There is a predefined profile for AV settings, but how do I determine what those settings are? This question is answered in the article.
To determine the settings for the predefined profiles for AV, apply the following operational command:
root@test> show configuration groups junos-defaults security utm feature-profile anti-virus
It shows the default settings for AV, for example:
root@test> ...os-defaults security utm feature-profile anti-virus
type kaspersky-lab-engine;
#
# should not set no-autoupdate at any time
#
kaspersky-lab-engine {
pattern-update {
url http://update.juniper-updates.net/AV/SRX240/;
interval 60;
}
profile junos-av-defaults {
fallback-options {
default log-and-permit;
corrupt-file log-and-permit;
password-file log-and-permit;
decompress-layer log-and-permit;
content-size log-and-permit;
engine-not-ready log-and-permit;
timeout log-and-permit;
out-of-resources log-and-permit;
too-many-requests log-and-permit;
}
scan-options {
intelligent-prescreening;
scan-mode all;
content-size-limit 10000;
timeout 180;
decompress-layer-limit 2;
}
notification-options {
virus-detection {
type message;
notify-mail-sender;
custom-message "VIRUS WARNING";
}
fallback-block {
type message;
notify-mail-sender;
}
}
}
}
juniper-express-engine {
pattern-update {
url http://update.juniper-updates.net/EAV/SRX240/;
interval 1440;
}
profile junos-eav-defaults {
fallback-options {
default log-and-permit;
content-size log-and-permit;
engine-not-ready log-and-permit;
timeout log-and-permit;
out-of-resources log-and-permit;
too-many-requests log-and-permit;
}
scan-options {
intelligent-prescreening;
content-size-limit 10000;
timeout 180;
}
notification-options {
virus-detection {
type message;
notify-mail-sender;
custom-message "VIRUS WARNING";
}
fallback-block {
type message;
notify-mail-sender;
}
}
}
}
2020-10-23: Article reviewed for accuracy; no changes made; article valid and relevant