Help Center User GuideGetting Started
 
X
User Guide
Getting Started
Contents  

Add an Antivirus

You are here: Configure > Security Services > UTM > Default Configuration.

Procedure

To add an antivirus:

  1. Select the Antivirus tab to view or create the antivirus configuration.

    The Create Antivirus page appears.

  2. Complete the configuration according to the guidelines provided in Table 225.
  3. Click OK to save the changes. If you want to discard your changes, click Cancel.

Table 225: Fields on the Create Antivirus Page

Field

Action

Type

Select the require required engine type:

  • Anti Virus None

  • Sophos Engine

URL Whitelist

Select the customized object from the list.

MIME Whitelist

List

Specifies the comprehensive list of MIME types that can bypass antivirus scanning.

Select the customized object from the list.

Exception

Specifies a list of MIME types to be excluded from the whitelist. The exception MIME whitelist is a subset of MIME types found in the MIME whitelist.

Select the customized object from the list.

Scan Options

URI Check

Enable the URI check.

Content Size Limit

Specifies the accumulated TCP payload size.

Enter the content size limit, a value from 20 through 40,000 KB.

Decompress layer Limit

Specifies the number of layers of nested compressed files the internal antivirus scanner can decompress before the execution of the virus scan.

Enter the decompress layer limit, a value from 0 through 3 layers.

Timeout

Specifies the timeframe between the scan requests generated to the scan result returned by the scan engine. Trickling timeout value is used by all supported protocols. Each protocol can have a different timeout value.

Enter the time interval from 1 through 1800 seconds. The default value is 180 seconds.

Pre Detection

Enable the Pre detection.

Avira Engine

Note: This option is available for SRX4600 and SRX5000 line of devices.

On Box AV Load Flavour

Type

Select an option from the list for onbox AV load flavor Type.

Note: Changing the onbox AV load flavor type value will prompt for device reboot.

Pattern Update

URL

Enter the URL for the pattern database.

Routing Instance

Select a routing instance from the list. Routing instance can be defined under, Configure > Network > Routing Instance.

Interval (sec)

Enter the time interval for automatically updating the pattern database. The range is from 10 through 10080 seconds. The default interval is 60 seconds.

Auto Update

Specifies that the antivirus pattern database is configured to be automatically updated.

Select the auto update option.

No Auto Update

Specifies that the automatic download and update of the antivirus engine and signature database are disabled.

Select the no auto update option.

Proxy Profile

Select the proxy profile for antivirus.

Procedure

To create a proxy profile inline:

  1. Click Create Profile.
  2. Enter the following details:
    • Profile Name - Enter a valid profile name.

    • Connection Type - Select any one option from the following:

      • Server IP—Enter the server IP address

      • Host Name—Enter the host name.

    • Port Number-Enter the port number in the range 0 through 65535. Default port number is 80.

  3. Click OK to save the changes. If you want to discard your changes, click Cancel.

Start Time

Enter the start time in the YYYY-MM-DD.HH:MM:SS format.

Email Notify

Admin Email

Enter a valid admin email id to notify about the pattern file update.

Custom Message subject

Enter the subject of the custom message or notification.

Custom Message

Enter the custom message for notification.

Sophos Engine options
General Settings

Timeout

Specify the Sophos antivirus engine timeout.

Select a time, ranges from 1 through 5 seconds.

Retry

Specify the number of times retry the Sophos antivirus engine query.

Select the number of retries from 1 through 5 numeric values.

Server

Server IP

Enter a valid DNS server IP address.

Routing Instance

Select a valid routing instance name.

Pattern Update

URL

Enter the URL for the pattern database.

Routing Instance

Select a routing instance from the list. Routing instance can be defined under, 'Configure > Network > Routing Instance'.

Interval (sec)

Enter the time interval for automatically updating the pattern database. The range is from 10 through 10080 seconds. The default interval is 60 seconds.

No Auto Update

Specifies that the automatic download and update of the antivirus engine and signature database are disabled.

Select the no auto update option.

Proxy Profile

Select the proxy profile for antivirus

Start Time

Enter the start time in the YYYY-MM-DD.HH:MM:SS format.

Email Notify

Admin Email

Enter a valid admin email id to notify about the pattern file update.

Custom Message subject

Enter the subject of the custom message or notification.

Custom Message

Enter the custom message for notification.

Fallback Settings

Default

Specifies all errors other than the categorized settings. This could include either unhandled system exceptions (internal errors) or other unknown errors. The available actions are block or log-and-permit.

Select an option from the list. The default action is Block.

Content Size

Fallback action for over content size.

Select an option from the list.

Engine-not-ready

Specifies that the scan engine is not ready during certain processes, for example, while the signature database is loading. The available actions are block or log-and-permit.

Select an option from the list.

Timeout

Specifies that if the time taken to scan exceeds the timeout setting in the antivirus profile, the processing is aborted and the content is passed or blocked without completing the virus checking.

Select an option from the list. The default action is Block.

Out-of-resources

Specifies the resource constraints error received during virus scanning. This error can be or by the can be sent by the scan engine (as a scan-code) or scan manager. When the system is out of resources occurs, scanning is aborted. The available actions are block or log-and-permit.

Select an option from the list. The default action is Block.

Too-many-requests

Specifies that if the total number of messages received concurrently exceeds the device limits, the content is passed or blocked depending on the too-many-request fallback option. The available actions are block or log-and-permit.

Select an option from the list. The default action is Block.

Trickling

Trickling Timeout

Displays the trickling timeout interval.

Enter the time interval from 0 through 600 seconds.

Virus Detection

Type

Specifies the type of notification to be sent when a virus is detected.

Select Protocol Only or Message option.

Notify Mail Sender

Specifies whether or not a notification is sent to the virus-detection notification e-mail address when a virus is detected.

Enable this option to send a notification or disable to not send a notification.

Custom Message Subject

Specifies the subject line text for your custom message for the virus detection notification.

Enter the subject line text for your custom message.

Custom Message

Specifies the customized message text for the virus detection notification.

Enter the text for this custom notification message.

Fallback Block

Type

Specifies the type of notification sent when a fallback option of block is triggered.

Select the Protocol Only or the Message check box.

Notify Mail Sender

Specifies that when a virus is detected and a fallback option of block is triggered, an e-mail is sent to the administrator.

Enable this option to send a notification or disable to not send a notification.

Custom Message

Specifies the customized message text for the fallback block notification.

Enter the text for this custom notification message.

Custom Message Subject

Specifies the subject line text for your custom message for the fallback block notification.

Enter the subject line text for your custom message.

Fallback Non Block

Notify Mail Recipient

Enable this option to send a notification or disable to not send a notification.

Custom Message Subject

Specifies the customized message text for the fallback nonblock notification.

Enter the text for this custom notification message.

Custom Message

Specifies the subject line for your custom message for the fallback nonblock notification.

Enter the subject line text for your custom message.

Related Documentation

Ask questions in TechWiki

Check documentation in TechLibrary

Rating by you:      
X

Additional Comments

800 characters remaining

May we contact you if necessary?

Name:
Email:

Need product assistance? Contact Juniper Support

Submit