Antivirus Configuration Page Options
- Select Configure>Security>UTM>Anti-Virus in
the J-Web user interface.
The Antivirus configuration page appears. Table 62 explains the contents of this page.
- Click one:
- Global Options—Defines general specifications for antivirus configuration. Enter information as specified in Table 63.
- Add—Adds a new or duplicate antivirus profile configuration. Enter information as specified in Table 64.
- Edit—Edits the selected antivirus configuration.
- Delete—Deletes the selected antivirus configuration.
- Click one:
- OK—Saves the configuration and returns to the main configuration page.
- Cancel—Cancels your entries and returns to the main configuration page.
Table 62: Antivirus Configuration Page
Field | Function |
|---|---|
Profile Name | Displays the unique name of the antispam profile. |
Profile Type | Displays the profile type selected. |
Intelligent Prescreening | Displays the intelligent prescreening status. |
Scan Mode | Displays the scan mode option selected. |
Trickling Timeout | Displays the trickling timeout interval. |
Table 63: Global Options Antivirus Configuration Details
| Field | Function | Action |
|---|---|---|
| Main | ||
MIME Whitelist | Specifies the comprehensive list of MIME types that can bypass antivirus scanning. | Select the customized object from the list. |
Exception MIME Whitelist | Specifies a list of MIME types to be excluded from the whitelist. The exception MIME whitelist is a subset of MIME types found in the MIME whitelist. | Select the customized object from the list. |
URL Whitelist | Specifies a unique customized list of all URLs or IP addresses for a given category that are to be bypassed for scanning. | Select the customized object from the list. |
| Engine Type | ||
Kaspersky Lab | Specifies the internal scan engine for full antivirus protection provided by Kaspersky Labs. Note: This option is not supported on SRX1500 devices. | Select this option to choose the Kaspersky Lab engine type. |
Juniper Express | Specifies the internal scan engine for full antivirus protection provided by Juniper Networks. Note: This option is not supported on SRX1500 devices. | Select this option to choose the Juniper Express engine type. |
Sophos | Specifies the internal scan engine for full antivirus protection provided by Sophos. Note: SRX1500 devices support only this option. | Select this option to choose the Sophos engine type. |
| Kaspersky Lab Engine Options | ||
Admin Email | Specifies the e-mail address for the notification to be sent to the administrator when the pattern update is complete. | Enter the administrator e-mail address. |
Custom Message | Specifies the text of the pattern-update e-mail notification that is sent when the pattern update is complete. | Enter the customized message. |
Custom Message Subject | Specifies the customized message subject line for the custom message. | Enter the customized message subject line. |
| Juniper Express Engine Options | ||
Pattern Update URL | Specifies the URL of the database server. | Enter the URL for the pattern database. |
Pattern Update Interval (sec) | Specifies the interval at which the database server is queried for a new version of the database. | Enter the time interval for automatically updating the pattern database. The range is from 10 through 10080 seconds. The default interval is 60 seconds. |
Auto Update | Specifies that the antivirus pattern database is configured to be automatically updated. | Select the auto update option. |
No Auto Update | Specifies that the automatic download and update of the antivirus engine and signature database are disabled. | Select the no auto update option. |
| Sophos Engine Options | ||
Pattern Update URL | Specifies the URL of the database server. | Enter the URL for the pattern database. |
Pattern Update Interval (sec) | Specifies the interval at which the database server is queried for a new version of the database. | Enter the time interval for automatically updating the pattern database. The range is from 10 through 10080 seconds. The default interval is 60 seconds. |
Auto Update | Specifies that the antivirus pattern database is configured to be automatically updated. | Select the auto update option. |
No Auto Update | Specifies that the automatic download and update of the antivirus engine and signature database are disabled. | Select the no auto update option. |
| Proxy Options | ||
Proxy Server Host | Specifies the host name of the proxy server. | Enter the IP address or hostname of the proxy server. |
Proxy Server Port | Specifies the port with which the proxy server is associated. | Enter the port number. |
Proxy Server Username | Specifies the username to use on the proxy server. | Enter the username. |
Proxy Server Password | Specifies the password to use on the proxy server. | Enter the password. |
Confirm Proxy Server Password | Verifies the login password for the proxy server. | Re-enter the password. |
Table 64: Add Antivirus Configuration Details
| Field | Function | Action |
|---|---|---|
| Main | ||
Profile Name | Specifies a unique name for the antivirus profile. | Enter a unique name for the antispam profile. |
Profile Type | Displays the internal scan engine for full antivirus option selected in the global options. Intelligent prescreening is only intended for use with non-encoded traffic. | - |
Trickle Timeout | Specifies the trickle timeout value. | Enter timeout parameters. |
| Scan Options for Kaspersky Lab Engine | ||
Intelligent Prescreening | Specifies the antivirus module used to begin scanning a file and improves antivirus scanning performance. The antivirus module generally begins to scan data after the gateway device has received all the packets of a file. | Select yes to enable intelligent prescreening. |
Content Size Limit | Specifies the accumulated TCP payload size. | Enter the content size limit, a value from 20 through 20000 KB. |
Scan Engine Timeout | Specifies the timeframe between the scan request generated to the scan result returned by the scan engine. Trickling timeout value is used by all supported protocols. Each protocol can have a different timeout value. | Enter the time interval from 1 through 1800 seconds. The default value is 180 seconds. |
Decompress Layer Limit | Specifies the number of layers of nested compressed files the internal antivirus scanner can decompress before the execution of the virus scan. | Enter the decompress layer limit, a value from 1 through 4 layers. |
| Scan Mode | ||
Scan All Files | Specifies all files to be scanned. | Select this option to scan all files. |
Scan Files With Specified Extension | Specifies the list of file extensions. | Select this option to scan files with specific extensions. |
Scan Engine Filename Extension | Specifies the file extensions found in the traffic being scanned. | Select this option to scan the engine filename extension. |
| Scan Options for Juniper Express Engine | ||
Intelligent Prescreening | Specifies the antivirus module used to begin scanning a file and improves antivirus scanning performance. The antivirus module generally begins to scan data after the gateway device has received all the packets of a file. | Select yes to enable intelligent prescreening. |
Content Size Limit | Specifies the accumulated TCP payload size. | Enter the content size limit, a value from 20 through 20,000 KB. |
Scan Engine Timeout | Specifies the timeframe between the scan request generated to the scan result returned by the scan engine. Trickling timeout value is used by all supported protocols. Each protocol can have a different timeout value. | Enter the time interval from 1 through 1800 seconds. The default value is 180 seconds. |
| Scan Options for Sophos Engine | ||
URI Check | Specifies Uniform Resource Identifier blocking: an effective measure for preventing malware from reaching the endpoint. URI lookup is performed against an in-the-cloud malicious/infected URI database on each URI requested via HTTP. | Select the URI check check box to enable URI check. |
Content Size Limit | Specifies the accumulated TCP payload size. | Enter the content size limit, a value from 20 through 20,000 KB. |
Scan Engine Timeout | Specifies the timeframe between the scan request generated to the scan result returned by the scan engine. Trickling timeout value is used by all supported protocols. Each protocol can have a different timeout value. | Enter the time interval from 1 through 1800 seconds. The default value is 180 seconds. |
Query Interval | Specifies the antivirus engine query timeout interval. | Enter the query interval from 1 through 5 seconds. |
Query Retries | Specifies the antivirus engine query retry (number of times) value. | Enter the query retry value from 0 through 5. |
| Fallback Settings | ||
Default Action | Specifies all errors other than the categorized settings. This could include either unhandled system exceptions (internal errors) or other unknown errors. The available actions are block or log-and-permit. | Select Log and Permit. The default action is Block. |
Corrupt File | Specifies the error returned by the scan engine when it detects a corrupted file. The available actions are block or log-and-permit. | Select Log and Permit. The default action is Block. |
Password File | Specifies the error returned by the scan engine when the scanned file is protected by a password. The available actions are block or log-and-permit. | Select Log and Permit. The default action is Block. |
Decompress Layer | Specifies the error returned by the scan engine when the scanned file has too many compression layers. The available actions are block or log-and-permit. | Select Log and Permit. The default action is Block. |
Content Size | Specifies that if the content size exceeds a set limit, the content is passed or blocked depending on the max-content-size fallback option. The available actions are block or log-and-permit. | Select Log and Permit. The default action is Block. |
Engine Not Ready | Specifies that the scan engine is not ready during certain processes, for example, while the signature database is loading. The available actions are block or log-and-permit. | Select Log and Permit. The default action is Block. |
Timeout | Specifies that if the time taken to scan exceeds the timeout setting in the antivirus profile, the processing is aborted and the content is passed or blocked without completing the virus checking. The decision is made based on the timeout fallback option. The available actions are block or log-and-permit. | Select Log and Permit. The default action is Block. |
Out Of Resource | Specifies the resource constraints error received during virus scanning. This error can be or by the can be sent by the scan engine (as a scan-code) or scan manager. When the system is out of resources occurs, scanning is aborted. The available actions are block or log-and-permit. | Select Log and Permit. The default action is Block. |
Too Many Requests | Specifies that if the total number of messages received concurrently exceeds the device limits, the content is passed or blocked depending on the too-many-request fallback option. The available actions are block or log-and-permit. | Select Log and Permit. The default action is Block. The allowed request limit is not configurable. |
| Notification Options | ||
| Fallback Block | ||
Notification Type | Specifies the type of notification sent when a fallback option of block is triggered. | Select the Protocol Only or the Message check box. |
Notify Mail Sender | Specifies that when a virus is detected and a fallback option of block is triggered, an e-mail is sent to the administrator. | Select the Notify Mail Sender check box to enable this notification. |
Custom Message | Specifies the customized message text for the fallback block notification. | Enter the text for this custom notification message (if you are using one). |
Custom Message Subject | Specifies the subject line text for your custom message for the fallback block notification. | Enter the subject line text for your custom message. |
Display Hostname | Specifies the device name. | Select the check box to display the hostname. |
Allow Email | Specifies that a notification e-mail address must be allowed. | Select the check box to allow e-mail. |
Administrator Email Address | Specifies the administrator e-mail address where notification is sent when a fallback error occurs. | Enter the administrator e-mail address. |
| Fallback Nonblock | ||
Notify Mail Recipient | Specifies that the fallback nonblock notification is sent when a fallback e-mail option without a blocking action is triggered. | Select the Notify Mail Sender check box. |
Custom Message | Specifies the customized message text for the fallback nonblock notification. | Enter the text for this custom notification message (if you are using one). |
Custom Message Subject | Specifies the subject line for your custom message for the fallback nonblock notification. | Enter the subject line text for your custom message. |
| Virus Detection | ||
Notification Type | Specifies the type of notification to be sent when a virus is detected. | Select Protocol Only or Message option. |
Notify Mail Sender | Specifies whether or not a notification is sent to the virus-detection notification e-mail address when a virus is detected. | Select yes to send a notification and no to not send a notification. |
Custom Message | Specifies the customized message text for the virus detection notification. | Enter the text for this custom notification message (if you are using one). |
Custom Message Subject | Specifies the subject line text for your custom message for the virus detection notification. | Enter the subject line text for your custom message. |