File-scoring service protocols

The Aurora Engine file-scoring service supports three protocols:

  • A REST-based API called the Endpoint Defense Engine RESTful API (CERA), based on standard HTTP and HTTPS connections using JSON for both requests and responses. This protocol was introduced in Aurora Engine v0.11. Note that CERA is not available in Mono-based packages.
  • An Internet Content Adaptation Protocol (ICAP) service, based on the ICAP protocol (rfc3507). The service is situated between an ICAP client and the file-scoring service using the CERA. For documentation, see the ICAP service package that is downloaded separately.
  • The legacy Infinity Daemon Protocol (IDP), also known as the Endpoint DefenseTcpService Protocol, is the proprietary binary protocol supported by TcpShim, InfinityTcpService, and Endpoint DefenseTcpService.

    To use the service with this protocol, a TCP connection must be established with the server. The service can be configured to listen on any valid TCP port number (1024 - 65535). Port 9002 is the default port in InfinityDaemonClient, samplescored, samplescore, and ttmstatic. The port used by the service can be customized using the configuration file or the p or --port command-line option.

    For more information, see Appendix: Endpoint DefenseTcpService Protocol.

The protocols serve as a bridge between client code and Aurora Engine activities, acting as a generic service, providing the infrastructure to process files and hand the results back to the client.