# Configure ICAP
These configuration settings are fully utilized when an ICAP server definition is referenced from a virtual path, i.e. when implicit scan is used.
When ICAP is referred from an ICAP Service Task (see [Configuring Triggerable Service Tasks - ICAP](/data-mover-1.21/workflow-templates/service-tasks/triggerable-service-tasks.md#icap)), only connection parameters must be used.
Here is how to configure an ICAP server.
Go to **Setup** → **ICAP** and click on the **NEW** button. This will open the **New ICAP** page.
Insert and select the parameters that Data Mover needs to connect to the ICAP server. Remember that all parameters with an **\*** are mandatory:
| Parameter | Description |
| --------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| **Name \*** | Name of the ICAP connection you are creating. |
| **Description** | Description of the ICAP connection you are creating. The maximum number of characters is 2048. |
| **Host \*** | Remote ICAP host IP Address or hostname. The maximum number of characters is 255. |
| **Port \*** | Port to connect to the remote host (1 to 65535). Default value: 1344. |
| **HTTP Method \*** | The HTTP method used to interact with the
ICAP Server. Possible values are:
- GET (default value)
- POST
- PUT
|
| **ICAP Method \*** | The ICAP method used to interact with the
ICAP Server. Possible values:
- RESPMOD (default value)
- REQMOD
|
| **AV service \*** | Name of the AV service. At least one of the two services AV service or DLP service needs to be configured; an ICAP engine can provide only one or both services. The maximum number of characters is 255. |
| **DLP service \*** | Name of the DLP service. At least one of the two services AV service or DLP service needs to be configured; an ICAP engine can provide only one or both services. The maximum number of characters is 255. |
| **Basic authentication** | Option to activate basic authentication when you connect to an ICAP server.
Possible values:
- Enabled
- Disabled (default value)
|
| **Username** | This field is editable only when the Basic authentication option is enabled. Username for the Basic authentication. |
| **Password** | This field is editable only when the Basic authentication option is enabled. Password for the Basic authentication. |
| **Preview size** | The size in bytes of the preview sent to the ICAP server. Default value: 1024. |
| **Max file size** | The maximum size in megabytes of the file sent to the ICAP service. If the actual file size is larger than the maximum file size, the file will not be sent to the ICAP server for scanning. |
| **SSL** | Option to activate an SSL authentication protocol.
Possible values:
- Enabled
- Disabled (default value)
|
| **Match server hostname** | Possible values:
- Enabled
- Disabled (default value)
When set to Enabled, the Client verifies that the Distinguished Name (DN) certificate contains the IP that has been contacted (i.e., the HOST value above).
|
| **Server key label** | Key identifier to create the SSL connection |
| **Authentication protocol** | Select the SSL authentication protocol:
|
| **Accepted cipher suites** | Select the cipher suites SSH. Possible options:
|
| **Connection timeout** | Number of seconds without network activity to wait before closing a session due to inactivity.
Default value: 10.
|
| **Response timeout** | Number of seconds without a response from the server to wait before closing a session due to no response from the server.
Default value: 120.
|
| **Max retries** | Maximum number of retries. If this field is empty or set to 0, no retries will be executed and the job will be set to Failed if the first attempt is not successful. A high value corresponds to a high number of retrying attempts. |
| **Retry interval** | Time (in seconds) waited before retrying executing a job. The lower the value, the more frequent the retrying attempts. If this field is empty or set to 0, no retries will be executed and the job will be set to Failed if the first attempt is not successful. |
| **Server unavailable** | Define whether to allow or delete a file if the ICAP server is unavailable and the scan cannot be performed. Possible values:
- Allow (default value)
- Delete
Click the ADD button in the Notification box to send a notification when a file cannot be scanned because the server is unavailable. In the New Notification pop-up define a Name for the notification and select the Notification Channel you want to use.
|
| **AV threat detected** | When an AV threat is detected on a scanned file, the file is automatically deleted.
Click the ADD button in the Notification box to send a notification when a file is deleted because an AV threat has been detected. In the New Notification pop-up define a Name for the notification and select the Notification Channel you want to use.
|
| **DLP breach detected** | When a DLP breach is detected on a scanned file, the file is automatically deleted.
Click the ADD button in the Notification box to send a notification when a file is deleted because a DLP threat has been detected. In the New Notification pop-up define a Name for the notification and select the Notification Channel you want to use.
|
| **File scan skipped** | Define whether to allow or delete a file if the scan has been skipped due to the file size exceeding the max size set above. Possible values:
- Allow (default value)
- Delete
Click the ADD button in the Notification box to send a notification when a file scan has been skipped. In the New Notification pop-up define a Name for the notification and select the Notification Channel you want to use.
|
Once you have set all the necessary parameters, click **Save** and your ICAP server will appear in the list of results, where these columns are available:
* **Modified**: this is the last time a server has been modified
* **ICAP**: this is the name of the ICAP server
* **AV service**: this is the name of the AV service associated with the ICAP server
* **DLP service**: this is the name of the DLP service associated with the ICAP server
* **Host**: this is the host name
The **3-dots icon** at the end of each entry lets the user **Edit** and **Delete** the ICAP server. Learn how to use the **toolbar** at the top of the page [here](/data-mover-1.21/getting-started/navigate-through-primeur-data-mover.md#the-toolbar).
The results can be sorted by ICAP name in the **Filters** panel on the right side of the page.
The next step to configure an ICAP connection is to create a [Mediation Contract](/data-mover-1.21/contracts/create-your-first-contract/create-a-mediation-contract.md).
---
# Agent Instructions: Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.
Perform an HTTP GET request on the current page URL with the `ask` query parameter:
```
GET https://docs.primeur.com/data-mover-1.21/security/icap/configure-icap.md?ask=
```
The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.
Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.