Monitoring Antivirus Sessions and Scan Results

The antivirus module provides functions which allow you to use the CLI to check the system settings and the status of scan engine. It also provides functions to check the ongoing antivirus sessions and antivirus statistics.

Monitoring Antivirus Scan Engine Status

Purpose

Using the CLI, you can view the following scan engine status items:

Antivirus license key status

Scan engine status and settings

Antivirus pattern update server settings

Antivirus pattern database status

Action

In the CLI, enter the user@host> show security utm anti-virus status command.

Example status result:

AV Key Expire Date: 03/01/2010 00:00:00Update Server: http://update.juniper-updates.net/AV/SRX210 interval: 60 minutes auto update status: next update in 12 minutes last result: new database loaded AV signature version: 12/21/2008 00:35 GMT, virus records: 154018Scan Engine Info: last action result: No error(0x00000000)

Monitoring Antivirus Session Status

Purpose

Using the CLI, you can view the following session status items:

Antivirus session status displays a snapshot of current antivirus sessions. It includes

Action

In the CLI, enter the user@host> show security utm session status command.

Monitoring Antivirus Scan Results

Purpose

View statistics for antivirus requests, scan results, and fallback counters.

Scan requests provide

Scan code counters provide

Fallback applied status provides either a log-and-permit or block result when the following has occurred

Action

To view antivirus scan results using the CLI editor, enter the user@host> show security utm anti-virus statistics status command.

To view antivirus scan results using J-Web:

  1. Select Monitor>UTM>Anti-Virus.

    The following information becomes viewable in the right pane.

    Antivirus license key status

    • View license expiration dates.

    Antivirus pattern update server settings

    • View update URL (HTTP or HTTPS-based).
    • View update interval.

    Antivirus pattern database status

    • View auto update status.
    • View last result of database loading.
    • If the download completes, view database version timestamp virus record number.
    • If the download fails, view failure reason.

    Antivirus statistics provide

    • The number of scan request being pre-windowed.
    • The total number of scan request forwarded to the engine.
    • The number of scan requests using scan-all mode.
    • The number of scan requests using scan-by-extension mode.

    Scan code counters provide

    • Number of clean files.
    • Number of infected files.
    • Number of password protected files.
    • Number of decompress layers.
    • Number of corrupt files.
    • When the engine is out of resources.
    • When there is an internal error.

    Fallback applied status provides either a log-and-permit or block result when the following has occurred

    • Scan engine not ready.
    • Password protected file found.
    • Decompress layer too large.
    • Corrupt file found.
    • Out of resources.
    • Timeout occurred.
    • Maximum content size reached.
    • Too many requests.
    • Other.
  2. You can click the Clear Anti-Virus Statistics button to clear all current viewable statistics and begin collecting new statistics.

Related Topics

Junos OS Feature Support Reference for SRX Series and J Series Devices

Copyright© 1999-2010 Juniper Networks, Inc. All rights reserved.