This article explains on how to setup the CAS appliance to send the hash information of the scanned object to the syslog server.
Go to Settings > Logging > Set the “ICAP_CONNECTION” Syslog to “INFO” and make sure the File is set to “NONE”.
Enabling the module to File should only been done during troubleshooting in order to prevent from the File taking too much disk space on the appliance.
This setting will cause the logs that contains those scanned objects with the hash information been sent to the Syslog server.
Below are two samples syslog that contains the hash information for the scanned object.
<46>1 2021-06-17T06:39:02.572Z 10.0.80.30 avservice 6653 - https://secure.eicar.org/eicar.com verdict malicious. Hash: 3395856ce81f2b7382dee72602f798b642f14140 Tenant: N/A Transaction: f454a9c809b1f5c5-0000000000012723-0000000060caee04
<46>1 2021-06-17T06:38:45.121Z 10.0.80.30 avservice 6653 - https://www.eicar.org/wp-content/themes/enfold/js/shortcodes.js?ver=4.1 verdict not malicious. Hash: 0942651fecf57a5f50972f7a65334829ff7773a7 Tenant: N/A Transaction: f454a9c809b1f5c5-0000000000012716-0000000060caedf4