anti-virus (Content Security)
Syntax
anti-virus {
mime-whitelist {
exception;
list;
}
sophos-engine {
fallback-options {
content-size (block | log-and-permit | permit);
default (block | log-and-permit | permit);
engine-not-ready (block | log-and-permit | permit);
out-of-resources (block | log-and-permit | permit);
timeout (block | log-and-permit | permit);
too-many-requests (block | log-and-permit | permit);
}
notification-options {
fallback-block {
custom-message;
custom-message-subject;
(notify-mail-sender | no-notify-mail-sender);
type (message | protocol-only);
}
fallback-non-block {
custom-message;
custom-message-subject;
(notify-mail-recipient | no-notify-mail-recipient);
}
virus-detection {
custom-message;
custom-message-subject;
(notify-mail-sender | no-notify-mail-sender);
type (message | protocol-only);
}
}
pattern-update {
email-notify {
admin-email;
custom-message;
custom-message-subject;
}
interval;
no-autoupdate;
proxy {
password;
port;
server;
username;
}
routing-instance;
url;
}
scan-options {
content-size-limit;
timeout seconds;
(uri-check | no-uri-check);
}
server {
ip;
routing-instance;
}
sxl-retry;
sxl-timeout seconds;
trickling timeout;
}
traceoptions {
flag name;
}
url-whitelist;
}
Hierarchy Level
[edit security utm feature-profile] [edit security utm default-configuration]
Description
Configure Content Security Sophos antivirus features. You can also configure the default Content Security configuration for antivirus feature profile. If you do not configure any option in the antivirus feature profile, the values configured in the default Content Security configuration are applied. Antivirus, one of several features including content filtering, antispam, and Web filtering, makes up Juniper’s Content Security suite, provides the ability to prevent threats at the gateway before they enter the network.
A license check for the antivirus configuration is performed at the time of a commit and will provide a warning if a valid license is not installed on the device. Once a valid license is installed on the device then a custom antivirus profile or the default profile will be able to process traffic. If a license is expired or is not installed, the antivirus service will not process traffic.
Options
anti-virus |
Configure antivirus feature. |
mime-whitelist |
This is the comprehensive list for those MIME types that can bypass antivirus scanning. |
sophos-engine |
The antivirus engine that is used on the device. You can only have one engine type running and you must restart the device if you change engines. |
fallback-options |
Fallback options tell the system how to handle the errors. |
notification-options |
There are multiple notification options you can configure to trigger when a virus is detected. |
fallback-non-block |
Notifications for fallback nonblocking actions. |
virus-detection |
Notification to send when a virus is detected. |
pattern-update |
You can configure the security device to regularly update the pattern file automatically, or you can update the file manually. |
scan-options |
Antivirus sophos-engine scan options. |
server |
Sophos Antivirus (SAV) and antispam first hop DNS server. |
sxl-retry |
Number of retry attempts to the remote Sophos Extensible List (SXL) server when a request timeout occurs.
|
sxl-timeout |
Timeout value for responses to a Sophos checksum or URI query.
|
trickling |
HTTP trickling is a mechanism used to prevent the HTTP client or server from timing-out during a file transfer or during antivirus scanning. |
traceoptions |
Define tracing operations for Content Security antivirus features. |
url-whitelist |
Antivirus URL allowlist. A URL allowlist is a unique custom list that you define in which all the URLs or IP addresses in that list for a specified category are always bypassed for scanning. |
The remaining statements are explained separately. See CLI Explorer.
Required Privilege Level
security—To view this statement in the configuration.
security-control—To add this statement to the configuration.
Release Information
The Express and Kaspersky antivirus feature is not supported from Junos OS Release 15.1X49-D10 onwards. For previous releases, statement introduced in Junos OS Release 9.5.
The [edit security utm default-configuration] hierarchy
level is introduced in Junos OS Release 18.2R1.