Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Navigation
Guide That Contains This Content
[+] Expand All
[-] Collapse All

    Configuring Antivirus Protection (NSM Procedure)

    This section includes the following topics:

    Configuring a MIME Pattern List Custom Object

    To configure a MIME pattern list custom object:

    1. In the NSM navigation tree, select Device Manager > Devices.
    2. Click the Device Tree tab, and then double-click the device for which you want to configure a MIME pattern list custom object.
    3. Click the Configuration tab. In the configuration tree, select Security > Utm > Custom Objects.
    4. Select Mime Pattern and click New.
    5. Enter a unique name for the list.
    6. Select Value and add a new entry.
    7. Enter a value for the MIME pattern.
    8. Click OK to save the changes.

    Configuring a Filename Extension List Custom Object

    To configure a filename extension list custom object:

    1. In the NSM navigation tree, select Device Manager > Devices.
    2. Click the Device Tree tab, and then double-click the device for which you want to configure a filename extension list.
    3. Click the Configuration tab. In the configuration tree, select Security > Utm > Custom Objects.
    4. Select Filename Extension and click New.
    5. Enter a unique name for the extension list.
    6. Select Value and add a new entry.
    7. Enter the extensions in the Value box.
    8. Click OK to save the changes.

    Configuring a URL Pattern List Custom Object

    To configure a URL pattern list custom object:

    1. In the NSM navigation tree, select Device Manager > Devices.
    2. Click the Device Tree tab, and then double-click the device for which you want to configure URL pattern list custom objects.
    3. Click the Configuration tab. In the configuration tree, select Security > Utm > Custom Objects.
    4. Select Url Pattern and click New.
    5. Enter a unique name for the list.
    6. Select Value and add a new entry.
    7. In Value, enter the URLs or IP addresses you want added to the list for bypassing scanning.

      Note: For URL pattern wildcard support, the wildcard rule is as follows: \*\.[]\?* and you must precede all wildcard URLs with http://. You can only use an asterisk (*) if it is at the beginning of the URL and is followed by a dot (.). You can only use a question mark (?) at the end of the URL.

      The following wildcard syntax is supported: http://*.juniper.net, http://www.juniper.ne?, http://www.juniper.n??. The following wildcard syntax is not supported: *.juniper.net , www.juniper.ne?, http://*juniper.net, http://*.

    8. Click OK to save the changes.

    Configuring a Custom URL Category List Custom Object

    To configure a custom URL category list custom object:

    1. In the NSM navigation tree, select Device Manager > Devices.
    2. Click the Device Tree tab, and then double-click the device for which you want to URL category list custom objects.
    3. Click the Configuration tab. In the configuration tree, select Security > Utm > Custom Objects.
    4. Select Custom Url Category and click New.
    5. Enter a unique name for the list.
    6. Select Value and add a new entry.
    7. Enter the name of the URL pattern list you created for bypassing scanning.
    8. Click OK to save the changes.

    Configuring an Antivirus Feature Profile

    When configuring antivirus protection, you must first create the antivirus custom objects you are using. Those custom objects may include the MIME pattern list, MIME exception list, and the filename extension list. Once you have created your custom objects, you can configure full antivirus protection, including intelligent prescreening, and content size limits.

    To configure an antivirus feature profile:

    1. In the NSM navigation tree, select Device Manager > Devices.
    2. Click the Device Tree tab, and then double-click the device for which you want to configure an antivirus feature profile.
    3. Click the Configuration tab. In the configuration tree, select Security > Utm > Feature Profile > Antivirus > Kaspersky Lab Engine.
    4. Add or modify antivirus profile settings as specified in Table 1.
    5. Click one:
      • New—Adds a new profile.
      • OK—Saves the changes.
      • Cancel—Cancels the modifications.

    Table 1: Antivirus Feature Profile Settings

    Option

    Function

    Your Action

    Pattern Update

    Url

    Specifies the URL for the pattern database.

    If the URL is not already entered, enter the URL for the pattern database. Note that the URL is http://update.juniper-updates.net/AV/SRX210 and you should not change it.

    Interval

    Specifies the time interval for automatically updating the pattern database.

    Enter the time interval for automatically updating the pattern database. The default interval is 60 minutes.

    No Autoupdate

    Specifies whether automatic updates are disabled.

    Select this option if you want to disable automatic updates and update the pattern database manually.

    Pattern Update > Email Notify

    Admin Email

    Specifies the e-mail addresses of the administrators.

    Enter the e-mail addresses of the administrators who should receive e-mail notifications when updates are made to the pattern file.

    Custom Message

    Specifies the text that will appear in the custom message.

    Enter the text to appear in the body of the notification e-mail.

    Custom Message Subject

    Specifies the custom message subject.

    Enter the text to appear in the subject line of the notification e-mail.

    Profile

    Name

    Specifies the name of the Kaspersky lab engine profile.

    Enter a unique name for the Kaspersky lab engine profile.

    Profile > Fallback Options

    Enable Feature

    Enables fallback options.

    Select this option to enable fallback options.

    The available fallback options are as follows:

    • Default
    • Corrupt File
    • Password File
    • Decompress Layer
    • Content Size
    • Engine Not Ready
    • Timeout
    • Out of Resources
    • Too Many Requests

    Specifies the fallback options.

    Select log-and-permit or block from the list.

    Profile > Notification Options

    Enable Feature

    Enables notification options.

    Select this option to enable notification options.

    The notification options that can be configured are the following:

    • Fallback Block
    • Fallback Non Block
    • Virus Detection

    Specifies the notification actions for fallback block, fallback nonblock, and virus detection.

    • Custom Message—Enter the text to appear in the body of the notification e-mail.
    • Custom Message Subject—Enter the text to appear in the subject line of the notification e-mail.
    • notify-mail-sender—Select this option to notify the sender of the mail.
    • Type—Select protocol-only or message from the Type list.
    Profile > Scan Options

    Enable Feature

    Enables scan options.

    Select this option to enable scan options.

    intelligent-prescreening

    Enables intelligent prescreening.

    Select this option to enable intelligent prescreening.

    Content Size Limit

    Specifies the content size parameters. The content size check occurs before the scan request is sent. The content size refers to accumulated TCP payload size.

    Enter content size parameters.

    Timeout

    Specifies the scanning timeout parameters.

    Enter the scanning timeout parameters.

    Profile > Trickling

    Enable Feature

    Enables trickling feature.

    Select this option to enable trickling feature.

    Timeout

    Specifies the trickling timeout parameters.

    Enter the trickling timeout parameters.

    Antivirus > Mime Whitelist

    Enable Feature

    Enables this feature.

    Select this option to enable this feature.

    List

    Specifies the name of the URL whitelist.

    Enter the name of the URL whitelist custom object you created.

    Configuring a UTM Policy for Express Antivirus

    To configure a UTM policy for express antivirus:

    1. In the NSM navigation tree, select Device Manager > Devices.
    2. Click the Device Tree tab, and then double-click the device that you want to configure.
    3. Click the Configuration tab. In the configuration tree, select Security > Utm > Utm Policy.
    4. Click New to add a new UTM policy entry.
    5. Enter a unique name for the UTM policy.
    6. Select Antivirus and enter the name of the antivirus profile.
    7. In the Http, Imap, Pop3, or Smtp profile boxes, enter the name of the profile you created earlier.
    8. For Ftp, select the upload and download profiles.
    9. Click OK to save the changes.

    Once you have configured a UTM policy for express antivirus, attach the UTM policy to a security policy that you create.

    Published: 2013-01-06