You can use J-Web or the CLI to configure the full antivirus
feature. When configuring antivirus protection, you must first create
the antivirus custom objects you are using. Those custom objects may
include the MIME pattern list, MIME exception list, and the filename
extension list. Once you have created your custom objects, you can
configure full antivirus protection, including intelligent prescreening,
and content size limits.
For each UTM feature, you should configure feature parameters
in the following order:
First configure UTM custom objects (if any),
for the feature in question. Custom objects are global parameters
for UTM features. That is, configured custom objects apply to all
UTM policies where applicable, rather than only to individual policies.
The CLI commands for setting antivirus custom objects are:
user@host# set security utm custom-objects mime-pattern
user@host# set security utm custom-objects filename-extension
user@host# set security utm custom-objects url-pattern
user@host# set security utm custom-objects custom-url-category
Configure main feature parameters, called
feature profiles.
The CLI command for setting antivirus feature profiles is :
user@host# set security utm feature-profile anti-virus
kaspersky-lab-engine
Configure a UTM policy for each protocol
and attach this policy to a profile.
CLI commands for configuring a UTM policy for HTTP (for example)
and attaching that policy to a profile are:
user@host# set security utm utm-policy <name>
user@host# set security utm utm-policy utmp2 anti-virus http-profile http1
Attach the UTM policy to a firewall security
policy.
The CLI command for attaching a UTM policy to a security policy
is:
user@host# set security policies
user@host# set security policies from-zone trust to-zone
untrust policy p2 then permit application-services
utm-policy utmp2
J-Web Configuration
To configure antivirus protection using the J-Web configuration
editor, you must first create your custom objects (MIME Pattern List,
Filename Extension List, URL Pattern List, and Custom URL Category
List).
Configure a MIME Pattern List Custom Object as follows :
Select Configure>Security>UTM>Custom
Objects.
From the MIME Pattern List tab, click the Add button to create MIME pattern lists.
In the Add MIME Pattern pop-up window, next to
MIME Pattern Name, enter a unique name for the list you are creating.
Keep in mind that you are creating a MIME white list and a MIME
exception list (if necessary). Both MIME lists appear in the MIME
Whitelist and Exception MIME Whitelist fields when you configure antivirus.
Therefore, the MIME list names you create should be as descriptive
as possible.
Next to MIME Pattern Value, enter the MIME pattern.
Click Add to add your MIME
pattern to the Values list box.
Within this box, you can also select an entry and use the Delete
button to delete it from the list. Continue to add MIME patterns in
this manner.
Optionally, create a new MIME list to act as an
exception list.
The exception list is generally a subset of the main MIME list.
Click OK to save the selected
values as part of the MIME list you have created.
If the configuration item is saved successfully,
you receive a confirmation and you must click OK again. If it is not saved successfully, you can click Details in the pop-up window that appears to discover why.
Configure a Filename Extension List Custom Object as follows :
Select Configure>Security>UTM>Custom
Objects.
From the Filename Extension List tab, click the Add button to create filename extension lists.
Next to File Extension Name, enter a unique name
for the list you are creating.
This name appears in the Scan Option By Extension list when
you configure an antivirus profile.
In the Available Values box, select one or more
default values (press Shift to select multiple concurrent items or
press Ctrl to select multiple separate items) and click the right
arrow button to move the value or values to the Selected Values box.
Click OK to save the selected
values as part of the extension list you have created.
If the configuration item is saved successfully,
you receive a confirmation and you must click OK again. If the profile is not saved successfully, you can click Details in the pop-up window that appears to discover
why.
Configure a URL Pattern List Custom Object as follows:
Note:
Because you use URL Pattern Lists to create Custom URL Category
Lists, you must configure URL Pattern List Custom Objects before you
configure a Custom URL Category List.
Select Configure>Security>UTM>Custom
Objects.
From the URL Pattern List tab, click the Add button to create URL pattern lists.
Next to URL Pattern Name, enter a unique name for
the list you are creating. This name appears in the Custom URL Category
List Custom Object page for selection.
Next to URL Pattern Value, enter the URL or IP
address you want added to the list for bypassing scanning.
Note:
URL pattern wildcard support—The wildcard rule is as follows: \*\.[]\?* and you must precede all wildcard URLs with http://. You can only use “*” if it is at the beginning
of the URL and is followed by a “.”. You can
only use “?” at the end of the URL.
The following wildcard syntax IS supported: http://*.juniper.net, http://www.juniper.ne?, http://www.juniper.n??. The following wildcard syntax is NOT supported: *.juniper.net ,
www.juniper.ne?, http://*juniper.net, http://*.
Click Add to add your URL
pattern to the Values list box.
The list can contain up to 8192 items. You can also select an
entry and use the Delete button to delete it from the list. Continue
to add URLs or IP addresses in this manner.
Click OK to save the selected
values as part of the URL pattern list you have created.
If the configuration item is saved successfully,
you receive a confirmation and you must click OK again. If it is not saved successfully, you can click Details in the pop-up window that appears to discover why.
Configure a Custom URL Category List Custom Object as follows .
Note:
Because you use URL Pattern Lists to create Custom URL Category
Lists, you must configure URL Pattern List Custom Objects before you
configure a Custom URL Category List. URL Pattern List Custom Objects
are described in the previous section.
Select Configure>Security>UTM>Custom
Objects.
From the URL Category List tab, click Add to create URL category lists.
Next to URL Category Name, enter a unique name
for the list you are creating. This name appears in the URL Whitelist
list when you configure antivirus global options.
In the Available Values box, select a URL Pattern
List name from the list for bypassing scanning and click the right
arrow button to move it to the Selected Values box.
Click OK to save the selected
values as part of the custom URL list you have created.
If the configuration item is saved successfully,
you receive a confirmation and you must click OK again. If it is not saved successfully, you can click Details in the pop-up window that appears to discover why.
Now that your custom objects have been created, you can configure
the antivirus feature profile.
Select Configure>Security>UTM>Global
options.
In the Anti-Virus tab, next to MIME whitelist,
select the custom object you created from the list.
Next to Exception MIME whitelist, select the custom
object you created from the list.
Next to URL Whitelist, select the custom object
you created from the list.
In the Engine Type section, select the type of
engine you are using.
For full antivirus protection, you should select Kaspersky Lab.
In the Kaspersky Lab Engine Option section, enter
the URL for the pattern database in the Pattern update URL box.
Next to Pattern update interval, enter the time
interval, in seconds, for automatically updating the pattern database
in the box.
The default interval is 60.
Select whether you want the pattern file to update
automatically (Auto update) or not (No Auto update).
Click OK to save the selected
values.
If the configuration item is saved successfully,
you receive a confirmation and you must click OK again. If it is not saved successfully, you can click Details in a pop-up window that appears to discover why.
Select Anti-Virus, under Security,
in the left pane.
Click Add in the right window
to create a profile for the antivirus Kaspersky Lab Engine. (To edit
an existing item, select it and click the Edit button.)
Next to Profile name, enter a unique name for this
antivirus profile.
Select the Profile Type.
In this case, select Kaspersky.
Next to Trickling timeout, enter timeout parameters.
Note that trickling applies only to HTTP. HTTP trickling is a mechanism
used to prevent the HTTP client or server from timing out during a
file transfer or during antivirus scanning.
Next to Intelligent prescreening, select Yes or No.
Note:
Intelligent prescreening is only intended for use with non-encoded
traffic. It is not applicable for mail protocols (SMTP, POP3, IMAP,
and HTTP POST).
In the Scan Options section, next to Intelligent
prescreening, select Yes if you are using it. .
Note:
Intelligent prescreening is only intended for use with non-encoded
traffic. It is not applicable for mail protocols (SMTP, POP3, IMAP,
and HTTP POST).
Next to Content Size Limit, enter content size
parameters. The content size check occurs before the scan request
is sent. The content size refers to accumulated TCP payload size.
Next to Scan engine timeout, enter scanning timeout
parameters.
Next to Decompress Layer Limit, enter decompression
layer limit parameters.
In the Scan mode section, select either Scan all files, if you are scanning all content,
or Scan files with specified extension, if you
are scanning by file extensions.
If you select Scan files with specified extension, you must
select a filename extension list custom object from the Scan engine
filename extention list that appears .
Select the Fallback settings tab.
Next to Default (fallback option), select Log and permit or Block from
the list.
Note that in most cases, Block is the default fallback option.
Next to Corrupt File (fallback option), select Log and permit or Block from
the list.
Next to Password File (fallback option), select Log and permit or Block from
the list.
Next to Decompress Layer (fallback option), select Log and permit or Block from
the list.
Next to Content Size (fallback option), select Log and permit or Block from
the list.
Next to Engine Not Ready (fallback option), select Log and permit or Block from
the list.
Next to Timeout (fallback option), select Log and permit or Block from
the list.
Next to Out Of Resources (fallback option), select Log and permit or Block from
the list.
Next to Too Many Request (fallback option), select Log and permit or Block from
the list.
Select the Notification options tab.
In the Fallback block section, next to Notification
type, select Protocol Only or Message to select the type of notification that is sent when
a fallback option of block is triggered.
Next to Notify mail sender, select Yes or No.
If you selected Yes, next to Custom Message, enter
text for the message body of your custom message for this notification
(if you are using a custom message).
Next to Custom message subject, enter text to appear
in the subject line of your custom message for this notification (if
you are using a custom message).
In the Fallback non block section, next to Notify
mail recipient, select Yes or No.
If you selected Yes, next to Custom Message, enter
text for the message body of your custom message for this notification
(if you are using a custom message).
Next to Custom message subject, enter text to appear
in the subject line of your custom message for this notification (if
you are using a custom message).
Select the Notification options
cont tab.
In the Virus detection section, next to Notification
type, select Protocol Only or Message to select the type of notification that is sent when
a fallback option of block is triggered.
Next to Notify mail sender, select Yes or No.
If you selected Yes, next to Custom Message, enter
text for the message body of your custom message for this notification
(if you are using a custom message).
Next to Custom message subject, enter text to appear
in the subject line of your custom message for this notification (if
you are using a custom message).
The limit is 255 characters.
Click OK .
If the configuration item is saved successfully,
you receive a confirmation and you must click OK again. If it is not saved successfully, you can click Details in the pop-up window that appears to discover why.
Note:
You create a separate antivirus profile for each antivirus protocol.
These profiles may basically contain the same configuration information,
but when you are creating your UTM policy for an antivirus profile,
the UTM policy configuration page provides separate antivirus profile
selection fields for each supported protocol.
Next, you configure a UTM policy for antivirus to which you
attach the antivirus profile you have configured.
Select Configure>Security>Policy>UTM
Policies.
From the UTM policy configuration window, click Add to configure a UTM policy.
This takes you to the policy configuration pop-up window.
Select the Main tab in pop-up
window.
In the Policy name box, enter a unique name for
the UTM policy you are creating.
In the Session per client limit box, enter a session
per client limit from 0 to 20000 for this UTM policy.
For Session per client over limit, select one of
the following: Log and permit, Block.
This is the action the device takes when the session per client
limit for this UTM policy is exceeded.
Select the Anti-Virus profiles tab in the pop-up window.
Select the appropriate profile you have configured
from the list for the corresponding protocol listed.
Click OK.
If the policy is saved successfully, you receive
a confirmation and you must click OK again. If
the profile is not saved successfully, you can click Details in the pop-up window that appears to discover why.
Next, you attach the UTM policy to a security policy that you
create.
Select Configure>Security>Policy>FW
Policies.
From the Security Policy window , click Add to configure a security policy with UTM.
This takes you to the policy configuration pop-up window.
In the Policy tab, enter a name in the Policy Name
box.
Next to From Zone, select a zone from the list.
Next to To Zone, select a zone from the list.
Choose a Source Address.
Choose a Destination Address.
Choose an Application.
Do this by selecting junos-<protocol> (for all protocols
that support antivirus scanning) in the Application Sets box and clicking
the right arrow —> button to move them to the Matched box.
Next to Policy Action, select Permit.
Note:
When you select Permit for Policy Action, several additional
fields become available in the Applications Services tab, including
UTM Policy.
Select the Application Services tab in the pop-up window.
Next to UTM Policy, select the appropriate policy
from the list.
This attaches your UTM policy to the security policy.
Note:
There are several fields on this page that are not described
in this section. See the Security Policies section for detailed information
on configuring security policies and all the available fields.
Click OK to save your policy.
If the policy is saved successfully, you receive
a confirmation and you must click OK again. If
the profile is not saved successfully, you can click Details in the pop-up window that appears to discover why.
You must activate your new policy to apply it.
J-Web Point and Click CLI Configuration
To configure antivirus protection using the J-Web Point and
Click CLI, you must first create your custom objects. (MIME Pattern
List, Filename Extension List, URL Pattern List, and Custom URL Category
List)
Configure a MIME Pattern List Custom Object as follows (see MIME White List for overview information on MIME
white lists):
Select Configure>CLI Tools>Point
and Click CLI.
Next to Security, click Configure or Edit.
Next to Utm, click Configure.
Next to Custom objects, click Configure.
Next to Mime pattern, click Add
new entry.
Next to Name, enter a unique name for the MIME
list you are creating.
Figure 122: Custom Object, Filename Extension
Configuration, Point and Click CLI Configuration
Configure a URL Pattern List Custom Object as follows:
Select Configure>CLI Tools>Point
and Click CLI.
Next to Security, click Configure or Edit.
Next to Utm, click Configure.
Next to Custom objects, click Configure.
Next to Url pattern, click Add
new entry.
Next to Name, enter a unique name for the list
you are creating.
Next to Value, click Add new entry.
Next to Value, enter the URLs or IP addresses you
want added to list for bypassing scanning.
Note:
URL pattern wildcard support—The wildcard rule is as follows: \*\.[]\?* and you must precede all wildcard URLs with http://. You can only use “*” if it is at the beginning
of the URL and is followed by a “.”. You can
only use “?” at the end of the URL.
The following wildcard syntax IS supported: http://*.juniper.net, http://www.juniper.ne?, http://www.juniper.n??. The following wildcard syntax is NOT supported: *.juniper.net ,
www.juniper.ne?, http://*juniper.net, http://*.
Figure 123: Custom Object, URL Pattern
Configuration, Point and Click CLI Configuration
Configure a Custom URL Category List Custom Object as follows
(see URL White List for overview information):
Select Configure>CLI Tools>Point
and Click CLI.
Next to Security, click Configure or Edit.
Next to Utm, click Configure.
Next to Custom objects, click Configure.
Next to Custom url category, click Add new entry.
Next to Name, enter a unique name for the list
you are creating.
Next to Value, click Add new entry.
Next to Value, enter the name of the Url pattern
list you created for bypassing scanning.
Click OK.
Figure 124: Custom Object, Custom URL Category Configuration, Point
and Click CLI Configuration
Now that your custom objects have been created, you can configure
the antivirus feature profile.
Select the Configure>CLI Tools>Point
and Click CLI .
Next to Security, click Configure or Edit.
Next to Utm, click Configure.
Next to Feature profile, click Configure.
Next to Anti virus, click Configure.
Next to Kaspersky lab engine, click Configure.
Next to Pattern update, select the Yes check box and click Edit to set the
interval.
Next to Admin email, enter the e-mail addresses
of the administrators who should receive e-mail notifications when
updates are made to the pattern file.
Next to Custom message, enter the text to appear
in the body of the notification e-mail.
Next to Custom message subject, enter the text
to appear in the subject line of the notification e-mail. (The limit
is 255 characters.)
Next to Interval, enter the time interval for automatically
updating the pattern database in the box. The default interval is
60. See Updating Antivirus Patterns for more information.
Next to No autoupdate, select the No checkbox if
you want to disable automatic updates and update the pattern database
manually.
Next to URL, if it is not already entered, enter
the URL for the pattern database in the box. Note that the URL is
http://update.juniper-updates.net/AV/<device version> and you should
not change it.
Click OK.
Next to Profile, click Add new
entry to create a profile for the Kaspersky Lab Engine.
Next to Name, enter a unique name for the profile
you are creating.
Next to Fallback options, select the Yes check box and click Edit to configure.
Next to Content Size, select Log and Permit or Block from
the list.
Next to Corrupt File (fallback option), select Log and
Permit or Block from the list.
Next to Password File (fallback option), select Log and
Permit or Block from the list.
Next to Decompress Layer (fallback option), select Log
and Permit or Block from the list.
Next to Engine Not Ready (fallback option), select Log
and Permit or Block from the list.
Next to Timeout (fallback option), select Log and Permit
or Block from the list.
Next to Out Of Resources (fallback option), select Log
and Permit or Block from the list.
Next to Too Many Request (fallback option), select Log
and Permit or Block from the list.
Click OK.
Next to Notification options, select the Yes check box and click Configure.
Next to Fallback block, select the Yes check box and click Configure.
Next to Custom message, enter text for your custom message
for this notification.
Next to Custom message subject, enter the text to appear
in the subject line of the notification e-mail. (The limit is 255
characters.)
Next to Notify mail sender, select the Yes check box to enable this notification.
Next to Type, select protocol-only or message from the list to select the type
of notification that is sent when a fallback option of block is triggered
Click OK.
Next to Fallback non block, select the Yes check box and click Configure.
Next to Custom message, enter text for your custom message
for this notification.
Next to Custom message subject, enter the text to appear
in the subject line of the notification e-mail. (The limit is 255
characters.)
Next to Notify mail sender, select the Yes check box to enable this notification.
Click OK.
Next to Virus detection, select the Yes check box and click Configure.
Next to Custom message, enter text for your custom message
for this notification.
Next to Custom message subject, enter the text to appear
in the subject line of the notification e-mail. (The limit is 255
characters.)
Next to Notify mail sender, select the Yes check box to enable this notification.
Next to Type, select protocol-only or message from the list to select the type
of notification that is sent when a fallback option of block is triggered
Click OK.
Next to Scan options, select the Yes check box and click Configure.
Next to Content size limit, enter content size parameters.
The content size check occurs before the scan request is sent. The
content size refers to accumulated TCP payload size.
Next to Decompress layer limit, enter decompression layer
limit parameters. See Decompression Layer Limit.
Next to Intelligent prescreening, select the Yes check box to enable intelligent prescreening if you are
using it. See Intelligent Prescreening .
Next to Scan extension, enter the name of the Filename
extension list custom object you created.
Next to Scan mode, select all or by-extension from the list.
Next to Timeout, enter scanning timeout parameters. See Scanning Timeout.
Next to Trickling, select the Yes check box and click Configure.
Next to Timeout, enter trickling timeout parameters. See HTTP Trickling.
Click OK.
Click OK again to save the
Kaspersky lab engine profile.
Back on the main Anti virus page, next to Mime
whitelist, select the Yes check box and click Configure or Edit.
Next to Name, enter the name of the Mime list custom
object you created.
Click OK.
Next to Type, select kaspersky-lab-engine from
the list.
Next to Url whitelist, enter the name of the URL
whitelist custom object you created.
Click OK. See Figure 125 for main Kaspersky lab engine profile
page.
Figure 125: Antivirus Full Profile Configuration,
Point and Click CLI Configuration
Next, you configure a UTM policy for full file-based antivirus
to which you attach the Kaspersky lab engine profile you have configured.
Select the Configure>CLI Tools>Point
and Click CLI.
Next to Security, click Configure or Edit.
Next to Utm, click Configure.
Next to Utm policy, click Add new
entry.
In the Name box, enter a unique name for the UTM
policy you are creating.
Next to Anti virus, click Configure.
In the Http, Imap, Pop3, or Smtp profile boxes,
enter the name of the profile you created earlier. For Ftp, click Configure or Edit to enter Upload
and Download profiles.
Note:
You create a separate antivirus profile for each antivirus protocol.
These profiles may basically contain the same configuration information,
but when you are creating your UTM policy for an antivirus profile,
the UTM antivirus policy configuration page provides separate antivirus
profile selection fields for each supported protocol.
Click OK.
Click OK again to return to
main UTM configuration page. Your UTM antivirus policy is now listed
in the UTM policy table.
Next, you attach the UTM policy to a security policy that you
create.
Select the Configure>CLI Tools>Point
and Click CLI.
Next to Security, click Configure or Edit.
Next to Security, click Configure.
Next to Policy, select the Yes check box click Edit.
Next to Policy, click Add new entry.
Note:
Refer to the section on security policy configuration for further
details on configuring a policy. Note that when you configure the
Then field as part of the policy, select Permit as the action, and
then configure Application services, you are able to enter the Utm
policy name as part of this security policy.
Next to Utm policy (in the Application services
security policy window), enter the name of the appropriate policy.
This attaches your UTM policy to the security policy.
Click OK.
CLI Configuration
To configure antivirus protection using the CLI, you must first
create your custom objects.
Configure the filename-extension custom object
by first creating a name for the list. (Note that the Kaspersky scan
engine ships with a read-only default extension list that you can
use. See File Extension Scanning.)
user@host# set security utm custom-objects filename-extension extlist1
Next, add extensions to the list.
user@host# set security utm custom-objects filename-extension
extlist1 value [zip js vbs]
Configure MIME lists. This includes creating
a MIME whitelist and a MIME exception list for antivirus scanning.
First create names for MIME lists and then add values to the lists.
See MIME White List for overview information
on MIME white lists.
user@host# set security utm custom-objects mime-pattern avmime1
user@host# set security utm custom-objects mime-pattern ex-avmime1
Next, add MIME patterns to the lists.
user@host# set security utm custom-objects mime-pattern
avmime1 value [video/quicktime image/x-portable-anymap
x-world/x-vrml]
user@host# set security utm custom-objects mime-pattern
ex-avmime1 value [video/quicktime-inappropriate]
Configure URL white lists for a list of URLs or addresses in
a specified that you want to be bypassed by antivirus scanning. First
create names for the URL list and then add values to the list. See URL White List for overview information on URL white
lists.
Configure a URL pattern list custom object
by creating the list name and adding values to it as follows:
Note:
Because you use URL pattern lists to create custom URL category
lists, you must configure URL pattern list custom objects before you
configure custom URL category lists.
user@host# set security utm custom-objects url-pattern urllist1 value [http://www.url.com 5.6.7.8]
Note:
URL pattern wildcard support—The wildcard rule is as follows: \*\.[]\?* and you must precede all wildcard URLs with http://. You can only use “*” if it is at the beginning
of the URL and is followed by a “.”. You can
only use “?” at the end of the URL.
The following wildcard syntax IS supported: http://*.juniper.net, http://www.juniper.ne?, http://www.juniper.n??. The following wildcard syntax is NOT supported: *.juniper.net ,
www.juniper.ne?, http://*juniper.net, http://*.
Configure a custom URL category list custom object
using the URL pattern list you created as follows:
user@host# set security utm custom-objects custom-url-category custurl1 value urllist1
Now that your custom objects have been created, you can configure
the antivirus feature profile as follows:
Select and configure the engine type. Because
you are configuring “full antivirus,” you select the Kaspersky-Lab-Engine
and then designate the pattern update interval. The default full
file-based antivirus pattern-update interval is 60 minutes. You can
choose to leave this default as is or you can change it. You can also
force a manual update, if necessary. See Updating Antivirus Patterns for more information.
user@host# set security utm feature-profile anti-virus
kaspersky-lab-engine pattern-update interval 20
Note:
The command for changing the URL for the pattern database is:
user@host# set security utm feature-profile anti-virus
kaspersky-lab-engine pattern-update url http://..
The default URL is http://update.juniper-update.net/AV/<device
version>. You should not change this URL unless you are experiencing
problems with it and have called for support.
You can configure the device to notify a specified
administrator when patterns are updated. This is an e-mail notification
with a custom message and a custom subject line.
Configure a profile for the Kaspersky
Lab engine. This profile includes configuring fallback, notification,
and scanning options. It also includes HTTP trickling configuration
options. First you create the profile name.
user@host# set security utm feature-profile anti-virus
kaspersky-lab-engine profile kasprof1
Configure a list of fallback options
as “block” or “log and permit.” In most cases,
the default is to block. You can use the default settings or you can
change them. See Fallback Options for a detailed overview of this feature and each fallback category.
Configure the notification options. You
can configure notifications for both fallback blocking and fallback
nonblocking actions and for virus detection. See Understanding Virus-Detected Notification Options for overview information on notification options.
You configure a custom message for the fallback blocking action
and send a notification. See Custom Message Notification for overview information.
You configure content size parameters. The content size check
occurs before the scan request is sent. The content size refers to
accumulated TCP payload size. See Content Size Limits for details.
Configure intelligent prescreening. It
is either on or off. See Intelligent Prescreening for details. (Intelligent prescreening is only intended for use
with non-encoded traffic. It is not applicable for mail protocols
(SMTP, POP3, IMAP) and HTTP POST.)
user@host# set security utm feature-profile anti-virus
kaspersky-lab-engine kasprof1 scan-options intelligent-prescreening
user@host# set security utm feature-profile anti-virus
kaspersky-lab-engine kasprof1 scan-options no-intelligent-prescreening
Configure scan extension settings. You
can select the default list (junos-default-extension) or you can select
an extension list you created as a custom object. See File Extension Scanning for overview
details.
Configure the scan mode setting. You
can choose to scan all files or only files with extensions you specify.
If you select to scan by-extension, the device uses the extension
file lists you create.
Configure trickling settings. If you
use trickling, you can also set timeout parameters. Trickling applies
only to HTTP. HTTP trickling is a mechanism used to prevent the HTTP
client or server from timing-out during a file transfer or during
antivirus scanning. See HTTP Trickling for overview details.
Configure the antivirus scanner to use
MIME bypass lists and exception lists. You can use your own custom
object lists, or you can use the default list that ships with the
device called junos-default-bypass-mime. See MIME White List for overview information.)
user@host# set security utm feature-profile anti-virus
mime-whitelist list avmime1
user@host# set security utm feature-profile anti-virus
mime-whitelist list avmime1 exception ex-avmime1
Configure the antivirus module to use
URL bypass lists. If you are using a URL white list, this is a custom
URL category you have previously configured as custom object. URL
white lists are valid only for HTTP traffic. See URL White List for overview information.)
user@host# set security utm feature-profile anti-virus
url-whitelist custurl1
CLI commands for configuring a UTM policy for HTTP antivirus
scanning, and attaching that policy to a profile we created earlier
for antivirus scanning, are:
user@host# set security utm utm-policy <name>
user@host# set security utm utm-policy utmp2 anti-virus http-profile kasprofile1
Attach the UTM policy to a firewall security
policy.
user@host# set security policies from-zone trust to-zone
untrust policy p2 match source-address any
user@host# set security policies from-zone trust to-zone
untrust policy p2 match destination-address any
user@host# set security policies from-zone trust to-zone
untrust policy p2 match application junos-http
user@host# set security policies from-zone trust to-zone
untrust policy p2 then permit application-services
utm-policy utmp2
