Full Antivirus Pattern Updates
The full file-based antivirus protection signature database is called the Juniper Full antivirus database, it detects all destructive malicious code, including viruses (polymorphic and other advanced virus types), worms, Trojans, and malware. For more information, see the following topics:
Understanding Full Antivirus Pattern Updates
The full antivirus Pattern Updates is not supported from Junos OS Release 15.1X49-D10 and Junos OS Release 17.3R1 onwards. For previous releases, the full file-based antivirus protection signature database is called the Juniper Full antivirus database (downloaded by the pattern-update command). This database is different from the database used by express antivirus. It detects all destructive malicious code, including viruses (polymorphic and other advanced virus types), worms, Trojans, and malware.
Updates to the pattern file are added as new viruses are discovered. When Kaspersky Lab updates the signatures in its pattern database, the security device downloads these updates so that the antivirus scanner is using the latest, most up-to-date signatures when scanning traffic. The security device can perform these updates automatically (the default), or you can perform pattern update downloads manually.
The database pattern server is accessible through HTTP or HTTPS. By default, the antivirus module checks for database updates automatically every 60 minutes. You can change this interval and you can trigger updates manually, as well. The number of files that are downloaded during an update and the duration of the download process can vary.
A local copy of the pattern database is saved in persistent data storage (that is, the flash disk). If the device is rebooted, the local copy remains available for the antivirus scan engine to use during the antivirus scan engine initialization time, without the need for network access to the pattern database server.
If the auto-update fails, the updater automatically retries to update three more times. If the database download continues to fail, the updater stops trying and waits for the next periodic update before trying again.
Once your subscription expires, you have a 30 day grace period during which you can continue to update the antivirus pattern file. Once that grace period expires, the update server no longer permits antivirus pattern file updates.
See Also
Example: Configuring the Full Antivirus Pattern Update Server
The full antivirus Pattern Updates is not supported from Junos OS Release 15.1X49-D10 and Junos OS Release 17.3R1 onwards. For previous releases, this example shows how to configure the pattern-update server on the security device.
Requirements
Before you begin:
Obtain a valid antivirus scanner license. See Full Antivirus Protection Overview.
Get network connectivity and access to the pattern database server. See Understanding Full Antivirus Pattern Updates.
Configure your DNS settings and port settings (port 80) correctly. See DNS Overview.
Overview
To configure the pattern-update server on the security device, enter the URL address of the pattern-update server.
By default, the Juniper-Kaspersky URL for full antivirus protection is http://update.juniper-updates.net/AV/device-name, where device-name is the name of your device.
Configuration
Procedure
Step-by-Step Procedure
To configure the pattern-update server on a security device:
Specify the URL of the pattern-update server.
[edit] user@host# set security utm feature-profile anti-virus kaspersky-lab-engine pattern-update url http://update.juniper-updates.net/AV/device-name
Note:Other than the platform name, you should not change this URL unless you are experiencing problems with it and have called for support.
If you are done configuring the device, commit the configuration.
[edit] user@host# commit
Full Antivirus Pattern Update Configuration Overview
The Kaspersky Antivirus feature is not supported from Junos OS Release 15.1X49-D10 and Junos OS Release 17.3R1 onwards. For previous releases, Before you begin, there are several prerequisites that must be met in order to perform a successful pattern database update:
You must have a valid antivirus scanner license.
You must have network connectivity and access to the pattern database server.
Your DNS settings and port settings (port 80) must be correct.
To update the patterns for the antivirus signature database:
- On the security device, specify the URL address of the pattern-update server.
- (Optional) Specify how often the device should automatically check for pattern-server updates.
After the security device downloads the server-initialization file, the device checks that the pattern file is valid. The device then parses the file to obtain information about it, including the file version, size, and location of the pattern file server.
If the pattern file on the security device is out-of-date (or nonexistent because this is the first time you are loading it), and, if the antivirus pattern-update service subscription is still valid, the device automatically retrieves an updated pattern file from the pattern file server.
The following is an example of the CLI for configuring the database update feature:
utm {
feature-profile {
anti-virus {
type
kaspersky-lab-engine {
pattern-update
url url
interval minutes
}
}
}
}
Example: Automatically Updating Full Antivirus Patterns
The full antivirus Pattern Updates is not supported from Junos OS Release 15.1X49-D10 and Junos OS Release 17.3R1 onwards. For previous releases, this example shows how to update the pattern file automatically on a security device.
Requirements
Before you begin:
Obtain a valid antivirus scanner license. See Full Antivirus Protection Overview.
Get network connectivity and access to the pattern database server. See Understanding Full Antivirus Pattern Updates.
Configure your DNS settings and port settings (port 80) correctly. See DNS Overview.
Overview
In this example, you configure the security device to update the pattern file automatically every 120 minutes. (The default antivirus pattern-update interval is 60 minutes.)
Configuration
Procedure
Step-by-Step Procedure
To configure the security device to update the pattern file automatically:
Set the interval.
[edit] user@host# set security utm feature-profile anti-virus kaspersky-lab-engine pattern-update interval 120
If you are done configuring the device, commit the configuration.
[edit] user@host# commit
Example: Automatically Updating Full Antivirus Patterns (J-Web Procedure)
The full antivirus Pattern Updates is not supported from Junos OS Release 15.1X49-D10 and Junos OS Release 17.3R1 onwards. For previous releases, in this example, you configure the security device to update the pattern file automatically every 120 minutes. (The default antivirus pattern-update interval is 60 minutes.)
To automatically update antivirus patterns:
Select Configure>UTM>Anti-Virus.
Next to Interval, in the Kaspersky Lab Engine section, enter 120 in the box.
Click OK to check your configuration and save it as a candidate configuration, then click Commit Options>Commit.
Manually Updating, Reloading, and Deleting Full Antivirus Patterns (CLI Procedure)
The Kaspersky Antivirus feature is not supported from Junos OS Release 15.1X49-D10 and Junos OS Release 17.3R1 onwards. For previous releases, to manually update antivirus patterns, enter the following CLI command:
user@host> request security utm anti-virus kaspersky-lab-engine pattern-update
To manually reload antivirus patterns, enter the following CLI command:
user@host> request security utm anti-virus kaspersky-lab-engine pattern-reload
To manually delete antivirus patterns, enter the following CLI command:
user@host> request security utm anti-virus kaspersky-lab-engine pattern-delete
You can update the Kaspersky antivirus signature database offline without using a direct Internet connection. This is required in some security installations and for sites that access the Internet through a proxy server.
To update the Kaspersky antivirus signature database offline, you must configure a local webserver.
To configure a webserver, use the following CLI statement.
user@host# set security utm feature-profile
anti-virus kaspersky-lab-engine pattern-update url <http_server>
user@host# commit
To update the Kaspersky antivirus signature database, perform the following tasks:
Based on your hardware platform, enter the following URLs in your computer browser.
Copy all the files to a directory on your local webserver. You might want to use a download manager for your browser to get all the files more quickly.
Download the Kaspersky Lab engine from http://update.juniper-updates.net/KAV_engine/.
For JSR, the URL is http://update.juniper-updates.net/KAV_engine/i386/.
For SRX210, SRX220, SRX240, SRX550, and SRX650 devices, the URL is http://update.juniper-updates.net/KAV_engine/octeon32/.
Copy all the files to the same directory on your local server.
Note:The Kaspersky Lab engine is automatically loadable. For updating the Kaspersky antivirus signature database offline, both pattern update files and Kaspersky Lab engine files must be placed in the same folder on the local webserver.
Set the directory as a sharepoint that can be accessed through HTTP from the SRX Series device.
Run the update command in the CLI.
user@host>request security utm anti-virus kaspersky-lab-engine pattern-update