anti-virus (Services)

Syntax

Hierarchy Level

Description

Use this command to configure flow-based antivirus policy and machine learning scan. After configuring the antivirus policy, you must apply it to the network firewall policy using the set security policies from-zone from-zone to-zone to-zone policy policy-name then permit application-services anti-virus-policy av-policy command.

Options

policy	Configure the antivirus policy details. policy-name—Name of the antivirus policy. action—Action taken when file meets verdict threshold. default-notification—Notification log when file does not meet the verdict threshold.
fallback-options	Defines what to do when error conditions occur or when there is a lack of resources. The following fallback options are available:	action—Permit or block the file regardless of its threat level. invalid-content-size—Permit or block the file when content size exceed supported range out-of-resources—Permit or block the file when service is out of resources service-not-ready—Permit or block the file when service is not yet ready notification—Add or do not add this event to the log file.
http-client-notify	(message \| file \| redirect-url) Notification action taken for contents with verdict meet threshold. This command allows you to configure HTTP URL redirection for a customized client notification based on detected virus with the block action.
machine-learning-scan	Configure the machine learning scan options.	action—Permit or block the file regardless of its threat level. apply-groups—Groups that these machine learning scan settings apply. apply-groups-except—Groups that these machine learning scan settings do not apply. default-notification—Notification log when file does not meet the verdict threshold. notification—Add or do not add this event to the log file.
verdict-threshold	The verdict-threshold defines the number at which you want to label a file as virus. For example, if you set verdict-threshold to 7, then any file with verdict number of 7 or greater is considered virus. verdict-threshold can be any number between 1 and 10, inclusive.
traceoptions	Configure anti-virus trace options. When the trace is set in the configuration, the “flags” are defined for the actual debug that you want to perform. This command allows you to trace the antivirus configuration and is typically used for troubleshooting. apply-groups name—Groups that these trace option settings apply. apply-groups-except name—Groups that these trace option settings do not apply. file— Defines the trace file characteristics. Valid options are: trace-file-name—Name of the file to receive the output of the tracing operation. Enclose the name within quotation marks. All files are placed in the directory /var/log. Valid values range from 1 and 1024 characters. The name cannot include spaces, /, or % characters. The default filename is security. files—Maximum number of trace files that can accumulate. Valid values range from 2 to 1000. The default value is 3. match—The criteria that you want the system to use when logging information to the file. You can enter a regular expression. Wildcard (*) characters are accepted. no-world-readable—Only the system administrator can read the trace file. size—Maximum size to which the trace file can grow. Once the file reaches the specified size, it is compressed and renamed filename0.gz, the next file is named filename1.gz, and so on. Valid values range from 10240 to 1,073,741,824. world-readable—Any user can read the trace file. flag—Tracing operation to perform. To specify more than one tracing operation, include multiple flag statements. You can include the following flags: all—Trace everything. content—Trace the content the SRX is buffering to the client and to the cloud. daemon—Trace the Juniper Advanced Threat Prevention Cloud (ATP Cloud) daemon. http—Trace HTTP protocol operations identification—Trace the file type identification. Examples of file types are .exes, .java, .tar and so forth. imap—Trace IMAP protocol operations parser—Trace the interface between the Juniper ATP Cloud daemon and the module that parses the HTTP protocol and extracts the file content. plugin—Trace the Juniper ATP Cloud plugin to view session checks, packet processing and actions taken against a file or URL. policy—Trace the Juniper ATP Cloud security policy. smb—Trace SMB protocol operations smtp—Trace SMTP protocol operations level—Specify level of tracing to perform. The option you configure enables tracing of events at that level and all higher (more restrictive) levels. You can specify any of the following levels: all—Match messages of all levels. error—Match error conditions. info—Match informational messages. notice—Match notice messages about conditions requiring special handling. verbose—Match verbose messages. This is the lowest (least restrictive) severity level; when you configure verbose, messages at all higher levels are traced. Therefore, the result is the same as when you configure all. warning—Match warning messages. no-remote-trace—Disable remote tracing.
update	Configure antivirus package download and install options. automatic— Scheduled download and install. interval—Schedule automatic download interval in minutes . Range is 5 to 60 minutes. off—Disable automatic antivirus download and install. ignore-server-validation—Do not check server certificate. proxy profile—Configure proxy profile. url—HTTP/HTTPS URL of antivirus package download.

Required Privilege Level

system—To view this statement in the configuration.

system-control—To add this statement to the configuration.

Release Information

Statement introduced in Junos OS Release 23.4R1.

The machine-learning-scan option is introduced in Junos OS Release 24.2R1.