About working with ICAP

In its default configuration, Symantec Protection Engine uses ICAP to communicate with the clients that run ICAP version 1.0, as presented in RFC 3507 (April 2003). Any client that uses this standard can use ICAP to communicate with Symantec Protection Engine to request scanning services.
The Symantec Protection Engine software development kit (SDK) is available for developing custom integrations with version 1.0 of ICAP. It includes client-side application program interfaces (API) to simplify the addition of AV scanning to any C, C++, Java, or .Net application.
When you use ICAP as the communication protocol, Symantec Protection Engine initially provides information to the ICAP client about which file types to scan. This information is based on the configuration of Symantec Protection Engine.
If the file extension is one that is identified for scanning, the ICAP client forwards the entire file to Symantec Protection Engine. If the file extension is unknown or is not one that is identified for scanning, the ICAP client forwards the first few bytes of the file. Symantec Protection Engine examines the first few bytes of the file to determine whether the file might contain a threat or security risk. Based on this examination, Symantec Protection Engine might request and scan a file even when it is not identified for scanning.
Symantec Protection Engine also scans POST transactions (sending data from a Web browser to a server using the HTTP protocol). When a threat or security risk is detected in a POST transaction file, Symantec Protection Engine blocks the file without trying to repair it. An HTTP message informs the posting client that a risk was detected and that the file was blocked.