Add an Antivirus Profile

You are here: Configure > Security Services > UTM > Anti-Virus.

To add an antivirus profile:

Click the add icon (+) available on the upper right side of the Antivirus Profiles page.
The Create Antivirus Profiles page appears.
Complete the configuration according to the guidelines provided in Table 1 and Table 2.
Click one:
- Global Options—Defines general specifications for antivirus configuration. Enter information as specified in Table 1.
  Note
  Global Options are NOT enabled for logical systems users. It is enabled only for root users.
- +—Adds a new antivirus profile configuration. Enter information as specified in Table 2.
Click OK to save the changes. If you want to discard your changes, click Cancel.

Table 1: Global Options Antivirus Configuration Details

Field	Action
Main
MIME Whitelist	Specifies the comprehensive list of MIME types that can bypass antivirus scanning. Select the customized object from the list.
Exception MIME Whitelist	Specifies a list of MIME types to be excluded from the allowlist. The exception MIME allowlist is a subset of MIME types found in the MIME allowlist. Select the customized object from the list.
URL Whitelist	Specifies a unique customized list of all URLs or IP addresses for a given category that are to be bypassed for scanning. Select the customized object from the list.
Engine Type
Kaspersky Lab	Specifies the internal scan engine for full antivirus protection provided by Kaspersky Labs. Note: This option is not supported on SRX1500 devices. Select this option to choose the Kaspersky Lab engine type.
Juniper Express	Specifies the internal scan engine for full antivirus protection provided by Juniper Networks. Note: This option is not supported on SRX1500 devices. Select this option to choose the Juniper Express engine type.
Sophos	Specifies the internal scan engine for full antivirus protection provided by Sophos. Note: SRX1500 devices support only this option. Select this option to choose the Sophos engine type.
Kaspersky Lab Engine Options
Admin Email	Specifies the e-mail address for the notification to be sent to the administrator when the pattern update is complete. Enter the administrator e-mail address.
Custom Message	Specifies the text of the pattern-update e-mail notification that is sent when the pattern update is complete. Enter the customized message.
Custom Message Subject	Specifies the customized message subject line for the custom message. Enter the customized message subject line.
Juniper Express Engine Options
Pattern Update URL	Specifies the URL of the database server. Enter the URL for the pattern database.
Pattern Update Interval (sec)	Specifies the interval at which the database server is queried for a new version of the database. Enter the time interval for automatically updating the pattern database. The range is from 10 through 10080 seconds. The default interval is 60 seconds.
Auto Update	Specifies that the antivirus pattern database is configured to be automatically updated. Select the auto update option.
No Auto Update	Specifies that the automatic download and update of the antivirus engine and signature database are disabled. Select the no auto update option.
Sophos Engine Options
Pattern Update URL	Enter the URL for the pattern database.
Pattern Update Interval (sec)	Specifies the interval at which the database server is queried for a new version of the database. Enter the time interval for automatically updating the pattern database. The range is from 10 through 10080 seconds. The default interval is 60 seconds.
Auto Update	Specifies that the antivirus pattern database is configured to be automatically updated. Select the auto update option.
No Auto Update	Specifies that the automatic download and update of the antivirus engine and signature database are disabled. Select the no auto update option.
Proxy Options
Proxy Server Host	Enter the IP address or hostname of the proxy server.
Proxy Server Port	Enter the port with which the proxy server is associated.
Proxy Server Username	Enter the username to use on the proxy server.
Proxy Server Password	Enter the password to use on the proxy server.
Confirm Proxy Server Password	Verifies the login password for the proxy server. Re-enter the password.

Table 2: Fields on the Create Antivirus Profile Page

Field	Function
Main
Profile Name	Enter a unique name for the antivirus profile.
Profile Type	Displays the internal scan engine for full antivirus option selected in the global options. Intelligent prescreening is only intended for use with non-encoded traffic.
Trickle Timeout	Enter the trickle timeout value.
Scan Options for Kaspersky Lab Engine
Intelligent Prescreening	Specifies the antivirus module used to begin scanning a file and improves antivirus scanning performance. The antivirus module generally begins to scan data after the gateway device has received all the packets of a file. Select yes to enable intelligent prescreening.
Content Size Limit	Specifies the accumulated TCP payload size. Enter the content size limit, a value from 20 through 20000 KB.
Scan Engine Timeout	Specifies the timeframe between the scan request generated to the scan result returned by the scan engine. Trickling timeout value is used by all supported protocols. Each protocol can have a different timeout value. Enter the time interval from 1 through 1800 seconds. The default value is 180 seconds.
Decompress Layer Limit	Specifies the number of layers of nested compressed files the internal antivirus scanner can decompress before the execution of the virus scan. Enter the decompress layer limit, a value from 1 through 4 layers.
Scan Mode
Scan All Files	Select this option to scan all files.
Scan Files With Specified Extension	Select this option to scan files with specific extensions.
Scan Engine Filename Extension	Select this option to scan the engine filename extension.
Scan Options for Juniper Express Engine
Intelligent Prescreening	Specifies the antivirus module used to begin scanning a file and improves antivirus scanning performance. The antivirus module generally begins to scan data after the gateway device has received all the packets of a file. Select yes to enable intelligent prescreening.
Content Size Limit	Specifies the accumulated TCP payload size. Enter the content size limit, a value from 20 through 20,000 KB.
Scan Engine Timeout	Specifies the timeframe between the scan request generated to the scan result returned by the scan engine. Trickling timeout value is used by all supported protocols. Each protocol can have a different timeout value. Enter the time interval from 1 through 1800 seconds. The default value is 180 seconds.
Scan Options for Sophos Engine
URI Check	Specifies Uniform Resource Identifier blocking: an effective measure for preventing malware from reaching the endpoint. URI lookup is performed against an in-the-cloud malicious/infected URI database on each URI requested via HTTP. Select the URI check check box to enable URI check.
Content Size Limit	Specifies the accumulated TCP payload size. Enter the content size limit, a value from 20 through 20,000 KB.
Scan Engine Timeout	Specifies the timeframe between the scan request generated to the scan result returned by the scan engine. Trickling timeout value is used by all supported protocols. Each protocol can have a different timeout value. Enter the time interval from 1 through 1800 seconds. The default value is 180 seconds.
Query Interval	Specifies the antivirus engine query timeout interval. Enter the query interval from 1 through 5 seconds.
Query Retries	Specifies the antivirus engine query retry (number of times) value. Enter the query retry value from 0 through 5.
Fallback Settings
Default Action	Specifies all errors other than the categorized settings. This could include either unhandled system exceptions (internal errors) or other unknown errors. The available actions are block or log-and-permit. Select Log and Permit. The default action is Block.
Corrupt File	Specifies the error returned by the scan engine when it detects a corrupted file. The available actions are block or log-and-permit. Select Log and Permit. The default action is Block.
Password File	Specifies the error returned by the scan engine when the scanned file is protected by a password. The available actions are block or log-and-permit. Select Log and Permit. The default action is Block.
Decompress Layer	Specifies the error returned by the scan engine when the scanned file has too many compression layers. The available actions are block or log-and-permit. Select Log and Permit. The default action is Block.
Content Size	Specifies that if the content size exceeds a set limit, the content is passed or blocked depending on the max-content-size fallback option. The available actions are block or log-and-permit. Select Log and Permit. The default action is Block.
Engine Not Ready	Specifies that the scan engine is not ready during certain processes, for example, while the signature database is loading. The available actions are block or log-and-permit. Select Log and Permit. The default action is Block.
Timeout	Specifies that if the time taken to scan exceeds the timeout setting in the antivirus profile, the processing is aborted and the content is passed or blocked without completing the virus checking. The decision is made based on the timeout fallback option. The available actions are block or log-and-permit. Select Log and Permit. The default action is Block.
Out Of Resource	Specifies the resource constraints error received during virus scanning. This error can be or by the can be sent by the scan engine (as a scan-code) or scan manager. When the system is out of resources occurs, scanning is aborted. The available actions are block or log-and-permit. Select Log and Permit. The default action is Block.
Too Many Requests	Specifies that if the total number of messages received concurrently exceeds the device limits, the content is passed or blocked depending on the too-many-request fallback option. The available actions are block or log-and-permit. Select Log and Permit. The default action is Block. The allowed request limit is not configurable.
Notification Options
Fallback Block
Notification Type	Specifies the type of notification sent when a fallback option of block is triggered. Select the Protocol Only or the Message check box.
Notify Mail Sender	Specifies that when a virus is detected and a fallback option of block is triggered, an e-mail is sent to the administrator. Select the Notify Mail Sender check box to enable this notification.
Custom Message	Specifies the customized message text for the fallback block notification. Enter the text for this custom notification message (if you are using one).
Custom Message Subject	Enter the subject line text for your custom message for the fallback block notification.
Display Hostname	Select the check box to display the hostname.
Allow Email	Select the check box to allow e-mail.
Administrator Email Address	Enter the administrator e-mail address where notification is sent when a fallback error occurs.
Fallback Nonblock
Notify Mail Recipient	Specifies that the fallback nonblock notification is sent when a fallback e-mail option without a blocking action is triggered. Select the Notify Mail Sender check box.
Custom Message	Enter the customized message text for the fallback nonblock notification.
Custom Message Subject	Enter the subject line for your custom message for the fallback nonblock notification.
Virus Detection
Notification Type	Specifies the type of notification to be sent when a virus is detected. Select Protocol Only or Message option.
Notify Mail Sender	Specifies whether or not a notification is sent to the virus-detection notification e-mail address when a virus is detected. Select the Notify Mail Sender check box.
Custom Message	Enter the customized message text for the virus detection notification.
Custom Message Subject	Enter the subject line text for your custom message for the virus detection notification.

Add an Antivirus Profile

Related Documentation