Depending on whether you set Content Analysis to serve or block password-protected archives, you might see an increase in ICAP_COMMUNICATION_ERROR messages in the ProxySG and Web Security Service (WSS) access logs.

The following flowchart shows the responses Content Analysis returns to the ProxySG appliance and WSS, and the actions the ProxySG appliance and WSS take.

Example Access Log Outputs

The following access log outputs are examples of the logs generated when Content Analysis is set to serve and block, and a user tries to download password-protected files. When set to serve, the logs contain ICAP_NO_MODIFICATION or ICAP_REPLACEMENT_REQUIRED. When set to block, the logs contain ICAP_COMMUNICATION_ERROR.

Example of access log when Content Analysis is set to serve

2022-11-29 22:09:50 1265 200 TCP_NC_MISS GET 10.169.31.53 80 /testfile500kb.zip "icap-error-code: password_protected, icap-error-details: File is password protected; File: testfile500kb.zip; Sub File: ; Vendor: McAfee, Inc.; Engine version: 6300.9389.412886189; Pattern version: 10546.0; Pattern date: 2022/11/29" ICAP_NO_MODIFICATION - 10.169.74.61 - -

Example of access log when Content Analysis is set to block

2022-11-29 22:09:21 1230 200 TCP_NC_MISS_RST GET 10.169.31.53 80 /testfile500kb.zip "icap-error-code: password_protected, icap-error-details: File is password protected; File: testfile500kb.zip; Sub File: ; Vendor: McAfee, Inc.; Engine version: 6300.9389.412886189; Pattern version: 10546.0; Pattern date: 2022/11/29" ICAP_COMMUNICATION_ERROR - 10.169.74.61 - fail_closed