A client machine failed to download a file from a server but when bypassing the proxy appliance, its working fine.
The Proxy is sending the object to be scanned by Content Analysis through ICAP protocol.
Release : ASG 6.7 and 7.x. Content Analysis 2.4 and 3.x.
Component : ICAP.
The file is getting dropped by the Content Analysis due to the file contains too many files in the archive that exceeded the limit set in the Content Analysis.
On the Content Analysis > Statistics > Historical Connections, it shows the following error:
The Content Analysis is having only one AV activated, in this example, its McAfee and Symantec Advanced Machine Learning (AML) is activated as well but no Symantec AV been activated.
So in this case, the setting 'Maximum total number of files in archive' need to be changed or increased to further confirm the issue is caused by this setting.
Increasing the value under the McAfee options did not help, issue still persist but increasing the value under the Symantec option did help.
However the resolution to this is not to increase the setting on the Content Analysis but rather on the Proxy side where a policy been created to bypass ICAP scanning for the affected URL since the URL is a trusted URL, so there should not be much concern.
Below is an example on how the policy will look like on the Visual Policy Manager on the Proxy side.