1 Reply Latest reply on Feb 20, 2017 10:13 AM by Shunt

    ORDS and ICAP

    Aljaz Mali

      Hi all,


      I would like to ask for some help with configuring ORDS and ICAP.


      So my current settings are:

        OS: OEL x64 6.7


        APEX: 5.0.4

        ORDS: 3.0.8


      On my Linux I have installed i-cap (http://c-icap.sourceforge.net) and clamav anti virus. For my testing purposes I also have one infected file. DB, APEX, ORDS, ICAP, CLAMAV this is all installed on the same server.


      First I make a test if clamav is working:


      clamscan /tmp/eicar/eicar_com.zip

      /tmp/eicar/eicar_com.zip: Eicar-Test-Signature FOUND



      ----------- SCAN SUMMARY -----------

      Known viruses: 4998037

      Engine version: 0.99.2

      Scanned directories: 0

      Scanned files: 1

      Infected files: 1

      Data scanned: 0.00 MB

      Data read: 0.00 MB (ratio 0.00:1)

      Time: 9.173 sec (0 m 9 s)


      Next test is, if icap and clamav are working OK. For this I'm using


      /usr/local/c-icap/bin/c-icap-client -i oralin -p 1344


      ICAP server:oralin, ip:, port:1344



        Allow 204: Yes

        Preview: 1024

        Keep alive: Yes



        ICAP/1.0 200 OK

        Methods: RESPMOD, REQMOD

        Service: C-ICAP/0.4.4 server - Echo demo service

        ISTag: CI0001-XXXXXXXXX

        Transfer-Preview: *

        Options-TTL: 3600

        Date: Wed, 26 Oct 2016 09:48:31 GMT

        Preview: 1024

        Allow: 204

        X-Include: X-Authenticated-User, X-Authenticated-Groups

        Encapsulated: null-body=0



      Next I make a file scan (one clean and one infected)


      /usr/local/c-icap/bin/c-icap-client -i oralin -p 1344 -f /tmp/eicar/test.txt -s "virus_scan"


      ICAP server:oralin, ip:, port:1344

      No modification needed (Allow 204 response)


      /usr/local/c-icap/bin/c-icap-client -i oralin -p 1344 -f /tmp/eicar/eicar_com.zip -s "virus_scan"

      ICAP server:oralin, ip:, port:1344




         <title>VIRUS FOUND</title>



      <h1>VIRUS FOUND</h1>

      You tried to upload/download a file that contains the virus:

         <b> Eicar-Test-Signature </b>


      The Http location is:

      <b>  - </b>


        For more information contact your system administrator



      This message generated by C-ICAP service: <b> virus_scan </b>

      <br>Antivirus engine: <b> clamd-0992/22433 </b>





      So for me it looks like that icap and clamav are working.


      Next I have made a change to defaults.xml in ORDS settings


      <entry key="icap.port">1344</entry>

      <entry key="icap.server">oralin</entry>


      I have created report and form in APEX where I can upload files. If I make a test then I get back following error:

      503 Service Unavailable


      In ORDS log I can see this:

      The ICAP service is unavailable, check the icap.server and icap.port settings.


      After reviewing ICAP access log I can see this request:

      26/Oct/2016:12:00:00 +0200, RESPMOD AVSCAN?action=SCAN 404


      I have tried once more with icap client as (same request as I see it from accces log, when request comes from ORDS):

      /usr/local/c-icap/bin/c-icap-client -i oralin -p 1344 -f /tmp/eicar/test.txt -s "AVSCAN?action=SCAN"


      and in this case I don't get back proper response. So I have added to my icap virus_scan.conf this line


      ServiceAlias AVSCAN virus_scan?allow204=on&sizelimit=off&mode=simple


      after this change the same command is successful:


      /usr/local/c-icap/bin/c-icap-client -i oralin -p 1344 -f /tmp/eicar/test.txt -s "AVSCAN?action=SCAN"


      After this change and testing if I go back to my APEX application I do not get the error again. What happens now is that when I try to upload a file the error is gone, but nothing happens. Basically I see in my browser status bar message : Waiting for oralin.... and this takes then forever.


      I don't see new entries in icap access log and also no messages in icap server.log or ords log file.


      I would like to ask for help, if someone has an idea what has to be done in order that icap and ords would work.


      Thank you in advance,