ICAP Client vendor hasn't passed self-certification, and therefore they haven't been added to the KB as "supported," officially.  

VirusScan Enterprise for Storage compatibility testing with ICAP-based NAS appliances:
https://kc.mcafee.com/corporate/index?page=content&id=KB75543

Supported Environments for VSES:
https://kc.mcafee.com/corporate/index?page=content&id=KB74863


Was my reply helpful?

If this information was helpful in any way, or answered your question, will you please select "Accept as Solution" in my reply, or give kudos as appropriate, so together we can help other members?

0 Kudos
Reply
GunSling1
Level 7
Report Inappropriate Content
Message 3 of 4
‎09-02-2019 05:08 AM

Re: VirusScan For Storage ICAP not working - ParseICAPHeaders : Bad request, invalid size

I've tried testing small files ie: 'eicar.com' with the same results. I downloaded the ICAP client perl script from the community forum here. We are running the latest version and checked it is supported in our environment, any other ideas? Thanks
0 Kudos
Reply
akatt
Employee
Employee
Report Inappropriate Content
Message 4 of 4
‎09-03-2019 10:38 AM

Re: VirusScan For Storage ICAP not working - ParseICAPHeaders : Bad request, invalid size

The best data collection for this would be a packet capture (Wireshark usually works well), taken between the ICAP Client and ICAP Server.  This will help us validate the proper ICAP reqmod/respmod data, as well as allow us to follow the TCP stream and most likely identify the failure point.

Opening a service request and attaching the capture, as well as a MER from the scan server, should help us progress further.

What make/model of ICAP Client is currently being used to send these requests?

0 Kudos
Reply
You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use our Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from product experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by employees.
Join the Community
Join the Community

TrellixSkyhigh Security | Support Trellix.com SkyhighSecurity.com

Legal Privacy Copyright © 2023 Musarubra US LLC