How do I streamline ICAP to reduce the overall load as much as possible on the AV scanner or ICAP device?
Install the ICAP best practice policy, found in Chapter 9 of the ProxySG ProxyAV Integration Guide. This documentation is deprecated. CAS Integration with ProxySG guide can be found here.
On the ProxyAV appliance, ensure that no proxy servers are being used for AV updates, as doing so can slow down the update install and take up CPU.. Confirm this on the ProxyAV appliance in Network > Proxy Serversfor updates. If there is an entry, remove it and permit the ProxyAV appliance IP address to leave your network directly.
If performance issues occur at the same interval as the ProxyAV appliance's AV update times, try setting update times outside of your office's working hours. Do this from the ProxyAV Management Console under Antivirus > Update Settings > update frequency = 500
Manage queued connections on the ProxySG appliance. Do this from the ProxySG management console here: Configuration > External Services > Icap.
Choose the response and/or request service > edit : “Defer scanning at threshold %” – in the icap service. This will queue files that take long to scan – lower the threshold to lower the load on the ProxyAV. NB, there is no option to do this by protocol.
"Maximum number of connections” – increase to increase the load on the SG, and regulate the load on the AV
“Connection timeout” – this is a blunt instrument to cut scans that take too long – can cause user complaints for large downloads, but can be useful to set a strict download ceiling and thus save system resources for devices that are overloaded.
Manage queued connections on the ProxyAV appliance. Do this from the ProxyAV management console under AV > antivirus > scanning behaviour. Set File scanning timeout to either drop or serve content according to setting.