Kaspersky Lab kaspersky anti-virus 5.5 for proxy server Mode D'Emploi
CHAPTER 2. OPERATION
ALGORITHM AND TYPICAL
DEPLOYMENT SCENARIOS
DEPLOYMENT SCENARIOS
This chapter contains essential information necessary for understanding of
application functionality, its configuration and integration with an existing network
structure.
application functionality, its configuration and integration with an existing network
structure.
2.1. The algorithm of application
functioning
Kaspersky Anti-Virus scans HTTP traffic using two modes of proxy operation:
REQMOD and RESPMOD.
REQMOD and RESPMOD.
In the RESPMOD mode the application checks objects requested by users via a
proxy server. In the REQMOD mode it scans objects transmitted from users
through the proxy. REQMOD is applied, for instance, for anti-virus scanning of e-
mail messages sent by users via a web-based mail server interface. Kaspersky
Anti-Virus scans message attachments transferred by users to mail servers.
proxy server. In the REQMOD mode it scans objects transmitted from users
through the proxy. REQMOD is applied, for instance, for anti-virus scanning of e-
mail messages sent by users via a web-based mail server interface. Kaspersky
Anti-Virus scans message attachments transferred by users to mail servers.
The application performs anti-virus scanning of Internet traffic in the RESPMOD
mode in accordance with the following procedure (see Fig. 1):
mode in accordance with the following procedure (see Fig. 1):
1. User requests an object through a Squid proxy via HTTP.
2. If the requested object is available within the Squid proxy cache, it
will be returned to the user. If the object has not been found in
cache, Squid proxy accesses a remote server and downloads the
requested object from it.
cache, Squid proxy accesses a remote server and downloads the
requested object from it.
3. Squid uses ICAP to transfer the retrieved object to Kaspersky Anti-
Virus for an anti-virus check.
4. Kaspersky Anti-Virus verifies correspondence of request
parameters (user IP address, URL of the requested object) to any
of its groups (please refer to section 5.1 on p. 34 for details about
groups). If it finds such group, then the application scans and
processes the object as necessary in accordance with the rules
specified for that group. If a request does not match any of the
of its groups (please refer to section 5.1 on p. 34 for details about
groups). If it finds such group, then the application scans and
processes the object as necessary in accordance with the rules
specified for that group. If a request does not match any of the