Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

Create a Flow-Based Antivirus Profile

Create a flow-based antivirus profile to scan packets in real time without buffering the packets.

  1. Select SRX > Security Subscriptions > Flow-Based Antivirus.

    The Flow-Based Antivirus Profiles page is displayed.

  2. Click +.

    The Create Flow-Based Antivirus Profile page is displayed.

  3. Complete the configuration according to the guidelines provided in Table 1.
    Table 1: Fields on the Flow-Based Antivirus Profiles Page

    Field

    Description

    Name

    Enter a name containing maximum 63 alphanumeric characters without spaces.

    The name can contain special characters, such as hyphens (-) and underscores (_).

    Description

    Enter a description for the flow-based antivirus profile containing maximum 255 characters.

    Verdict threshold

    Enter a threshold value between 1 and 10. Setting a higher value indicates that the file has a higher risk of containing a virus.

    The threshold value determines when a file is considered malware. If the cloud service returns a file verdict equal to or higher than the configured threshold, then that file is considered a virus.

    Action

    Select the action to take when an infected file is detected.

    Log files

    Enable logging for all files that meet the following verdict threshold criteria.

    • Threat level lesser than verdict threshold

    • Threat level equals verdict threshold

    Notification Options

    Notification

    Select one of the following methods to notify users about the virus:

    • File—Select a file to upload.

    • Message—Enter a message to display as a customized notification.

    • Redirect—Enter an HTTP URL redirection for a customized notification.

    File name

    Enter the filename and path where the customized file is located on the device. The files must be in the .php, .html, or .py format.

    Message

    Enter a message containing maximum 1023 characters for a customized notification when a virus is detected.

    Redirect URL

    Enter an HTTP URL redirection for a customized notification when a virus is detected.

    Fallback Options

    Fallback action

    Select the action for the file regardless of its threat level.

    Log

    Enable this option to log the event.

    Invalid content size

    Select the action for the file if the content size exceeds 32 MB.

    Log

    Enable this option to log the event.

    Out of resources

    Select the action for the file if the service is out of resources.

    Log

    Enable this option to log the event.

    Service not ready

    Select the action for the file if the service is not ready.

    Log

    Enable this option to log the event.

  4. Click OK to save the changes.