F5 with Symantec external antivirus (ICAP protocol)
Hi, first time asking a question here. We're trying to setup an F5 ASM to forward files to external antivirus for scanning (Symantec Protection Engine for Cloud Services) with ICAP protocol. There have been minor problems which we resolved, but now we see a problem with F5 not generating a response page when a file is malicious. Under Application Security>Blocking>Response Pages we have selected a default response page. Maybe this should be customized? How?
Also, under Event Logging for events when a virus file is detected and deleted by Symantec AV, we see Response Code N/A. Shouldn't we see a http response code 403 that a virus is detected? Based on this response code, we should be able to later customize response page?
Please some insight would be helpful.
Regards, Goran