Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

Express Antivirus Pattern Updates

The express antivirus pattern database is updated over HTTP or HTTPS and can occur automatically or manually. For more information, see the following topics:

Understanding Express Antivirus Scanner Pattern Updates

The Express Antivirus feature is not supported from Junos OS Release 15.1X49-D10 and Junos OS Release 17.3R1 onwards. For previous releases, Express antivirus uses a different signature database than the full antivirus signature database. The express antivirus signature database is called Juniper Express antivirus database and it is compatible with the hardware engine. The express signature database targets only critical viruses and malware, including worms, Trojans, and spyware. This is a smaller sized database, providing less coverage than the full antivirus signature database.

The express antivirus pattern database is updated over HTTP or HTTPS and can occur automatically or manually. This is similar functionality to that found in full antivirus with some minor differences:

  • With express antivirus, the signature database auto-update interval, is once a day.

  • With express antivirus, there is no support for the downloading of multiple database types.

  • With express antivirus, during database loading, all scan operations are interrupted. Scan operations for existing traffic flows are stopped and no new scan operations are initiated for newly established traffic flows. You can specify the desired action for this interruption period using the fall-back parameter for engine-busy-loading-database. The available actions are block or log-and-permit.

  • By default, the URL for express antivirus is http://update.juniper-updates.net/EAV/SRX-platform-name where SRX-platform-name is the name of your device. If your device is an SRX210, then the URL for express antivirus would be http://update.juniper-updates.net/EAV/SRX210. The SRX-platform-name part of the URL is different and platform-specific. (Other than the platform name, you should not change this URL unless you are experiencing problems with it and have called for support. Platform support depends on the Junos OS release in your installation.)

    Once your subscription expires, you have a 30 day grace period during which you can continue to update the antivirus pattern file. Once that grace period expires, the update server no longer permits antivirus pattern file updates.

    The express Antivirus scanning feature is a separately licensed subscription service. When your antivirus license key expires, you can continue to use locally stored antivirus signatures. But in that case, if the local database is deleted, antivirus scanning is disabled.

Example: Automatically Updating Express Antivirus Patterns

The Express Antivirus feature is not supported from Junos OS Release 15.1X49-D10 and Junos OS Release 17.3R1 onwards. For previous releases, this example shows how to update the pattern file automatically on a security device.

Requirements

Before you begin:

Overview

In this example, you configure the security device to update the pattern file automatically every 120 minutes. (The default antivirus pattern-update interval is once a day.)

Configuration

Procedure

Step-by-Step Procedure

To configure the security device to update the pattern file automatically:

  1. Set the interval.

  2. If you are done configuring the device, commit the configuration.

Verification

Verify the Security UTM Configuration

Purpose

To verify the security UTM configuration is working properly.

Action

From the operational mode, enter the show security utm command.

Example: Automatically Updating Express Antivirus Patterns (J-Web Procedure)

The Express Antivirus feature is not supported from Junos OS Release 15.1X49-D10 and Junos OS Release 17.3R1 onwards. For previous releases, in this example, you configure the security device to update the pattern file automatically every 120 minutes. (The default antivirus pattern-update interval is once a day.)

To automatically update antivirus patterns:

  1. Select Configure>Security>UTM>Anti-Virus.

  2. Next to Interval, in the Juniper Express Engine section, enter 120 in the box.

  3. Click OK to check your configuration and save it as a candidate configuration, then click Commit Options>Commit.

Manually Updating, Reloading, and Deleting Express Antivirus Patterns (CLI Procedure)

The Express Antivirus feature is not supported from Junos OS Release 15.1X49-D10 and Junos OS Release 17.3R1 onwards. For previous releases, to manually update antivirus patterns, enter the following CLI statement:

To manually reload antivirus patterns, enter the following CLI statement:

To manually delete antivirus patterns, enter the following CLI statement:

Release History Table
Release
Description
15.1X49-D10
The Express Antivirus feature is not supported from Junos OS Release 15.1X49-D10 and Junos OS Release 17.3R1 onwards.