Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

Full Antivirus Pattern Updates

The full file-based antivirus protection signature database is called the Juniper Full antivirus database, it detects all destructive malicious code, including viruses (polymorphic and other advanced virus types), worms, Trojans, and malware. For more information, see the following topics:

Understanding Full Antivirus Pattern Updates

The full antivirus Pattern Updates is not supported from Junos OS Release 15.1X49-D10 and Junos OS Release 17.3R1 onwards. For previous releases, the full file-based antivirus protection signature database is called the Juniper Full antivirus database (downloaded by the pattern-update command). This database is different from the database used by express antivirus. It detects all destructive malicious code, including viruses (polymorphic and other advanced virus types), worms, Trojans, and malware.

Updates to the pattern file are added as new viruses are discovered. When Kaspersky Lab updates the signatures in its pattern database, the security device downloads these updates so that the antivirus scanner is using the latest, most up-to-date signatures when scanning traffic. The security device can perform these updates automatically (the default), or you can perform pattern update downloads manually.

The database pattern server is accessible through HTTP or HTTPS. By default, the antivirus module checks for database updates automatically every 60 minutes. You can change this interval and you can trigger updates manually, as well. The number of files that are downloaded during an update and the duration of the download process can vary.

A local copy of the pattern database is saved in persistent data storage (that is, the flash disk). If the device is rebooted, the local copy remains available for the antivirus scan engine to use during the antivirus scan engine initialization time, without the need for network access to the pattern database server.

If the auto-update fails, the updater automatically retries to update three more times. If the database download continues to fail, the updater stops trying and waits for the next periodic update before trying again.

Once your subscription expires, you have a 30 day grace period during which you can continue to update the antivirus pattern file. Once that grace period expires, the update server no longer permits antivirus pattern file updates.

Example: Configuring the Full Antivirus Pattern Update Server

The full antivirus Pattern Updates is not supported from Junos OS Release 15.1X49-D10 and Junos OS Release 17.3R1 onwards. For previous releases, this example shows how to configure the pattern-update server on the security device.

Requirements

Before you begin:

Overview

To configure the pattern-update server on the security device, enter the URL address of the pattern-update server.

By default, the Juniper-Kaspersky URL for full antivirus protection is http://update.juniper-updates.net/AV/device-name, where device-name is the name of your device.

Configuration

Procedure

Step-by-Step Procedure

To configure the pattern-update server on a security device:

  1. Specify the URL of the pattern-update server.

    Note:

    Other than the platform name, you should not change this URL unless you are experiencing problems with it and have called for support.

  2. If you are done configuring the device, commit the configuration.

Verification

Verify the Security UTM Configuration

Purpose

To verify the security UTM configuration is working properly.

Action

From the operational mode, enter the show security utm command.

Full Antivirus Pattern Update Configuration Overview

The Kaspersky Antivirus feature is not supported from Junos OS Release 15.1X49-D10 and Junos OS Release 17.3R1 onwards. For previous releases, Before you begin, there are several prerequisites that must be met in order to perform a successful pattern database update:

  • You must have a valid antivirus scanner license.

  • You must have network connectivity and access to the pattern database server.

  • Your DNS settings and port settings (port 80) must be correct.

To update the patterns for the antivirus signature database:

  1. On the security device, specify the URL address of the pattern-update server.
  2. (Optional) Specify how often the device should automatically check for pattern-server updates.

After the security device downloads the server-initialization file, the device checks that the pattern file is valid. The device then parses the file to obtain information about it, including the file version, size, and location of the pattern file server.

If the pattern file on the security device is out-of-date (or nonexistent because this is the first time you are loading it), and, if the antivirus pattern-update service subscription is still valid, the device automatically retrieves an updated pattern file from the pattern file server.

The following is an example of the CLI for configuring the database update feature:

Example: Automatically Updating Full Antivirus Patterns

The full antivirus Pattern Updates is not supported from Junos OS Release 15.1X49-D10 and Junos OS Release 17.3R1 onwards. For previous releases, this example shows how to update the pattern file automatically on a security device.

Requirements

Before you begin:

Overview

In this example, you configure the security device to update the pattern file automatically every 120 minutes. (The default antivirus pattern-update interval is 60 minutes.)

Configuration

Procedure

Step-by-Step Procedure

To configure the security device to update the pattern file automatically:

  1. Set the interval.

  2. If you are done configuring the device, commit the configuration.

Verification

Verify the Security UTM Configuration

Purpose

To verify the security UTM configuration is working properly.

Action

From the operational mode, enter the show security utm command.

Example: Automatically Updating Full Antivirus Patterns (J-Web Procedure)

The full antivirus Pattern Updates is not supported from Junos OS Release 15.1X49-D10 and Junos OS Release 17.3R1 onwards. For previous releases, in this example, you configure the security device to update the pattern file automatically every 120 minutes. (The default antivirus pattern-update interval is 60 minutes.)

To automatically update antivirus patterns:

  1. Select Configure>UTM>Anti-Virus.

  2. Next to Interval, in the Kaspersky Lab Engine section, enter 120 in the box.

  3. Click OK to check your configuration and save it as a candidate configuration, then click Commit Options>Commit.

Manually Updating, Reloading, and Deleting Full Antivirus Patterns (CLI Procedure)

The Kaspersky Antivirus feature is not supported from Junos OS Release 15.1X49-D10 and Junos OS Release 17.3R1 onwards. For previous releases, to manually update antivirus patterns, enter the following CLI command:

To manually reload antivirus patterns, enter the following CLI command:

To manually delete antivirus patterns, enter the following CLI command:

You can update the Kaspersky antivirus signature database offline without using a direct Internet connection. This is required in some security installations and for sites that access the Internet through a proxy server.

To update the Kaspersky antivirus signature database offline, you must configure a local webserver.

To configure a webserver, use the following CLI statement.

user@host# set security utm feature-profile anti-virus kaspersky-lab-engine pattern-update url <http_server>

user@host# commit

To update the Kaspersky antivirus signature database, perform the following tasks:

  1. Based on your hardware platform, enter the following URLs in your computer browser.

  2. Copy all the files to a directory on your local webserver. You might want to use a download manager for your browser to get all the files more quickly.

  3. Download the Kaspersky Lab engine from http://update.juniper-updates.net/KAV_engine/.

  4. Copy all the files to the same directory on your local server.

    Note:

    The Kaspersky Lab engine is automatically loadable. For updating the Kaspersky antivirus signature database offline, both pattern update files and Kaspersky Lab engine files must be placed in the same folder on the local webserver.

  5. Set the directory as a sharepoint that can be accessed through HTTP from the SRX Series device.

  6. Run the update command in the CLI.

    user@host>request security utm anti-virus kaspersky-lab-engine pattern-update

Release History Table
Release
Description
15.1X49-D10
The full antivirus Pattern Updates is not supported from Junos OS Release 15.1X49-D10 and Junos OS Release 17.3R1 onwards.
15.1X49-D10
The full antivirus Pattern Updates is not supported from Junos OS Release 15.1X49-D10 and Junos OS Release 17.3R1 onwards.
15.1X49-D10
The Kaspersky Antivirus feature is not supported from Junos OS Release 15.1X49-D10 and Junos OS Release 17.3R1 onwards.
15.1X49-D10
The full antivirus Pattern Updates is not supported from Junos OS Release 15.1X49-D10 and Junos OS Release 17.3R1 onwards.
15.1X49-D10
The full antivirus Pattern Updates is not supported from Junos OS Release 15.1X49-D10 and Junos OS Release 17.3R1 onwards.
15.1X49-D10
The Kaspersky Antivirus feature is not supported from Junos OS Release 15.1X49-D10 and Junos OS Release 17.3R1 onwards.