Skip to main content

Kiteworks

Spectra Detect integration with Kiteworks

Kiteworks users can integrate Kiteworks with Spectra Detect over ICAP.

  1. Enable ICAP connector on Spectra Detect Manager.

Spectra Detect Manager ICAP Connector

  1. On Kiteworks, navigate to Admin console > Security policies > Files and folders > Security scanning tab, and click on Add to add the new integration.
  2. Enter the required values as described below:

  • Scanning type

    • Must be set to Anti-Virus.

  • Protocol

    • Must be set to ICAP.

  • Service name

    • Can be set to any value. The value will be displayed as the "service name" in the Kiteworks UI column. For example, it can be set to ReversingLabs.

  • Scan Email message body

    • Depends on user requirements. Users can leave the default value: Always scan.

  • Maximum file size

    • Should be the same or lower than the specified value in the ICAP connector configuration. By default, the value in ICAP configuration is 0 (unlimited), so any value on Kiteworks should work.

  • Policy for Files that are Larger than Max Size

    • Depends on user requirements. Set the value to either Allow download or Quarantine.

  • Policy for Existing Files in Kiteworks

    • Depends on user requirements. Set the value to either Allow access or Scan before access.

  • Policy for Files that Could Not be Scanned

    • Depends on user requirements. Set the value to either Allow download or Quarantine.

  • Scan timeout

    • Valid range on ICAP connector is from 1 to 86400 seconds. Default value is 300 seconds. Value on Kiteworks should be the same or lower than the specified value in the ICAP connector configuration.

  • ICAP Server Host

    • Must be the value of Spectra Detect Hub that hosts the ICAP connector.

  • ICAP Server Port

    • Must be the same port value that’s configured on the ICAP connector. Default value is 11344 for communication using secure ICAP.

  • ICAP Server URI

    • Use the URL format: icap://{icap_hub_hostname}:{icap_port}/spectraconnector. While icaps:// cannot be entered here, secure transport is configured later in the setup process. The service name spectraconnector is not an alias; it is the base service name and cannot be changed. Additional aliases such as avscan are available by default. You can also configure custom aliases, for example: my-new-alias-for-spectraconnector. From the ICAP client perspective, the base service name and all aliases share the same behavior.

  • ICAP Method

    • Must be set to GET.

  • Enable ICAP Transfer Encoding Chunked

    • Must be enabled.

  • ICAP KeyWords

    • Can be left blank.

  • ICAP X-Authenticated-User (Internal)

    • Can be set to any value, for example kiteworks. ICAP connector doesn’t take this header into account when processing files.

  • ICAP X-Authenticated-User Encoding (Internal)

    • Can be set to None (default).

  • Apply the same settings to external ICAP X-Authenticated-User

    • Can be enabled (default).

  • Enable ICAP SSL Mode

    • Must be enabled.

  • Enable ICAP Debug Mode

    • Should be disabled.

  • DLP Scan for Email

    • Can be set to the default value.

  • Notify by Email

    • Can be whatever the user requires. This is the email address that will receive notifications about the scanning results.

  • Locations

    • Should be enabled.

  • IP Whitelist Uploader

    • Enter the list of whitelisted IP addresses from which the requests are not scanned.

  • File Type Whitelist

    • Enter the list of whitelisted file types which will not be scanned.

Once the configuration is complete, the integration will be ready to use. Below is an example of the configuration:

Kiteworks configuration