[Prev][Next][Report an Error]

Configuring Full Antivirus Feature Profiles (J-Web Procedure)

Now that your custom objects have been created, you can configure the antivirus feature profile.

  1. Select Configure>Security>UTM>Global options.
  2. In the Anti-Virus tab, next to MIME whitelist, select the custom object you created from the list.
  3. Next to Exception MIME whitelist, select the custom object you created from the list.
  4. Next to URL Whitelist, select the custom object you created from the list.
  5. In the Engine Type section, select the type of engine you are using.

    For full antivirus protection, you should select Kaspersky Lab.

  6. In the Kaspersky Lab Engine Option section, enter the URL for the pattern database in the Pattern update URL box.

    Note that the URL is http://update.juniper-updates.net/AV/<device version> and you should not change it.

  7. Next to Pattern update interval, enter the time interval, in seconds, for automatically updating the pattern database in the box.

    The default interval is 60.

  8. Select whether you want the pattern file to update automatically (Auto update) or not (No Auto update).
  9. Click OK to save the selected values.
  10. If the configuration item is saved successfully, you receive a confirmation and you must click OK again. If it is not saved successfully, you can click Details in a pop-up window that appears to discover why.
  11. Select Anti-Virus, under Security, in the left pane.
  12. Click Add in the right window to create a profile for the antivirus Kaspersky Lab Engine. (To edit an existing item, select it and click the Edit button.)
  13. Next to Profile name, enter a unique name for this antivirus profile.
  14. Select the Profile Type.

    In this case, select Kaspersky.

  15. Next to Trickling timeout, enter timeout parameters. Note that trickling applies only to HTTP. HTTP trickling is a mechanism used to prevent the HTTP client or server from timing out during a file transfer or during antivirus scanning.
  16. Next to Intelligent prescreening, select Yes or No.

    Note: Intelligent prescreening is only intended for use with non-encoded traffic. It is not applicable for mail protocols (SMTP, POP3, IMAP, and HTTP POST).

  17. In the Scan Options section, next to Intelligent prescreening, select Yes if you are using it. .

    Note: Intelligent prescreening is only intended for use with non-encoded traffic. It is not applicable for mail protocols (SMTP, POP3, IMAP, and HTTP POST).

  18. Next to Content Size Limit, enter content size parameters. The content size check occurs before the scan request is sent. The content size refers to accumulated TCP payload size.
  19. Next to Scan engine timeout, enter scanning timeout parameters.

  20. Next to Decompress Layer Limit, enter decompression layer limit parameters.
  21. In the Scan mode section, select either Scan all files, if you are scanning all content, or Scan files with specified extension, if you are scanning by file extensions.

    If you select Scan files with specified extension, you must select a filename extension list custom object from the Scan engine filename extention list that appears .

  22. Select the Fallback settings tab.
  23. Next to Default (fallback option), select Log and permit or Block from the list.

    Note that in most cases, Block is the default fallback option.

  24. Next to Corrupt File (fallback option), select Log and permit or Block from the list.
  25. Next to Password File (fallback option), select Log and permit or Block from the list.
  26. Next to Decompress Layer (fallback option), select Log and permit or Block from the list.
  27. Next to Content Size (fallback option), select Log and permit or Block from the list.
  28. Next to Engine Not Ready (fallback option), select Log and permit or Block from the list.
  29. Next to Timeout (fallback option), select Log and permit or Block from the list.
  30. Next to Out Of Resources (fallback option), select Log and permit or Block from the list.
  31. Next to Too Many Request (fallback option), select Log and permit or Block from the list.
  32. Select the Notification options tab.
  33. In the Fallback block section, next to Notification type, select Protocol Only or Message to select the type of notification that is sent when a fallback option of block is triggered.
  34. Next to Notify mail sender, select Yes or No.
  35. If you selected Yes, next to Custom Message, enter text for the message body of your custom message for this notification (if you are using a custom message).
  36. Next to Custom message subject, enter text to appear in the subject line of your custom message for this notification (if you are using a custom message).
  37. In the Fallback non block section, next to Notify mail recipient, select Yes or No.
  38. If you selected Yes, next to Custom Message, enter text for the message body of your custom message for this notification (if you are using a custom message).
  39. Next to Custom message subject, enter text to appear in the subject line of your custom message for this notification (if you are using a custom message).
  40. Select the Notification options cont tab.
  41. In the Virus detection section, next to Notification type, select Protocol Only or Message to select the type of notification that is sent when a fallback option of block is triggered.
  42. Next to Notify mail sender, select Yes or No.
  43. If you selected Yes, next to Custom Message, enter text for the message body of your custom message for this notification (if you are using a custom message).
  44. Next to Custom message subject, enter text to appear in the subject line of your custom message for this notification (if you are using a custom message).

    The limit is 255 characters.

  45. Click OK .
  46. If the configuration item is saved successfully, you receive a confirmation and you must click OK again. If it is not saved successfully, you can click Details in the pop-up window that appears to discover why.

    Note: You create a separate antivirus profile for each antivirus protocol. These profiles may basically contain the same configuration information, but when you are creating your UTM policy for an antivirus profile, the UTM policy configuration page provides separate antivirus profile selection fields for each supported protocol.


[Prev][Next][Report an Error]