The EtherSensor ICAP service is an ICAP server designed to receive the ICAP network traffic from any ICAP clients in REQMOD mode.
ICAP (Internet Content Adaptation Protocol) is designed to work only with HTTP and is used to filter the content and detect any harmful content (such as viruses, spyware/malware).
The ICAP client is the system that transfers HTTP traffic. It may include various HTTP proxies that support ICAP (e.g., SQUID, Blue Coat Proxy SG, Cisco IronPort S or Webwasher). Upon receipt of client data, some ICAP servers may process and modify them, if necessary.
Then the data are returned to the ICAP client that sends them on to a server or a client, depending on where the data have been directed.
Because the Microolap EtherSensor ICAP server only analyzes the traffic received via ICAP clients, the traffic always returns to the ICAP client without change. The system architecture using ICAP is shown below:
Fig. 16. EtherSensor ICAP service and ICAP client communication diagram.
Some ICAP clients use header extensions, which allows them to send information on users authorized on a proxy server to the ICAP server. This information is taken into account in further message processing in Microolap EtherSensor.
Command Line Parameters
The Windows EtherSensor ICAP service is set up to start automatically during Microolap EtherSensor installation. However, you can start the ethersensor_icap.exe process as a Windows application using the following command line parameters:
/process
Starts the ethersensor_icap.exe process as a regular Win32 process (may be helpful for debugging)
/service
Starts as a Windows service
/config
Saves the service default configuration