Configuring Antivirus Protection (NSM Procedure)
This section includes the following topics:
- Configuring a MIME Pattern List Custom Object
- Configuring a Filename Extension List Custom Object
- Configuring a URL Pattern List Custom Object
- Configuring a Custom URL Category List Custom Object
- Configuring an Antivirus Feature Profile
- Configuring a UTM Policy for Express Antivirus
Configuring a MIME Pattern List Custom Object
To configure a MIME pattern list custom object:
- In the NSM navigation tree, select Device Manager > Devices.
- Click the Device Tree tab, and then double-click the device for which you want to configure a MIME pattern list custom object.
- Click the Configuration tab. In the configuration tree, select Security > Utm > Custom Objects.
- Select Mime Pattern and click New.
- Enter a unique name for the list.
- Select Value and add a new entry.
- Enter a value for the MIME pattern.
- Click OK to save the changes.
Configuring a Filename Extension List Custom Object
To configure a filename extension list custom object:
- In the NSM navigation tree, select Device Manager > Devices.
- Click the Device Tree tab, and then double-click the device for which you want to configure a filename extension list.
- Click the Configuration tab. In the configuration tree, select Security > Utm > Custom Objects.
- Select Filename Extension and click New.
- Enter a unique name for the extension list.
- Select Value and add a new entry.
- Enter the extensions in the Value box.
- Click OK to save the changes.
Configuring a URL Pattern List Custom Object
To configure a URL pattern list custom object:
- In the NSM navigation tree, select Device Manager > Devices.
- Click the Device Tree tab, and then double-click the device for which you want to configure URL pattern list custom objects.
- Click the Configuration tab. In the configuration tree, select Security > Utm > Custom Objects.
- Select Url Pattern and click New.
- Enter a unique name for the list.
- Select Value and add a new entry.
- In Value, enter the URLs or IP addresses you want
added to the list for bypassing scanning.
Note: For URL pattern wildcard support, the wdildcard rule is as follows: \*\.[]\?* and you must precede all wildcard URLs with http://. You can only use an asterisk (*) if it is at the beginning of the URL and is followed by a dot (.). You can only use a question mark (?) at the end of the URL.
The following wildcard syntax is supported: http://*.juniper.net, http://www.juniper.ne?, http://www.juniper.n??. The following wildcard syntax is not supported: *.juniper.net , www.juniper.ne?, http://*juniper.net, http://*.
- Click OK to save the changes.
Configuring a Custom URL Category List Custom Object
To configure a custom URL category list custom object:
- In the NSM navigation tree, select Device Manager > Devices.
- Click the Device Tree tab, and then double-click the device for which you want to URL category list custom objects.
- Click the Configuration tab. In the configuration tree, select Security > Utm > Custom Objects.
- Select Custom Url Category and click New.
- Enter a unique name for the list.
- Select Value and add a new entry.
- Enter the name of the URL pattern list you created for bypassing scanning.
- Click OK to save the changes.
Configuring an Antivirus Feature Profile
When configuring antivirus protection, you must first create the antivirus custom objects you are using. Those custom objects may include the MIME pattern list, MIME exception list, and the filename extension list. Once you have created your custom objects, you can configure full antivirus protection, including intelligent prescreening, and content size limits.
To configure an antivirus feature profile:
- In the NSM navigation tree, select Device Manager > Devices.
- Click the Device Tree tab, and then double-click the device for which you want to configure an antivirus feature profile.
- Click the Configuration tab. In the configuration tree, select Security > Utm > Feature Profile > Antivirus > Kaspersky Lab Engine.
- Add or modify antivirus profile settings as specified in Table 1.
- Click one:
- New—Adds a new profile.
- OK—Saves the changes.
- Cancel—Cancels the modifications.
Table 1: Antivirus Feature Profile Settings
Option | Function | Your Action |
|---|---|---|
| Pattern Update | ||
Url | Specifies the URL for the pattern database. | If the URL is not already entered, enter the URL for the pattern database. Note that the URL is http://update.juniper-updates.net/AV/SRX210 and you should not change it. |
Interval | Specifies the time interval for automatically updating the pattern database. | Enter the time interval for automatically updating the pattern database. The default interval is 60 minutes. |
No Autoupdate | Specifies whether automatic updates are disabled. | Select this option if you want to disable automatic updates and update the pattern database manually. |
| Pattern Update > Email Notify | ||
Admin Email | Specifies the e-mail addresses of the administrators. | Enter the e-mail addresses of the administrators who should receive e-mail notifications when updates are made to the pattern file. |
Custom Message | Specifies the text that will appear in the custom message. | Enter the text to appear in the body of the notification e-mail. |
Custom Message Subject | Specifies the custom message subject. | Enter the text to appear in the subject line of the notification e-mail. |
| Profile | ||
Name | Specifies the name of the Kaspersky lab engine profile. | Enter a unique name for the Kaspersky lab engine profile. |
| Profile > Fallback Options | ||
Enable Feature | Enables fallback options. | Select this option to enable fallback options. |
The available fallback options are as follows:
| Specifies the fallback options. | Select log-and-permit or block from the list. |
| Profile > Notification Options | ||
Enable Feature | Enables notification options. | Select this option to enable notification options. |
The notification options that can be configured are the following:
| Specifies the notification actions for fallback block, fallback nonblock, and virus detection. |
|
| Profile > Scan Options | ||
Enable Feature | Enables scan options. | Select this option to enable scan options. |
intelligent-prescreening | Enables intelligent prescreening. | Select this option to enable intelligent prescreening. |
Content Size Limit | Specifies the content size parameters. The content size check occurs before the scan request is sent. The content size refers to accumulated TCP payload size. | Enter content size parameters. |
Timeout | Specifies the scanning timeout parameters. | Enter the scanning timeout parameters. |
| Profile > Trickling | ||
Enable Feature | Enables trickling feature. | Select this option to enable trickling feature. |
Timeout | Specifies the trickling timeout parameters. | Enter the trickling timeout parameters. |
| Antivirus > Mime Whitelist | ||
Enable Feature | Enables this feature. | Select this option to enable this feature. |
List | Specifies the name of the URL whitelist. | Enter the name of the URL whitelist custom object you created. |
Configuring a UTM Policy for Express Antivirus
To configure a UTM policy for express antivirus:
- In the NSM navigation tree, select Device Manager > Devices.
- Click the Device Tree tab, and then double-click the device that you want to configure.
- Click the Configuration tab. In the configuration tree, select Security > Utm > Utm Policy.
- Click New to add a new UTM policy entry.
- Enter a unique name for the UTM policy.
- Select Antivirus and enter the name of the antivirus profile.
- In the Http, Imap, Pop3, or Smtp profile boxes, enter the name of the profile you created earlier.
- For Ftp, select the upload and download profiles.
- Click OK to save the changes.
Once you have configured a UTM policy for express antivirus, attach the UTM policy to a security policy that you create.
