ICAP Assertion is failing for a certain group of PDF files without populating ICAP Header Responses.
Contacted the McAfee Appliance owner and they confirmed that the PDF file is good and no virus is detected. SSG Logs indicate the below message which is incorrect as the service is up and running i.e. available.
2020-09-22T08:27:50.011-0700 WARNING 408 :9452: Service not available icap://<ICAP_SERVER_HOST>:1344/respmod.
Release : 9.4
Component : API GATEWAY
DecodingException and TooLongFrameException thrown if the number of the bytes of all ICAP Response Headers exceeds the default max value, 8192
by making the default max value be configurable via a cluster-wide property, icap.response.maxIcapHeaderSize. If the cluster property is set as -1, it means the max integer 2147483647 will be assigned to it.
The below left screenshot shows the default value. The right screenshot shows the customer should set it to -1.
Hot fix files need to be applied to have the new cluster property available:
Policy Manager and Manager are available if you want to update the Policy Manager also. The rpm are for the linux gateway.
Hotfix Installation Instructions:
Steps for the customer upgrading the gateway with the hotfix in TEST/QA environment:
1. service ssg stop
2. rpm -Uvh ssg-9.4.00-11019_CR03_hotfix_DE482032_DE430052.noarch.rpm
3. rpm -Uvh ssg-appliance-9.4.00-11019_CR03_hotfix_DE482032_DE430052.x86_64.rpm
4. service ssg start
5. login into a policy manager , goes to Menu Tasks -> Global Settings -> Manage Cluster Wide Properties and add/set the cluster property, icap.response.maxIcapHeaderSize to -1
6. Consume the simple policy for testing
Note: if you update the gateway in PROD, please backup some gateway configuration files such as
node.properties, system.properties, etc. The database should not be impacted.