The proxy antivirus mode in Artica proposes the use of ClamAV using a gateway named ICAP HTTP Security service .
This gateway uses the ICAP protocol to transfer the downloaded content from the proxy to the antivirus engine.
By default, the proxy does not perform on-the-fly decryption.
In this mode, the proxy simply tunnels between browsers and web sites on the Internet.
In this tunnel, the stream is unreadable by the proxy.
Therefore, we would like to point out that SSL streams will not be analyzed by the antivirus if you do not perform SSL decryption with the proxy.
By default, only the HTTP protocol will be analyzed.
When you have several Artica servers and especially in cluster mode (HaCluster for example), it is more common to use a central server whose objective will be to provide antivirus scanning for the entire Artica farm.