Understanding Updating the Antivirus Scanner Pattern Database
When Kaspersky Lab updates the signatures in its pattern database,
the security device downloads these updates so that the antivirus
scanner is using the latest, most up-to-date signatures when scanning
traffic. The security device can perform these updates automatically
(the default), or you can perform pattern update downloads manually.
There are several prerequisites that must be met in order to
perform a successful pattern database update:
You must have a valid antivirus scanner license.
You must have network connectivity and access to the pattern
database server.
Your DNS settings and port settings (port 80) must be
correct.
Updating Antivirus Patterns
Update the patterns for the antivirus signature database as
follows:
On the security device, specify the URL address
of the pattern-update server.
By default, the Juniper-Kaspersky URL for full antivirus is http://update.juniper-updates.net/AV/SRX210. “SRX210”
in the URL is the platform name. This part of the URL is different
and platform specific for each platform. (Other than the platform
name, you should not change this URL unless you are experiencing problems
with it and have called for support.)
After the security device downloads the server-initialization
file, the device checks that the pattern file is valid. The device
then parses the file to obtain information about it, including the
file version, size, and location of the pattern file server.
If the pattern file on the security device is out-of-date (or
nonexistent because this is the first time you are loading it), and,
if the antivirus pattern-update service subscription is still valid,
the device automatically retrieves an updated pattern file from the
pattern file server.
Note:
Once your subscription expires, you have a 30 day grace period
during which you can continue to update the antivirus pattern file.
Once that grace period expires, the update server no longer permits
antivirus pattern file updates.
Updates to the pattern file are added as new viruses are discovered.
You can configure the security device to regularly update the pattern
file automatically, or you can update the file manually.
Example: Automatic Update
In this example, you configure the security device to update
the pattern file automatically every 120 minutes. (The default antivirus
pattern-update interval is 60 minutes.)
J-Web
Select Configure>UTM>Anti-Virus.
Next to Interval, in the Kaspersky Lab Engine section,
enter 120 in the box.
Click OK.
CLI
user@host# set security utm feature-profile anti-virus
kaspersky-lab-engine pattern-update interval 120
Example: Manual Update
In this example, you use the request command to update the pattern
file manually.
J-Web
At this time, you cannot perform manual database updates using
J-Web.
You can also manually delete the pattern database
(pattern-delete) and reload the pattern database (pattern-reload)
using the request command.
Database Download Process
The database pattern server is accessible through HTTP or HTTPS.
By default, the antivirus module checks for database updates automatically
every 60 minutes. You can change this interval and you can trigger
updates manually, as well. The number of files that are downloaded
during an update and the duration of the download process can vary.
A local copy of the pattern database is saved in persistent
data storage (that is, the flash disk). If the device is rebooted,
the local copy remains available for the antivirus scan engine to
use during the antivirus scan engine initialization time, without
the need for network access to the pattern database server.
The following is an example of the CLI for configuring the database
update feature:
utm {
feature-profile {
anti-virus {
type
kaspersky-lab-engine {
pattern-update
url < url>
interval <min>
}
}
}
}
Note:
If the auto-update fails, the updater automatically retries
to update three more times. If the database download continues to
fail, the updater stops trying and waits for the next periodic update
before trying again.
