XML Virus scanning uses a filter action sheet: store://Virus-ScanAttachment.xsl. This transform needs to be modified to include the URL of your ICAP server

Dictionary Attacks Protection uses count monitoring.

SQL injection Protection uses the store://SQL-Injection-Filter.xsl transformation.