Example: Configuring Full Antivirus Feature Profiles (CLI)

After you have created your custom object, configure an antivirus feature profile:

1. Select and configure the engine type. Because you are configuring “full antivirus,” you select the Kaspersky-Lab-Engine and then designate the pattern update interval. The default full file-based antivirus pattern-update interval is 60 minutes. You can choose to leave this default as is or you can change it. You can also force a manual update, if necessary. The following example sets the engine type to Kaspersky-Lab-Engine and sets the update interval to 20:
   user@host# set security utm feature-profile anti-virus kaspersky-lab-engine pattern-update interval 20

   Note: The command for changing the URL for the pattern database is: user@host# set security utm feature-profile anti-virus kaspersky-lab-engine pattern-update url http://.. The default URL is http://update.juniper-update.net/AV/<device version>. You should not change this URL unless you are experiencing problems with it and have called for support.

2. Configure the device to notify a specified administrator when patterns are updated. The following example enables an e-mail notification with a custom message and a custom subject line:
   user@host# set security utm feature-profile anti-virus kaspersky-lab-engine pattern-update email-notify admin-email administrator@juniper.net custom-message “pattern file was updated” custom-message-subject “AV pattern file updated”
3. Configure a profile for the Kaspersky Lab engine. The following example creates the kasprof1 profile:
   user@host# set security utm feature-profile anti-virus kaspersky-lab-engine profile kasprof1
4. Configure a list of fallback options as block or log-and-permit. In most cases, the default is to block. You can use the default settings or you can change them. The following example configures fallback options as block for the kasprof1 profile:
   user@host# set security utm feature-profile anti-virus kaspersky-lab-engine kasprof1 fallback-options content-size blockuser@host# set security utm feature-profile anti-virus kaspersky-lab-engine kasprof1 fallback-options corrupt-file blockuser@host# set security utm feature-profile anti-virus kaspersky-lab-engine kasprof1 fallback-options decompress-layer block user@host# set security utm feature-profile anti-virus kaspersky-lab-engine kasprof1 fallback-options default blockuser@host# set security utm feature-profile anti-virus kaspersky-lab-engine kasprof1 fallback-options engine-not-ready blockuser@host# set security utm feature-profile anti-virus kaspersky-lab-engine kasprof1 fallback-options out-of-resources blockuser@host# set security utm feature-profile anti-virus kaspersky-lab-engine kasprof1 fallback-options password-file blockuser@host# set security utm feature-profile anti-virus kaspersky-lab-engine kasprof1 fallback-options timeout blockuser@host# set security utm feature-profile anti-virus kaspersky-lab-engine kasprof1 fallback-options too-many-requests block
5. Configure the notification options. You can configure notifications for both fallback blocking and fallback nonblocking actions and for virus detection. You configure a custom message for the fallback blocking action and send a notification. The following example configures the device to send the ***virus-found*** notification for blocked traffic:
   user@host# set security utm feature-profile anti-virus kaspersky-lab-engine kasprof1 notification-options fallback-block custom-message ***virus-found*** notify-mail-sender
6. Configure a custom subject line for the custom message notification for both the sender and the recipient. The following example configures the device to add “Antivirus Alert” to the message subject line:
   user@host# set security utm feature-profile anti-virus kaspersky-lab-engine kasprof1 notification-options fallback-block custom-message-subject “Antivirus Alert” notify-mail-sender
7. Configure a notification for protocol-only virus detection and send a notification. The following example configures the protocol-only virus detection for the kasprof1 profile:
   user@host# set security utm feature-profile anti-virus kaspersky-lab-engine kasprof1 notification-options virus-detection type protocol-only notify-mail-sender
8. Configure scan options. The following example configures the device to perform a TCP payload content size check before the scan request is sent:
   user@host# set security utm feature-profile anti-virus kaspersky-lab-engine kasprof1scan-options content-size-limit 20000
9. Configure the decompression layer limit. The following example configures the device to decompress 3 layers of nested compressed files before it executes the virus scan:
   user@host# set security utm feature-profile anti-virus kaspersky-lab-enginekasprof1 scan-options decompress-layer-limit 3
10. Configure intelligent prescreening. It is either on or off. The following example enables intelligent prescreening for the kasprof1 profile:
    user@host# set security utm feature-profile anti-virus kaspersky-lab-engine kasprof1 scan-options intelligent-prescreening

    Note: Intelligent prescreening is only intended for use with non-encoded traffic. It is not applicable for mail protocols (SMTP, POP3, IMAP) and HTTP POST.

    The following example disables intelligent prescreening for the kasprof1 profile:

    user@host# set security utm feature-profile anti-virus kaspersky-lab-engine kasprof1 scan-options no-intelligent-prescreening
11. Configure scan extension settings. You can select the default list (junos-default-extension) or you can select an extension list you created as a custom object. The following example enables the extlist1 for the kasprof1 profile:
    user@host# set security utm feature-profile anti-virus kaspersky-lab-engine kasprof1 scan-options scan-extension extlist1
12. Configure the scan mode setting. You can choose to scan all files or only files with the extensions that you specify. The following example uses the scan by-extension option to configure the device to use a custom extension list:
    user@host# set security utm feature-profile anti-virus kaspersky-lab-engine kasprof1 scan-options scan-mode by-extension
13. Configure the timeout settings. The following example sets the scan-mode timeout to 1800 seconds:
    user@host# set security utm feature-profile anti-virus kaspersky-lab-engine kasprof1 scan-options scan-mode timeout 1800
14. Configure trickling settings. The following example indicates that if the device receives a packet within a 600 second period during a file transfer or while performing an antivirus scan, it should not timeout:
    user@host# set security utm feature-profile anti-virus kaspersky-lab-engine kasprof1 trickling timeout 600

    Note: Trickling applies only to HTTP.

15. Configure the antivirus scanner to use MIME bypass lists and exception lists. You can use your own custom object lists, or you can use the default list that ships with the device called junos-default-bypass-mime. The following examples enable the avmime1 and ex-avmime1 lists:
    user@host# set security utm feature-profile anti-virus mime-whitelist list avmime1user@host# set security utm feature-profile anti-virus mime-whitelist list avmime1 exception ex-avmime1
16. Configure the antivirus module to use URL bypass lists. If you are using a URL whitelist, this is a custom URL category you have previously configured as custom object. The following example enables the custurl1 bypass list:
    user@host# set security utm feature-profile anti-virus url-whitelist custurl1

    Note: URL whitelists are valid only for HTTP traffic.

Related Topics

JUNOS Software Feature Support Reference for SRX Series and J Series Devices