Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?


Create an Antivirus Profile

Use the Create Antivirus Profiles page to configure antivirus profiles. The antivirus profile defines the content to scan for any malware and the action to be taken when malware is detected. After you create a profile, you can assign it to content security profiles.

To create an antivirus profile:

  1. Select SRX > Security Subscriptions > Content Security > Antivirus Profiles.

    The Antivirus Profiles page appears.

  2. Click the add icon (+) to create a new antivirus profile.

    The Create Antivirus Profiles wizard appears, displaying brief instructions about creating an antivirus profile.

  3. Click Next to navigate to the next page.
  4. Complete the configuration according to the guidelines provided in Table 1.

    Fields marked with * are mandatory.

  5. Click Finish.

    A summary page is displayed. Review the settings, and if you need to make any modifications, click the Edit link or the Back button.

  6. Click OK to save the settings and create the profile.

    A message indicating the status of the create operation is displayed.

  7. Click Close.

    You are returned to the Antivirus Profiles page.

    Table 1: Antivirus Profile Settings



    General Information


    Enter a unique name for the antivirus profile. The maximum length is 29 characters.


    Enter a description for the antivirus profile. The maximum length is 255 characters.

    Engine Type

    Displays the engine type used for scanning. Currently, Sophos is the only antivirus engine supported.

    Sophos antivirus is an in-the-cloud antivirus solution. The virus and malware database is located on external servers maintained by Sophos (Sophos Extensible List) servers, thus there is no need to download and maintain large pattern databases on the Juniper Networks device.

    Fallback Options


    Fallback options are used when the antivirus system experiences errors and must fall back to one of the previously configured actions to either deny (block) or permit the object.

    Specify the fallback options to use when there is a failure, or select the default action if no specific options are to be configured:

    • Content Size—Select an option to specify whether the content should be blocked (default) or logged and permitted if the content size exceeds the previously defined limit.

    • Content Size Limit—Enter the content size limit in kilobytes (KB) based on which action is taken. The range is 20 through 40,000 KB. The content size limit check occurs before the scan request is sent. The content size refers to accumulated TCP payload size.

    • Engine Error—Select the action to take (Block [default] or Log and Permit) when an engine error occurs.

      The term engine error refers all engine errors, including engine not ready, timeout, too many requests, password protected, corrupt file, decompress layer, and out of resources.

    • Default Action—Select the default action (Block [default] or Log and Permit) to take when an error occurs.

    Notification Options


    Use the notification options to configure a method of notifying the user when a fallback occurs or a virus is detected:

    • Fallback Deny—Select this option to notify mail senders that their messages were blocked.

    • Fallback Non-Deny—Select this option to warn mail recipients that they received unblocked messages despite problems.

    • Virus Detected—Select this option to notify mail recipients that their messages were blocked.