Configuring Antivirus Protection (NSM Procedure)

This section includes the following topics:

Configuring a MIME Pattern List Custom Object

To configure a MIME pattern list custom object:

  1. In the NSM navigation tree, select Device Manager > Devices.
  2. Click the Device Tree tab, and then double-click the device for which you want to configure a MIME pattern list custom object.
  3. Click the Configuration tab. In the configuration tree, select Security > Utm > Custom Objects.
  4. Select Mime Pattern and click New.
  5. Enter a unique name for the list.
  6. Select Value and add a new entry.
  7. Enter a value for the MIME pattern.
  8. Click OK to save the changes.

Configuring a Filename Extension List Custom Object

To configure a filename extension list custom object:

  1. In the NSM navigation tree, select Device Manager > Devices.
  2. Click the Device Tree tab, and then double-click the device for which you want to configure a filename extension list.
  3. Click the Configuration tab. In the configuration tree, select Security > Utm > Custom Objects.
  4. Select Filename Extension and click New.
  5. Enter a unique name for the extension list.
  6. Select Value and add a new entry.
  7. Enter the extensions in the Value box.
  8. Click OK to save the changes.

Configuring a URL Pattern List Custom Object

To configure a URL pattern list custom object:

  1. In the NSM navigation tree, select Device Manager > Devices.
  2. Click the Device Tree tab, and then double-click the device for which you want to configure URL pattern list custom objects.
  3. Click the Configuration tab. In the configuration tree, select Security > Utm > Custom Objects.
  4. Select Url Pattern and click New.
  5. Enter a unique name for the list.
  6. Select Value and add a new entry.
  7. In Value, enter the URLs or IP addresses you want added to the list for bypassing scanning.

    Note: For URL pattern wildcard support, the wildcard rule is as follows: \*\.[]\?* and you must precede all wildcard URLs with http://. You can only use an asterisk (*) if it is at the beginning of the URL and is followed by a dot (.). You can only use a question mark (?) at the end of the URL.

    The following wildcard syntax is supported: http://*.juniper.net, http://www.juniper.ne?, http://www.juniper.n??. The following wildcard syntax is not supported: *.juniper.net , www.juniper.ne?, http://*juniper.net, http://*.

  8. Click OK to save the changes.

Configuring a Custom URL Category List Custom Object

To configure a custom URL category list custom object:

  1. In the NSM navigation tree, select Device Manager > Devices.
  2. Click the Device Tree tab, and then double-click the device for which you want to URL category list custom objects.
  3. Click the Configuration tab. In the configuration tree, select Security > Utm > Custom Objects.
  4. Select Custom Url Category and click New.
  5. Enter a unique name for the list.
  6. Select Value and add a new entry.
  7. Enter the name of the URL pattern list you created for bypassing scanning.
  8. Click OK to save the changes.

Configuring an Antivirus Feature Profile

When configuring antivirus protection, you must first create the antivirus custom objects you are using. Those custom objects may include the MIME pattern list, MIME exception list, and the filename extension list. Once you have created your custom objects, you can configure full antivirus protection, including intelligent prescreening, and content size limits.

To configure an antivirus feature profile:

  1. In the NSM navigation tree, select Device Manager > Devices.
  2. Click the Device Tree tab, and then double-click the device for which you want to configure an antivirus feature profile.
  3. Click the Configuration tab. In the configuration tree, select Security > Utm > Feature Profile > Antivirus > Kaspersky Lab Engine.
  4. Add or modify antivirus profile settings as specified in Table 228.
  5. Click one:
    • New—Adds a new profile.
    • OK—Saves the changes.
    • Cancel—Cancels the modifications.

Table 228: Antivirus Feature Profile Settings

Option

Function

Your Action

Pattern Update

Url

Specifies the URL for the pattern database.

If the URL is not already entered, enter the URL for the pattern database. Note that the URL is http://update.juniper-updates.net/AV/SRX210 and you should not change it.

Interval

Specifies the time interval for automatically updating the pattern database.

Enter the time interval for automatically updating the pattern database. The default interval is 60 minutes.

No Autoupdate

Specifies whether automatic updates are disabled.

Select this option if you want to disable automatic updates and update the pattern database manually.

Pattern Update > Email Notify

Admin Email

Specifies the e-mail addresses of the administrators.

Enter the e-mail addresses of the administrators who should receive e-mail notifications when updates are made to the pattern file.

Custom Message

Specifies the text that will appear in the custom message.

Enter the text to appear in the body of the notification e-mail.

Custom Message Subject

Specifies the custom message subject.

Enter the text to appear in the subject line of the notification e-mail.

Profile

Name

Specifies the name of the Kaspersky lab engine profile.

Enter a unique name for the Kaspersky lab engine profile.

Profile > Fallback Options

Enable Feature

Enables fallback options.

Select this option to enable fallback options.

The available fallback options are as follows:

  • Default
  • Corrupt File
  • Password File
  • Decompress Layer
  • Content Size
  • Engine Not Ready
  • Timeout
  • Out of Resources
  • Too Many Requests

Specifies the fallback options.

Select log-and-permit or block from the list.

Profile > Notification Options

Enable Feature

Enables notification options.

Select this option to enable notification options.

The notification options that can be configured are the following:

  • Fallback Block
  • Fallback Non Block
  • Virus Detection

Specifies the notification actions for fallback block, fallback nonblock, and virus detection.

  • Custom Message—Enter the text to appear in the body of the notification e-mail.
  • Custom Message Subject—Enter the text to appear in the subject line of the notification e-mail.
  • notify-mail-sender—Select this option to notify the sender of the mail.
  • Type—Select protocol-only or message from the Type list.
Profile > Scan Options

Enable Feature

Enables scan options.

Select this option to enable scan options.

intelligent-prescreening

Enables intelligent prescreening.

Select this option to enable intelligent prescreening.

Content Size Limit

Specifies the content size parameters. The content size check occurs before the scan request is sent. The content size refers to accumulated TCP payload size.

Enter content size parameters.

Timeout

Specifies the scanning timeout parameters.

Enter the scanning timeout parameters.

Profile > Trickling

Enable Feature

Enables trickling feature.

Select this option to enable trickling feature.

Timeout

Specifies the trickling timeout parameters.

Enter the trickling timeout parameters.

Antivirus > Mime Whitelist

Enable Feature

Enables this feature.

Select this option to enable this feature.

List

Specifies the name of the URL whitelist.

Enter the name of the URL whitelist custom object you created.

Configuring a UTM Policy for Express Antivirus

To configure a UTM policy for express antivirus:

  1. In the NSM navigation tree, select Device Manager > Devices.
  2. Click the Device Tree tab, and then double-click the device that you want to configure.
  3. Click the Configuration tab. In the configuration tree, select Security > Utm > Utm Policy.
  4. Click New to add a new UTM policy entry.
  5. Enter a unique name for the UTM policy.
  6. Select Antivirus and enter the name of the antivirus profile.
  7. In the Http, Imap, Pop3, or Smtp profile boxes, enter the name of the profile you created earlier.
  8. For Ftp, select the upload and download profiles.
  9. Click OK to save the changes.

Once you have configured a UTM policy for express antivirus, attach the UTM policy to a security policy that you create.

Related Documentation