Technical Documentation

Downloads
Configuring Antivirus Protection (NSM Procedure)

Configuring Antivirus Protection (NSM Procedure)

This section includes the following topics:

Configuring a MIME Pattern List Custom Object

To configure a MIME pattern list custom object:

In the NSM navigation tree, select Device Manager > Devices.
Click the Device Tree tab, and then double-click the device for which you want to configure a MIME pattern list custom object.
Click the Configuration tab. In the configuration tree, select Security > Utm > Custom Objects.
Select Mime Pattern and click New.
Enter a unique name for the list.
Select Value and add a new entry.
Enter a value for the MIME pattern.
Click OK to save the changes.

Configuring a Filename Extension List Custom Object

To configure a filename extension list custom object:

In the NSM navigation tree, select Device Manager > Devices.
Click the Device Tree tab, and then double-click the device for which you want to configure a filename extension list.
Click the Configuration tab. In the configuration tree, select Security > Utm > Custom Objects.
Select Filename Extension and click New.
Enter a unique name for the extension list.
Select Value and add a new entry.
Enter the extensions in the Value box.
Click OK to save the changes.

Configuring a URL Pattern List Custom Object

To configure a URL pattern list custom object:

In the NSM navigation tree, select Device Manager > Devices.
Click the Device Tree tab, and then double-click the device for which you want to configure URL pattern list custom objects.
Click the Configuration tab. In the configuration tree, select Security > Utm > Custom Objects.
Select Url Pattern and click New.
Enter a unique name for the list.
Select Value and add a new entry.

In Value, enter the URLs or IP addresses you want added to the list for bypassing scanning.

Note: For URL pattern wildcard support, the wdildcard rule is as follows: \*\.[]\?* and you must precede all wildcard URLs with http://. You can only use an asterisk (*) if it is at the beginning of the URL and is followed by a dot (.). You can only use a question mark (?) at the end of the URL.

The following wildcard syntax is supported: http://*.juniper.net, http://www.juniper.ne?, http://www.juniper.n??. The following wildcard syntax is not supported: *.juniper.net , www.juniper.ne?, http://*juniper.net, http://*.

Click OK to save the changes.

Configuring a Custom URL Category List Custom Object

To configure a custom URL category list custom object:

In the NSM navigation tree, select Device Manager > Devices.
Click the Device Tree tab, and then double-click the device for which you want to URL category list custom objects.
Click the Configuration tab. In the configuration tree, select Security > Utm > Custom Objects.
Select Custom Url Category and click New.
Enter a unique name for the list.
Select Value and add a new entry.
Enter the name of the URL pattern list you created for bypassing scanning.
Click OK to save the changes.

Configuring an Antivirus Feature Profile

When configuring antivirus protection, you must first create the antivirus custom objects you are using. Those custom objects may include the MIME pattern list, MIME exception list, and the filename extension list. Once you have created your custom objects, you can configure full antivirus protection, including intelligent prescreening, and content size limits.

To configure an antivirus feature profile:

In the NSM navigation tree, select Device Manager > Devices.
Click the Device Tree tab, and then double-click the device for which you want to configure an antivirus feature profile.
Click the Configuration tab. In the configuration tree, select Security > Utm > Feature Profile > Antivirus > Kaspersky Lab Engine.
Add or modify antivirus profile settings as specified in Table 1.
Click one:
- New—Adds a new profile.
- OK—Saves the changes.
- Cancel—Cancels the modifications.

Table 1: Antivirus Feature Profile Settings

Option	Function	Your Action
Pattern Update
Url	Specifies the URL for the pattern database.	If the URL is not already entered, enter the URL for the pattern database. Note that the URL is http://update.juniper-updates.net/AV/SRX210 and you should not change it.
Interval	Specifies the time interval for automatically updating the pattern database.	Enter the time interval for automatically updating the pattern database. The default interval is 60 minutes.
No Autoupdate	Specifies whether automatic updates are disabled.	Select this option if you want to disable automatic updates and update the pattern database manually.
Pattern Update > Email Notify
Admin Email	Specifies the e-mail addresses of the administrators.	Enter the e-mail addresses of the administrators who should receive e-mail notifications when updates are made to the pattern file.
Custom Message	Specifies the text that will appear in the custom message.	Enter the text to appear in the body of the notification e-mail.
Custom Message Subject	Specifies the custom message subject.	Enter the text to appear in the subject line of the notification e-mail.
Profile
Name	Specifies the name of the Kaspersky lab engine profile.	Enter a unique name for the Kaspersky lab engine profile.
Profile > Fallback Options
Enable Feature	Enables fallback options.	Select this option to enable fallback options.
The available fallback options are as follows: Default Corrupt File Password File Decompress Layer Content Size Engine Not Ready Timeout Out of Resources Too Many Requests	Specifies the fallback options.	Select log-and-permit or block from the list.
Profile > Notification Options
Enable Feature	Enables notification options.	Select this option to enable notification options.
The notification options that can be configured are the following: Fallback Block Fallback Non Block Virus Detection	Specifies the notification actions for fallback block, fallback nonblock, and virus detection.	Custom Message—Enter the text to appear in the body of the notification e-mail. Custom Message Subject—Enter the text to appear in the subject line of the notification e-mail. notify-mail-sender—Select this option to notify the sender of the mail. Type—Select protocol-only or message from the Type list.
Profile > Scan Options
Enable Feature	Enables scan options.	Select this option to enable scan options.
intelligent-prescreening	Enables intelligent prescreening.	Select this option to enable intelligent prescreening.
Content Size Limit	Specifies the content size parameters. The content size check occurs before the scan request is sent. The content size refers to accumulated TCP payload size.	Enter content size parameters.
Timeout	Specifies the scanning timeout parameters.	Enter the scanning timeout parameters.
Profile > Trickling
Enable Feature	Enables trickling feature.	Select this option to enable trickling feature.
Timeout	Specifies the trickling timeout parameters.	Enter the trickling timeout parameters.
Antivirus > Mime Whitelist
Enable Feature	Enables this feature.	Select this option to enable this feature.
List	Specifies the name of the URL whitelist.	Enter the name of the URL whitelist custom object you created.

Configuring a UTM Policy for Express Antivirus

To configure a UTM policy for express antivirus:

In the NSM navigation tree, select Device Manager > Devices.
Click the Device Tree tab, and then double-click the device that you want to configure.
Click the Configuration tab. In the configuration tree, select Security > Utm > Utm Policy.
Click New to add a new UTM policy entry.
Enter a unique name for the UTM policy.
Select Antivirus and enter the name of the antivirus profile.
In the Http, Imap, Pop3, or Smtp profile boxes, enter the name of the profile you created earlier.
For Ftp, select the upload and download profiles.
Click OK to save the changes.

Once you have configured a UTM policy for express antivirus, attach the UTM policy to a security policy that you create.