Creating Antivirus Profiles
Use the Unified Threat Management (UTM) policy page to configure
antivirus profiles.
The antivirus profile defines
the content to scan for any malware and the action to be taken when
malware is detected. Once you create a profile, you can assign it
to UTM policies. Within the UTM policy, you can apply either the same
antivirus profile or create one inline to scan Web, file transfer,
and e-mail traffic.
Before You Begin
- Read the UTM Overview topic.
- Decide what kind of filtering you want for the UTM policy:
Web Filtering, Antispam, Antivirus, or Content Filtering.
- Review the Antivirus Profile main page for an understanding
of your current data set. See Antivirus Profile Main Page Fields for field descriptions.
Configuring Antivirus Profile Settings
To create an antivirus profile:
- Select Configure > UTM Policy > Antivirus Profiles.
- Click the + icon to create a new antivirus profile.
- Complete the configuration according to the guidelines
provided in Table 159.
- Click Finish. An antivirus profile is created
that can be associated with an UTM policy.
Table 159: Antivirus Profile Settings
Setting | Guideline |
|---|
General Information |
Name | Enter a unique name for the antivirus profile that is
a string of alphanumeric characters, colons, periods, dashes, and
underscores. No spaces are allowed and the maximum length is 29 characters. |
Description | Enter a description for the antivirus profile; maximum
length is 255 characters. |
Engine Type | Select the required engine type from the drop-down list: - Kaspersky—Kaspersky Lab engine is responsible for
scanning all the data it receives.
- Juniper Express—You configure a profile for the
Juniper Express engine. Mostly used for express antivirus scanning.
- Sophos—Sophos antivirus is an in-the-cloud antivirus
solution. The virus and malware database is located on external servers
maintained by Sophos (Sophos Extensible List) servers, thus there
is no need to download and maintain large pattern databases on the
Juniper Networks device.
Note:
By default, Juniper Express is selected. |
Fallback Options |
| | The fallback options are used when the antivirus system
experiences errors and must fall back to one of the previously configured
actions to either deny (block) or permit the object. Use the fallback options to be configured when there is a failure,
or select the default action if no specific options are to be configured: - Content Size—Select Block or Log and Permit. If
the content size exceeds a set limit, the content is either passed
or blocked. The default action is Block.
- Content Size Limit—Enter the content size limit
in kilobytes (KB). The limit range is 20 - 40,000 KB. The content
size limit check occurs before the scan request is sent. The content
size refers to accumulated TCP payload size.
- Engine Error—Select Block or Log and Permit. The
default action is Block. Note: Engine error combines all errors, engine
not ready, timeout, too many requests, and out of resources, into
a single fallback option.
- Default Action—Select Block or Log and Permit.
|
Notification Options |
| | Use the notification options to configure a method of
notifying the user when a fallback occurs or a virus is detected: - Fallback Deny—Select this option to notify mail
senders that their messages were blocked.
- Fallback Non-Deny—Select this option to warn mail
recipients that they received unblocked messages despite problems.
- Virus Detected—Select this option to notify mail
recipients that their messages were blocked.
|
Related Documentation
Help us to improve. Rate this article.
Feedback Received. Thank You!