Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Navigation
Guide That Contains This Content
[+] Expand All
[-] Collapse All

    Creating Antivirus Profiles

    Use the Unified Threat Management (UTM) policy page to configure antivirus profiles.

    The antivirus profile defines the content to scan for any malware and the action to be taken when malware is detected. Once you create a profile, you can assign it to UTM policies. Within the UTM policy, you can apply either the same antivirus profile or create one inline to scan Web, file transfer, and e-mail traffic.

    Before You Begin

    • Read the UTM Overview topic.
    • Decide what kind of filtering you want for the UTM policy: Web Filtering, Antispam, Antivirus, or Content Filtering.
    • Review the Antivirus Profile main page for an understanding of your current data set. See Antivirus Profile Main Page Fields for field descriptions.

    Configuring Antivirus Profile Settings

    To create an antivirus profile:

    • Select Configure > UTM Policy > Antivirus Profiles.
    • Click the + icon to create a new antivirus profile.
    • Complete the configuration according to the guidelines provided in Table 1.
    • Click Finish. An antivirus profile is created that can be associated with an UTM policy.

    Table 1: Antivirus Profile Settings

    Setting

    Guideline

    General Information

    Name

    Enter a unique name for the antivirus profile that is a string of alphanumeric characters, colons, periods, dashes, and underscores. No spaces are allowed and the maximum length is 29 characters.

    Description

    Enter a description for the antivirus profile; maximum length is 255 characters.

    Engine Type

    Select the required engine type from the drop-down list:

    • Kaspersky—Kaspersky Lab engine is responsible for scanning all the data it receives.
    • Juniper Express—You configure a profile for the Juniper Express engine. Mostly used for express antivirus scanning.
    • Sophos—Sophos antivirus is an in-the-cloud antivirus solution. The virus and malware database is located on external servers maintained by Sophos (Sophos Extensible List) servers, thus there is no need to download and maintain large pattern databases on the Juniper Networks device.

    Note: By default, Juniper Express is selected.

    Fallback Options

     

    The fallback options are used when the antivirus system experiences errors and must fall back to one of the previously configured actions to either deny (block) or permit the object.

    Use the fallback options to be configured when there is a failure, or select the default action if no specific options are to be configured:

    • Content Size—Select Block or Log and Permit. If the content size exceeds a set limit, the content is either passed or blocked. The default action is Block.
    • Content Size Limit—Enter the content size limit in kilobytes (KB). The limit range is 20 - 40,000 KB. The content size limit check occurs before the scan request is sent. The content size refers to accumulated TCP payload size.
    • Engine Error—Select Block or Log and Permit. The default action is Block. Note: Engine error combines all errors, engine not ready, timeout, too many requests, and out of resources, into a single fallback option.
    • Default Action—Select Block or Log and Permit.

    Notification Options

     

    Use the notification options to configure a method of notifying the user when a fallback occurs or a virus is detected:

    • Fallback Deny—Select this option to notify mail senders that their messages were blocked.
    • Fallback Non-Deny—Select this option to warn mail recipients that they received unblocked messages despite problems.
    • Virus Detected—Select this option to notify mail recipients that their messages were blocked.

    Modified: 2016-06-14