Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 

Add an Antivirus Profile

 

You are here: Configure > Security Services > UTM > Anti-Virus.

To add an antivirus profile:

  1. Click the add icon (+) available on the upper right side of the Antivirus Profiles page.

    The Create Antivirus Profiles page appears.

  2. Complete the configuration according to the guidelines provided in Table 1 and Table 2.

    Click one:

    • Global Options—Defines general specifications for antivirus configuration. Enter information as specified in Table 1.

      Note

      Global Options are NOT enabled for logical systems users. It is enabled only for root users.

    • +—Adds a new antivirus profile configuration. Enter information as specified in Table 2.

  3. Click OK to save the changes. If you want to discard your changes, click Cancel.

Table 1: Global Options Antivirus Configuration Details

Field Action
Main

MIME Whitelist

Specifies the comprehensive list of MIME types that can bypass antivirus scanning.

Select the customized object from the list.

Exception MIME Whitelist

Specifies a list of MIME types to be excluded from the allowlist. The exception MIME allowlist is a subset of MIME types found in the MIME allowlist.

Select the customized object from the list.

URL Whitelist

Specifies a unique customized list of all URLs or IP addresses for a given category that are to be bypassed for scanning.

Select the customized object from the list.

Engine Type

Kaspersky Lab

Specifies the internal scan engine for full antivirus protection provided by Kaspersky Labs.

Note: This option is not supported on SRX1500 devices.

Select this option to choose the Kaspersky Lab engine type.

Juniper Express

Specifies the internal scan engine for full antivirus protection provided by Juniper Networks.

Note: This option is not supported on SRX1500 devices.

Select this option to choose the Juniper Express engine type.

Sophos

Specifies the internal scan engine for full antivirus protection provided by Sophos.

Note: SRX1500 devices support only this option.

Select this option to choose the Sophos engine type.

Kaspersky Lab Engine Options

Admin Email

Specifies the e-mail address for the notification to be sent to the administrator when the pattern update is complete.

Enter the administrator e-mail address.

Custom Message

Specifies the text of the pattern-update e-mail notification that is sent when the pattern update is complete.

Enter the customized message.

Custom Message Subject

Specifies the customized message subject line for the custom message.

Enter the customized message subject line.

Juniper Express Engine Options

Pattern Update URL

Specifies the URL of the database server.

Enter the URL for the pattern database.

Pattern Update Interval (sec)

Specifies the interval at which the database server is queried for a new version of the database.

Enter the time interval for automatically updating the pattern database. The range is from 10 through 10080 seconds. The default interval is 60 seconds.

Auto Update

Specifies that the antivirus pattern database is configured to be automatically updated.

Select the auto update option.

No Auto Update

Specifies that the automatic download and update of the antivirus engine and signature database are disabled.

Select the no auto update option.

Sophos Engine Options

Pattern Update URL

Enter the URL for the pattern database.

Pattern Update Interval (sec)

Specifies the interval at which the database server is queried for a new version of the database.

Enter the time interval for automatically updating the pattern database. The range is from 10 through 10080 seconds. The default interval is 60 seconds.

Auto Update

Specifies that the antivirus pattern database is configured to be automatically updated.

Select the auto update option.

No Auto Update

Specifies that the automatic download and update of the antivirus engine and signature database are disabled.

Select the no auto update option.

Proxy Options

Proxy Server Host

Enter the IP address or hostname of the proxy server.

Proxy Server Port

Enter the port with which the proxy server is associated.

Proxy Server Username

Enter the username to use on the proxy server.

Proxy Server Password

Enter the password to use on the proxy server.

Confirm Proxy Server Password

Verifies the login password for the proxy server.

Re-enter the password.

Table 2: Fields on the Create Antivirus Profile Page

Field

Function

Main

Profile Name

Enter a unique name for the antivirus profile.

Profile Type

Displays the internal scan engine for full antivirus option selected in the global options. Intelligent prescreening is only intended for use with non-encoded traffic.

Trickle Timeout

Enter the trickle timeout value.

Scan Options for Kaspersky Lab Engine

Intelligent Prescreening

Specifies the antivirus module used to begin scanning a file and improves antivirus scanning performance. The antivirus module generally begins to scan data after the gateway device has received all the packets of a file.

Select yes to enable intelligent prescreening.

Content Size Limit

Specifies the accumulated TCP payload size.

Enter the content size limit, a value from 20 through 20000 KB.

Scan Engine Timeout

Specifies the timeframe between the scan request generated to the scan result returned by the scan engine. Trickling timeout value is used by all supported protocols. Each protocol can have a different timeout value.

Enter the time interval from 1 through 1800 seconds. The default value is 180 seconds.

Decompress Layer Limit

Specifies the number of layers of nested compressed files the internal antivirus scanner can decompress before the execution of the virus scan.

Enter the decompress layer limit, a value from 1 through 4 layers.

Scan Mode

Scan All Files

Select this option to scan all files.

Scan Files With Specified Extension

Select this option to scan files with specific extensions.

Scan Engine Filename Extension

Select this option to scan the engine filename extension.

Scan Options for Juniper Express Engine

Intelligent Prescreening

Specifies the antivirus module used to begin scanning a file and improves antivirus scanning performance. The antivirus module generally begins to scan data after the gateway device has received all the packets of a file.

Select yes to enable intelligent prescreening.

Content Size Limit

Specifies the accumulated TCP payload size.

Enter the content size limit, a value from 20 through 20,000 KB.

Scan Engine Timeout

Specifies the timeframe between the scan request generated to the scan result returned by the scan engine. Trickling timeout value is used by all supported protocols. Each protocol can have a different timeout value.

Enter the time interval from 1 through 1800 seconds. The default value is 180 seconds.

Scan Options for Sophos Engine

URI Check

Specifies Uniform Resource Identifier blocking: an effective measure for preventing malware from reaching the endpoint. URI lookup is performed against an in-the-cloud malicious/infected URI database on each URI requested via HTTP.

Select the URI check check box to enable URI check.

Content Size Limit

Specifies the accumulated TCP payload size.

Enter the content size limit, a value from 20 through 20,000 KB.

Scan Engine Timeout

Specifies the timeframe between the scan request generated to the scan result returned by the scan engine. Trickling timeout value is used by all supported protocols. Each protocol can have a different timeout value.

Enter the time interval from 1 through 1800 seconds. The default value is 180 seconds.

Query Interval

Specifies the antivirus engine query timeout interval.

Enter the query interval from 1 through 5 seconds.

Query Retries

Specifies the antivirus engine query retry (number of times) value.

Enter the query retry value from 0 through 5.

Fallback Settings

Default Action

Specifies all errors other than the categorized settings. This could include either unhandled system exceptions (internal errors) or other unknown errors. The available actions are block or log-and-permit.

Select Log and Permit. The default action is Block.

Corrupt File

Specifies the error returned by the scan engine when it detects a corrupted file. The available actions are block or log-and-permit.

Select Log and Permit. The default action is Block.

Password File

Specifies the error returned by the scan engine when the scanned file is protected by a password. The available actions are block or log-and-permit.

Select Log and Permit. The default action is Block.

Decompress Layer

Specifies the error returned by the scan engine when the scanned file has too many compression layers. The available actions are block or log-and-permit.

Select Log and Permit. The default action is Block.

Content Size

Specifies that if the content size exceeds a set limit, the content is passed or blocked depending on the max-content-size fallback option. The available actions are block or log-and-permit.

Select Log and Permit. The default action is Block.

Engine Not Ready

Specifies that the scan engine is not ready during certain processes, for example, while the signature database is loading. The available actions are block or log-and-permit.

Select Log and Permit. The default action is Block.

Timeout

Specifies that if the time taken to scan exceeds the timeout setting in the antivirus profile, the processing is terminated and the content is passed or blocked without completing the virus checking. The decision is made based on the timeout fallback option. The available actions are block or log-and-permit.

Select Log and Permit. The default action is Block.

Out Of Resource

Specifies the resource constraints error received during virus scanning. This error can be or by the can be sent by the scan engine (as a scan-code) or scan manager. When the system is out of resources occurs, scanning is terminated. The available actions are block or log-and-permit.

Select Log and Permit. The default action is Block.

Too Many Requests

Specifies that if the total number of messages received concurrently exceeds the device limits, the content is passed or blocked depending on the too-many-request fallback option. The available actions are block or log-and-permit.

Select Log and Permit. The default action is Block. The allowed request limit is not configurable.

Notification Options
Fallback Block

Notification Type

Specifies the type of notification sent when a fallback option of block is triggered.

Select the Protocol Only or the Message check box.

Notify Mail Sender

Specifies that when a virus is detected and a fallback option of block is triggered, an e-mail is sent to the administrator.

Select the Notify Mail Sender check box to enable this notification.

Custom Message

Specifies the customized message text for the fallback block notification.

Enter the text for this custom notification message (if you are using one).

Custom Message Subject

Enter the subject line text for your custom message for the fallback block notification.

Display Hostname

Select the check box to display the hostname.

Allow Email

Select the check box to allow e-mail.

Administrator Email Address

Enter the administrator e-mail address where notification is sent when a fallback error occurs.

Fallback Nonblock

Notify Mail Recipient

Specifies that the fallback nonblock notification is sent when a fallback e-mail option without a blocking action is triggered.

Select the Notify Mail Sender check box.

Custom Message

Enter the customized message text for the fallback nonblock notification.

Custom Message Subject

Enter the subject line for your custom message for the fallback nonblock notification.

Virus Detection

Notification Type

Specifies the type of notification to be sent when a virus is detected.

Select Protocol Only or Message option.

Notify Mail Sender

Specifies whether or not a notification is sent to the virus-detection notification e-mail address when a virus is detected.

Select the Notify Mail Sender check box.

Custom Message

Enter the customized message text for the virus detection notification.

Custom Message Subject

Enter the subject line text for your custom message for the virus detection notification.