Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 

request system malware-scan

 

Syntax

Release Information

Command introduced in Junos OS Release 19.2R1.

Description

Run the Juniper Malware Removal Tool (JMRT), which scans for and removes malware running on Junos OS. This command can perform multiple types of scans, detailed in the section below.

Options

quick-scanStarts a quick scan, which attempts to scan each process’s executable for malware. If the executable file does not exist, it will fall back to a memory scan for that process.
veriexec-checkCheck whether verified execution (Veriexec) is running and working properly. Veriexec only allows signed binaries to run on Junos, and it is typically enabled by default.
Note

Junos OS with Junos Automation Enhancements does not run Veriexec. As such, running the veriexec-check command on Junos OS with Junos Automation Enhancements always shows that Veriexec is not running.

clean-action (clean | warn)Determines what action JMRT should take when potential malware is detected:
  • clean—Remove infected files and processes. This is the default action.

  • warn—Notify the user of files and processes containing malware, but do not remove them.

pidsSet of process IDs (PIDs) to scan. The default is to scan all processes.
testRun a test scan that will detect fake malware. Use this to observe how the Juniper Malware Removal Tool works without needing malware on the system.
Note

Test scans require the optional jmrt-test package to be installed. Use the following commands to install the test package:

  • For Junos OS releases 20.1R1 or later:

    request system software add optional://jmrt-test

  • For Junos OS releases before 20.1R1 (64-bit routing engine):

    request system software add optional://jmrt-test-x86-64.tgz

  • For Junos OS releases before 20.1R1 (32-bit routing engine):

    request system software add optional://jmrt-test-x86-32.tgz

Required Privilege Level

admin