Example: Configuring Express Antivirus Feature Profiles (CLI)
After you have created your custom object, configure an antivirus feature profile:
- Select and configure the engine type. Because
you are configuring express antivirus, you select the juniper-express-engine:
The following example sets the engine type to juniper-express-engine: user@host# set security utm feature-profile anti-virus juniper-express-engine
- Select a time interval for updating the
pattern database. The default antivirus pattern-update interval is
once a day. You can choose to leave this default as is or you can
change it. You can also force a manual update, if necessary. The following
example sets the update interval to 12: user@host# set security utm feature-profile anti-virus juniper-express-engine pattern-update interval 12
The command for changing the URL for the pattern database is:
user@host# set security utm feature-profile anti-virus juniper-express-engine pattern-update url http://...Note: Under most circumstances, you should not need to change the default URL.
- Configure the device to notify a specified administrator
when patterns are updated. The following example enables an e-mail
notification with a custom message and a custom subject line:user@host# set security utm feature-profile anti-virus juniper-express-engine pattern-update email-notify admin-email administrator@juniper.net custom-message “pattern file was updated” custom-message-subject “AV pattern file updated”
- Configure a profile for the Juniper-Express-Engine.
The following example creates the junexprof1 profile: user@host# set security utm feature-profile anti-virus juniper-express-engine profile junexprof1
- Configure a list of fallback options
as block or log-and-permit. In most cases, the default is to block.
You can use the default settings or you can change them. The following
example configures fallback options as block for the junexprof1
profile: user@host# set security utm feature-profile anti-virus juniper-express-engine junexprof1 fallback-options content-size blockuser@host# set security utm feature-profile anti-virus juniper-express-engine junexprof1 fallback-options default block user@host# set security utm feature-profile anti-virus juniper-express-engine junexprof1 fallback-options engine-not-ready blockuser@host# set security utm feature-profile anti-virus juniper-express-engine junexprof1 fallback-options out-of-resources blockuser@host# set security utm feature-profile anti-virus juniper-express-engine junexprof1 fallback-options timeout blockuser@host# set security utm feature-profile anti-virus juniper-express-engine junexprof1 fallback-options too-many-requests block
- Configure the notification options. You
can configure notifications for both fallback blocking and fallback
nonblocking actions and for virus detection. You configure a custom
message for the fallback blocking action and send a notification.
The following example configures the device to send the ***virus-found***
notification for blocked traffic: user@host# set security utm feature-profile anti-virus juniper-express-engine junexprof1 notification-options fallback-block custom-message ***virus-found*** notify-mail-sender
- Configure a notification for protocol-only
virus detection and send a notification. The following example configures
the protocol-only virus detection for the junexprof1 profile: user@host# set security utm feature-profile anti-virus juniper-express-engine junexprof1 notification-options virus-detection type protocol-only notify-mail-sender
- Configure a custom subject line for the
custom message notification for both the sender and the recipient.
The following example configures the device to add “Antivirus
Alert” to the message subject line: user@host# set security utm feature-profile anti-virus juniper-express-engine jjunexprof1 notification-options fallback-block custom-message-subject “Antivirus Alert” notify-mail-sender
- Configure content size parameters. The
following example configures the device to perform a TCP payload content
size check before the scan request is sent: user@host# set security utm feature-profile anti-virus juniper-express-engine junexprof1scan-options content-size-limit 20000
- Configure intelligent prescreening. It
is either on or off. The following example enables intelligent prescreening
for the junexprof1 profile: user@host# set security utm feature-profile anti-virus juniper-express-engine junexprof1 scan-options intelligent-prescreening
Note: Intelligent prescreening is only intended for use with non-encoded traffic. It is not applicable for mail protocols (SMTP, POP3, IMAP) and HTTP POST.
The following example disables intelligent prescreening for the junexprof1 profile:
user@host# set security utm feature-profile anti-virus juniper-express-engine junexprof1 can-options no-intelligent-prescreening - Configure the time-out settings. The
following example sets the scan-mode timeout to 1800 seconds: user@host# set security utm feature-profile anti-virus juniper-express-engine junexprof1 scan-options timeout 1800
- Configure trickling settings. The following
example indicates that if the device receives a packet within a 600
second period during a file transfer or while performing an antivirus
scan, it should not timeout: user@host# set security utm feature-profile anti-virus juniper-express-engine junexprof1 scan-options timeout 600
Note: Trickling applies only to HTTP.
- Configure the antivirus scanner to use MIME bypass
lists and exception lists. You can use your own custom object lists,
or you can use the default list that ships with the device called
junos-default-bypass-mime. The following examples enable the avmime2
and ex-avmime2 lists: user@host# set security utm feature-profile anti-virus mime-whitelist list avmime2user@host# set security utm feature-profile anti-virus mime-whitelist list avmime1 exception ex-avmime2
- Configure the antivirus module to use
URL bypass lists. If you are using a URL whitelist, this is a custom
URL category you have previously configured as custom object. The
following example enables the custurl1 bypass list:user@host# set security utm feature-profile anti-virus url-whitelist custurl2
Related Topics
JUNOS Software Feature Support Reference for SRX Series and J Series Devices