Classification of Antivirus Scanning Overview
A virus is executable code that infects or attaches itself to other executable code to reproduce itself. Some malicious viruses erase files or lock up systems, while other viruses merely infect files and can overwhelm the target host or network with bogus data.
Juniper Networks supports internal and external antivirus (AV) scanning on select security devices. Use the antivirus (AV) option to configure AV scanning. Security devices may provide one or more of the following antivirus scanning methods:
- External AV scanning—Uses an external Trend Micro device for scanning. (Supported in ScreenOS 5.2. Not supported in ScreenOS 5.3 or later.) The security device forwards all traffic to be scanned to the Trend Micro device. To configure external AV scanning, use the AV Scanner settings.
- Internal AV scanning—Uses the AV scanner on the security device and is not supported by all security devices. To configure internal AV scanning, use the AV Scan Manager settings (see Internal Antivirus Scan Manager Settings Overview).
- Internet Content Adaptation Protocol (ICAP) scanning—Uses an external ICAP server or server group for scanning. Supported in ScreenOS 5.4 and later. Use the ICAP object and ICAP AV object in Object Manager to create ICAP AV objects. These objects are not assigned to the security device. Instead, they are assigned through a Rule option in a security policy. See DNS Server Configuration Using DNS Settings.
You can also configure the internal AV scanner to scan webmail responses from a Web server to a client. For information, see Internal Antivirus HTTP Webmail Settings Overview.
The various antivirus scan settings are as follows:
- External Antivirus Scanner Settings
- Internal Antivirus Scan Manager Settings
- Internal Antivirus HTTP Webmail Settings
- Antivirus Scanner Settings
