ICAP error 0x80070057 returned when Kaspersky enhanced scanning is enabled


Article ID: 169248


Updated On:


Content Analysis Software - CA Advanced Secure Gateway Software - ASG


The Kaspersky AV engine allows customers to enable certain enhanced scanning features, these are configurable from the CAS GUI

Services -> AV Scanning Behavior - > Engine Settings

Enabling these features may cause certain web sites to fail to load.


ICAP Error (icap_error)

An error occurred while performing an ICAP operation: Anti-virus engine error (26:0x80070057); File: noname; Sub File: ; Vendor: Kaspersky Labs; Engine version; Pattern version: 180720.133800.11863587; Pattern date: 2018/07/20 13:38:00

For assistance, contact your network support team. 


The error is caused by the website returning non-RFC2616 characters in response headers.

This is not obvious from a pcap

User-added image

But is easy to see in a browsers developer tools

User-added image


Content Analysis System running CAS 1.3 -

Advanced Secure Gateway running SGOS 6.6 -


This issue is first addressed in CAS and above as well as ASG and above.


There are a few workarounds to address this concern:

  1. Disable the "Enhanced Scanning". This setting is located under Services -> AV Scanning Behavior -> Kaspersky Options
  2. On the proxy appliance disable ICAP for the resource hosting the file so it's not sent to the CAS appliance for AV scanning

Alternatively contacting the administrator of the web site and asking that they not use non RFC complaint characters in the headers will resolve the issue.