ICAP TIMEOUT

[ReleaseTheCode]

i don´t speak english

Hi, first thanks for share it but i can´t run this, i send a simple text but doesn´t occur until the icap 408 error.

i attach wireshark captures.

Thanks ! Regars ;)

[Baekalfen]

Thanks for posting!

Which version did you try? Java or C#?

[ReleaseTheCode]

Java

[Baekalfen]

I have set up a C-ICAP server with the "echo" service, but I have not been able to replicate the error.

The server could be stuck somewhere. Have you looked at the server logs?

A wild guess might be to insert a line with "HTTP/1.0 200 OK\r\n" before the line with "Content-Length". The server you use, might be expecting a more "complete" HTTP header.

Just so you can see how it looks to me: C-ICAP client

Java client

[ReleaseTheCode]

these ejecution(JAVA) are using exactly the same code shared in github? or u was has to modify some lines of code? And whats mind "User-Agent : IT-Kartellet ICAP Client/1.1"?

[Baekalfen]

I am running the exact code, which is on GitHub right now.

As you can see from the "User-Agent", I ran the C-ICAP client as a test.

The User-Agent is just an identifier to show what client version is connecting.

[Baekalfen]

I'm not sure what you mean? You already have done that in your first post.

I don't know what you want me to send?

I don't see any way to proceed, without you looking at the ICAP server to see if it stops before answering back. Until proven otherwise, that is the only logical conclusion I can draw from the information you have shown.

[ReleaseTheCode]

I change the header and it work but it are not considers the file to scan.

And another curiosity is only work sending REQMOD ,but in the options, this return RESPMOD.

`String clientIP = "92.30.36.210";

        String httpRequest  = 
                "GET http://"+ clientIP+"/"+"eicar.com.txt"+ " HTTP/1.1\r\n"
                +"Host: icap.heal.check\r\n\r\n";

        String httpResponse = 
                "HTTP/1.1 200 OK\r\n"
                +"Transfer-Encoding: chunked\r\n\r\n";

        String icapRequest=
                "REQMOD icap://"+serverIP+":"+port+"/"+icapService+" ICAP/"+VERSION+"\r\n"
                +"Allow: 204\r\n"
                +"Connection: close\r\n"
                +"Host: "+serverIP+"\r\n"
                +"Encapsulated: req-hdr=0"
                + ", res-hdr="+httpRequest.length()
                + ", res-body="+(httpRequest.length()+httpResponse.length())+"\r\n\r\n";

        sendString(icapRequest+httpRequest+httpResponse);`

could guide me why the file is not consider ?

Thanks!

[Baekalfen]

It looks like you have "\r\n\r\n" right after "44" in the Wireshark dump. It should only be "\r\n".

[Baekalfen]

The request should probably look something like this instead:

REQMOD icap://.../RESPMOD ICAP/1.0
Allow: 204
Connection: close
Host: ...
Encapsulated: ...

GET http://.../eicar.com.txt HTTP/1.1
Host: icap.heal.check

HTTP/1.1 200 OK
Transfer-Encoding: chunked

44
X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*
0; ioef

[ReleaseTheCode]

And now don´t recognize the test malware file.

[ReleaseTheCode]

@Baekalfen Thanks so much for your time and help me patiently! Finally i get a response from my icap server!

have a nice day

[Baekalfen]

Great to hear!

Did you end up changing the code? If so, I would very much like to get a pull request with the improvements.

[ReleaseTheCode]

I will send a pull request,but keep in mind each ICAP server work different apparently.

Best Regards