SRX Series On-Device Antivirus Scan Engine Overview
The antivirus module in the unified threat management (UTM) solution consists of a virus pattern database, an application proxy, a scan manager, and a configurable scan engine. The antivirus module on the SRX Series device scans specific application layer traffic to protect the user from virus attacks and to prevent viruses from spreading.
Starting in Junos OS Release 18.4R1, SRX Series devices support an on-device antivirus scanning engine. The scan engine, Avira, scans the data by accessing the virus pattern database. It provides a full file-based anitvirus scanning function that is available through a separately licensed subscription service. When your antivirus license key expires, you can continue to use the locally stored antivirus signatures without any updates. If you delete the local database, then antivirus scanning is also disabled.
You can download and install the antivirus scan engine on your SRX Series device either manually (using a flash memory device and the request security utm anti-virus avira-engine command) by using the Internet to connect to a Juniper Networks-hosted URL or a user-hosted URL.
The virus pattern database is located at https://update.juniper-updates.net/avira. By default, the pattern updates are downloaded through the SRX Series devices.
Use the set security utm default-configuration anti-virus type avira-engine command to enable the antivirus scan engine. If the antivirus scan engine is not available on the device and cannot be downloaded from the predefined URL (https://update.juniper-updates.net/avira), then use the local user URL to locate the database files: set security utm default-configuration anti-virus avira-engine pattern-update url url. This command downloads the pattern and engine files from the user-hosted URL. After configuring Avira as the antivirus type, reboot the device for the new scan engine to take effect.
The antivirus engine on the SRX Series device does not scan the application traffic and follows fallback logic under the following circumstances:
The scan engine is not ready.
There are too many scanning request.
The file size is larger than a configured limit.
The compress level is too deep for compressed or archive files.
The memory file system is full.
Minimizes processing delays because the pattern database is locally stored and the scan engine is on-device.
Secures your data and provides up-to-date antivirus software that protects your system from viruses, trojans, rootkits, and other types of malicious code. With this new scan engine, you can scan the application traffic locally without connecting to the Internet server to query whether the application traffic has virus.