Antivirus Configuration Page Options

  1. Select Configure>Security>UTM>Anti-Virus in the J-Web user interface.

    The Antivirus configuration page appears. Table 62 explains the contents of this page.

  2. Click one:
    • Global Options—Defines general specifications for antivirus configuration. Enter information as specified in Table 63.
    • Add—Adds a new or duplicate antivirus profile configuration. Enter information as specified in Table 64.
    • Edit—Edits the selected antivirus configuration.
    • Delete—Deletes the selected antivirus configuration.
  3. Click one:
    • OK—Saves the configuration and returns to the main configuration page.
    • Cancel—Cancels your entries and returns to the main configuration page.

Table 62: Antivirus Configuration Page

Field

Function

Profile Name

Displays the unique name of the antispam profile.

Profile Type

Displays the profile type selected.

Intelligent Prescreening

Displays the intelligent prescreening status.

Scan Mode

Displays the scan mode option selected.

Trickling Timeout

Displays the trickling timeout interval.

Table 63: Global Options Antivirus Configuration Details

Field FunctionAction
Main

MIME Whitelist

Specifies the comprehensive list of MIME types that can bypass antivirus scanning.

Select the customized object from the list.

Exception MIME Whitelist

Specifies a list of MIME types to be excluded from the whitelist. The exception MIME whitelist is a subset of MIME types found in the MIME whitelist.

Select the customized object from the list.

URL Whitelist

Specifies a unique customized list of all URLs or IP addresses for a given category that are to be bypassed for scanning.

Select the customized object from the list.

Engine Type

Kaspersky Lab

Specifies the internal scan engine for full antivirus protection provided by Kaspersky Labs.

Select this option to choose the Kaspersky Lab engine type.

Juniper Express

Specifies the internal scan engine for full antivirus protection provided by Juniper Networks.

Select this option to choose the Juniper Express engine type.

Sophos

Specifies the internal scan engine for full antivirus protection provided by Sophos.

Select this option to choose the Sophos engine type.

Kaspersky Lab Engine Options

Admin Email

Specifies the e-mail address for the notification to be sent to the administrator when the pattern update is complete.

Enter the administrator e-mail address.

Custom Message

Specifies the text of the pattern-update e-mail notification that is sent when the pattern update is complete.

Enter the customized message.

Custom Message Subject

Specifies the customized message subject line for the custom message.

Enter the customized message subject line.

Juniper Express Engine Options

Pattern Update URL

Specifies the URL of the database server.

Enter the URL for the pattern database.

Pattern Update Interval (sec)

Specifies the interval at which the database server is queried for a new version of the database.

Enter the time interval for automatically updating the pattern database. The range is from 10 through 10080 seconds. The default interval is 60 seconds.

Auto Update

Specifies that the antivirus pattern database is configured to be automatically updated.

Select the auto update option.

No Auto Update

Specifies that the automatic download and update of the antivirus engine and signature database are disabled.

Select the no auto update option.

Sophos Engine Options

Pattern Update URL

Specifies the URL of the database server.

Enter the URL for the pattern database.

Pattern Update Interval (sec)

Specifies the interval at which the database server is queried for a new version of the database.

Enter the time interval for automatically updating the pattern database. The range is from 10 through 10080 seconds. The default interval is 60 seconds.

Auto Update

Specifies that the antivirus pattern database is configured to be automatically updated.

Select the auto update option.

No Auto Update

Specifies that the automatic download and update of the antivirus engine and signature database are disabled.

Select the no auto update option.

Proxy Options

Proxy Server Host

Specifies the host name of the proxy server.

Enter the IP address or hostname of the proxy server.

Proxy Server Port

Specifies the port with which the proxy server is associated.

Enter the port number.

Proxy Server Username

Specifies the username to use on the proxy server.

Enter the username.

Proxy Server Password

Specifies the password to use on the proxy server.

Enter the password.

Confirm Proxy Server Password

Verifies the login password for the proxy server.

Re-enter the password.

Table 64: Add Antivirus Configuration Details

Field FunctionAction
Main

Profile Name

Specifies a unique name for the antivirus profile.

Enter a unique name for the antispam profile.

Profile Type

Displays the internal scan engine for full antivirus option selected in the global options. Intelligent prescreening is only intended for use with non-encoded traffic.

-

Trickle Timeout

Specifies the trickle timeout value.

Enter timeout parameters.

Scan Options for Kaspersky Lab Engine

Intelligent Prescreening

Specifies the antivirus module used to begin scanning a file and improves antivirus scanning performance. The antivirus module generally begins to scan data after the gateway device has received all the packets of a file.

Select yes to enable intelligent prescreening.

Content Size Limit

Specifies the accumulated TCP payload size.

Enter the content size limit, a value from 20 through 20000 KB.

Scan Engine Timeout

Specifies the timeframe between the scan request generated to the scan result returned by the scan engine. Trickling timeout value is used by all supported protocols. Each protocol can have a different timeout value.

Enter the time interval from 1 through 1800 seconds. The default value is 180 seconds.

Decompress Layer Limit

Specifies the number of layers of nested compressed files the internal antivirus scanner can decompress before the execution of the virus scan.

Enter the decompress layer limit, a value from 1 through 4 layers.

Scan Mode

Scan All Files

Specifies all files to be scanned.

Select this option to scan all files.

Scan Files With Specified Extension

Specifies the list of file extensions.

Select this option to scan files with specific extensions.

Scan Engine Filename Extension

Specifies the file extensions found in the traffic being scanned.

Select this option to scan the engine filename extension.

Scan Options for Juniper Express Engine

Intelligent Prescreening

Specifies the antivirus module used to begin scanning a file and improves antivirus scanning performance. The antivirus module generally begins to scan data after the gateway device has received all the packets of a file.

Select yes to enable intelligent prescreening.

Content Size Limit

Specifies the accumulated TCP payload size.

Enter the content size limit, a value from 20 through 20,000 KB.

Scan Engine Timeout

Specifies the timeframe between the scan request generated to the scan result returned by the scan engine. Trickling timeout value is used by all supported protocols. Each protocol can have a different timeout value.

Enter the time interval from 1 through 1800 seconds. The default value is 180 seconds.

Scan Options for Sophos Engine

URI Check

Specifies Uniform Resource Identifier blocking: an effective measure for preventing malware from reaching the endpoint. URI lookup is performed against an in-the-cloud malicious/infected URI database on each URI requested via HTTP.

Select the URI check check box to enable URI check.

Content Size Limit

Specifies the accumulated TCP payload size.

Enter the content size limit, a value from 20 through 20,000 KB.

Scan Engine Timeout

Specifies the timeframe between the scan request generated to the scan result returned by the scan engine. Trickling timeout value is used by all supported protocols. Each protocol can have a different timeout value.

Enter the time interval from 1 through 1800 seconds. The default value is 180 seconds.

Query Interval

Specifies the antivirus engine query timeout interval.

Enter the query interval from 1 through 5 seconds.

Query Retries

Specifies the antivirus engine query retry (number of times) value.

Enter the query retry value from 0 through 5.

Fallback Settings

Default Action

Specifies all errors other than the categorized settings. This could include either unhandled system exceptions (internal errors) or other unknown errors. The available actions are block or log-and-permit.

Select Log and Permit. The default action is Block.

Corrupt File

Specifies the error returned by the scan engine when it detects a corrupted file. The available actions are block or log-and-permit.

Select Log and Permit. The default action is Block.

Password File

Specifies the error returned by the scan engine when the scanned file is protected by a password. The available actions are block or log-and-permit.

Select Log and Permit. The default action is Block.

Decompress Layer

Specifies the error returned by the scan engine when the scanned file has too many compression layers. The available actions are block or log-and-permit.

Select Log and Permit. The default action is Block.

Content Size

Specifies that if the content size exceeds a set limit, the content is passed or blocked depending on the max-content-size fallback option. The available actions are block or log-and-permit.

Select Log and Permit. The default action is Block.

Engine Not Ready

Specifies that the scan engine is not ready during certain processes, for example, while the signature database is loading. The available actions are block or log-and-permit.

Select Log and Permit. The default action is Block.

Timeout

Specifies that if the time taken to scan exceeds the timeout setting in the antivirus profile, the processing is aborted and the content is passed or blocked without completing the virus checking. The decision is made based on the timeout fallback option. The available actions are block or log-and-permit.

Select Log and Permit. The default action is Block.

Out Of Resource

Specifies the resource constraints error received during virus scanning. This error can be or by the can be sent by the scan engine (as a scan-code) or scan manager. When the system is out of resources occurs, scanning is aborted. The available actions are block or log-and-permit.

Select Log and Permit. The default action is Block.

Too Many Requests

Specifies that if the total number of messages received concurrently exceeds the device limits, the content is passed or blocked depending on the too-many-request fallback option. The available actions are block or log-and-permit.

Select Log and Permit. The default action is Block. The allowed request limit is not configurable.

Notification Options
Fallback Block

Notification Type

Specifies the type of notification sent when a fallback option of block is triggered.

Select the Protocol Only or the Message check box.

Notify Mail Sender

Specifies that when a virus is detected and a fallback option of block is triggered, an e-mail is sent to the administrator.

Select the Notify Mail Sender check box to enable this notification.

Custom Message

Specifies the customized message text for the fallback block notification.

Enter the text for this custom notification message (if you are using one).

Custom Message Subject

Specifies the subject line text for your custom message for the fallback block notification.

Enter the subject line text for your custom message.

Display Hostname

Specifies the device name.

Select the check box to display the hostname.

Allow Email

Specifies that a notification e-mail address must be allowed.

Select the check box to allow e-mail.

Administrator Email Address

Specifies the administrator e-mail address where notification is sent when a fallback error occurs.

Enter the administrator e-mail address.

Fallback Nonblock

Notify Mail Recipient

Specifies that the fallback nonblock notification is sent when a fallback e-mail option without a blocking action is triggered.

Select the Notify Mail Sender check box.

Custom Message

Specifies the customized message text for the fallback nonblock notification.

Enter the text for this custom notification message (if you are using one).

Custom Message Subject

Specifies the subject line for your custom message for the fallback nonblock notification.

Enter the subject line text for your custom message.

Virus Detection

Notification Type

Specifies the type of notification to be sent when a virus is detected.

Select Protocol Only or Message option.

Notify Mail Sender

Specifies whether or not a notification is sent to the virus-detection notification e-mail address when a virus is detected.

Select yes to send a notification and no to not send a notification.

Custom Message

Specifies the customized message text for the virus detection notification.

Enter the text for this custom notification message (if you are using one).

Custom Message Subject

Specifies the subject line text for your custom message for the virus detection notification.

Enter the subject line text for your custom message.

Related Documentation