Example: Configuring Express Antivirus Feature Profiles (CLI)

After you have created your custom object, configure an antivirus feature profile:

1. Select and configure the engine type. Because you are configuring express antivirus, you select the juniper-express-engine: The following example sets the engine type to juniper-express-engine:
   user@host# set security utm feature-profile anti-virus juniper-express-engine
2. Select a time interval for updating the pattern database. The default antivirus pattern-update interval is once a day. You can choose to leave this default as is or you can change it. You can also force a manual update, if necessary. The following example sets the update interval to 12:
   user@host# set security utm feature-profile anti-virus juniper-express-engine pattern-update interval 12

   The command for changing the URL for the pattern database is: user@host# set security utm feature-profile anti-virus juniper-express-engine pattern-update url http://... Note: Under most circumstances, you should not need to change the default URL.

3. Configure the device to notify a specified administrator when patterns are updated. The following example enables an e-mail notification with a custom message and a custom subject line:
   user@host# set security utm feature-profile anti-virus juniper-express-engine pattern-update email-notify admin-email administrator@juniper.net custom-message “pattern file was updated” custom-message-subject “AV pattern file updated”
4. Configure a profile for the Juniper-Express-Engine. The following example creates the junexprof1 profile:
   user@host# set security utm feature-profile anti-virus juniper-express-engine profile junexprof1
5. Configure a list of fallback options as block or log-and-permit. In most cases, the default is to block. You can use the default settings or you can change them. The following example configures fallback options as block for the junexprof1 profile:
   user@host# set security utm feature-profile anti-virus juniper-express-engine junexprof1 fallback-options content-size blockuser@host# set security utm feature-profile anti-virus juniper-express-engine junexprof1 fallback-options default block user@host# set security utm feature-profile anti-virus juniper-express-engine junexprof1 fallback-options engine-not-ready blockuser@host# set security utm feature-profile anti-virus juniper-express-engine junexprof1 fallback-options out-of-resources blockuser@host# set security utm feature-profile anti-virus juniper-express-engine junexprof1 fallback-options timeout blockuser@host# set security utm feature-profile anti-virus juniper-express-engine junexprof1 fallback-options too-many-requests block
6. Configure the notification options. You can configure notifications for both fallback blocking and fallback nonblocking actions and for virus detection. You configure a custom message for the fallback blocking action and send a notification. The following example configures the device to send the ***virus-found*** notification for blocked traffic:
   user@host# set security utm feature-profile anti-virus juniper-express-engine junexprof1 notification-options fallback-block custom-message ***virus-found*** notify-mail-sender
7. Configure a notification for protocol-only virus detection and send a notification. The following example configures the protocol-only virus detection for the junexprof1 profile:
   user@host# set security utm feature-profile anti-virus juniper-express-engine junexprof1 notification-options virus-detection type protocol-only notify-mail-sender
8. Configure a custom subject line for the custom message notification for both the sender and the recipient. The following example configures the device to add “Antivirus Alert” to the message subject line:
   user@host# set security utm feature-profile anti-virus juniper-express-engine jjunexprof1 notification-options fallback-block custom-message-subject “Antivirus Alert” notify-mail-sender
9. Configure content size parameters. The following example configures the device to perform a TCP payload content size check before the scan request is sent:
   user@host# set security utm feature-profile anti-virus juniper-express-engine junexprof1scan-options content-size-limit 20000
10. Configure intelligent prescreening. It is either on or off. The following example enables intelligent prescreening for the junexprof1 profile:
    user@host# set security utm feature-profile anti-virus juniper-express-engine junexprof1 scan-options intelligent-prescreening

    Note: Intelligent prescreening is only intended for use with non-encoded traffic. It is not applicable for mail protocols (SMTP, POP3, IMAP) and HTTP POST.

    The following example disables intelligent prescreening for the junexprof1 profile:

    user@host# set security utm feature-profile anti-virus juniper-express-engine junexprof1 can-options no-intelligent-prescreening
11. Configure the time-out settings. The following example sets the scan-mode timeout to 1800 seconds:
    user@host# set security utm feature-profile anti-virus juniper-express-engine junexprof1 scan-options timeout 1800
12. Configure trickling settings. The following example indicates that if the device receives a packet within a 600 second period during a file transfer or while performing an antivirus scan, it should not timeout:
    user@host# set security utm feature-profile anti-virus juniper-express-engine junexprof1 scan-options timeout 600

    Note: Trickling applies only to HTTP.

13. Configure the antivirus scanner to use MIME bypass lists and exception lists. You can use your own custom object lists, or you can use the default list that ships with the device called junos-default-bypass-mime. The following examples enable the avmime2 and ex-avmime2 lists:
    user@host# set security utm feature-profile anti-virus mime-whitelist list avmime2user@host# set security utm feature-profile anti-virus mime-whitelist list avmime1 exception ex-avmime2
14. Configure the antivirus module to use URL bypass lists. If you are using a URL whitelist, this is a custom URL category you have previously configured as custom object. The following example enables the custurl1 bypass list:
    user@host# set security utm feature-profile anti-virus url-whitelist custurl2

Related Topics

JUNOS Software Feature Support Reference for SRX Series and J Series Devices