Security Utm
-
Upload
fducdbhcbdhbhcdcdhb -
Category
Documents
-
view
253 -
download
0
Transcript of Security Utm
-
8/10/2019 Security Utm
1/122
Junos OS
UTM Sophos Antivirus Protection for SecurityDevices
Release
12.1
Published: 2012-08-30
Copyright 2012, Juniper Networks, Inc.
-
8/10/2019 Security Utm
2/122
Juniper Networks, Inc.1194North Mathilda AvenueSunnyvale, California 94089USA408-745-2000www.juniper.net
Thisproduct includesthe Envoy SNMPEngine, developed by EpilogueTechnology,an IntegratedSystems Company.Copyright 1986-1997,Epilogue Technology Corporation.All rights reserved. This program and its documentation were developed at privateexpense, and no partof them is in thepublic domain.
This product includes memory allocation software developed by Mark Moraes,copyright 1988, 1989, 1993, University of Toronto.
This product includes FreeBSD software developed by the University of California, Berkeley, and its contributors. All of the documentationand software included in the 4.4BSD and 4.4BSD-Lite Releases is copyrighted by the Regents of the University of California. Copyright 1979, 1980, 1983, 1986, 1988, 1989, 1991, 1992, 1993, 1994. The Regents of the University of California. All rights reserved.
GateD software copyright 1995, the Regents of the University. All rights reserved. Gate Daemon was originated and developed throughrelease 3.0 by Cornell University and its collaborators. Gated is based on Kirtons EGP, UC Berkeleys routing daemon (routed), and DCNsHELLO routing protocol. Development of Gated has beensupported in part by the National Science Foundation. Portions of the GateDsoftware copyright 1988, Regentsof theUniversityof California.All rights reserved. Portionsof theGateD software copyright 1991, D.L. S. Associates.
This product includes software developed by Maker Communications, Inc., copyright 1996, 1997, Maker Communications, Inc.
Juniper Networks, Junos, Steel-Belted Radius, NetScreen, and ScreenOS are registered trademarks of Juniper Networks, Inc.in the UnitedStates and other countries. The Juniper Networks Logo, the Junos logo, and JunosE are trademarks of Juniper Networks, Inc.All othertrademarks, service marks, registered trademarks, or registered service marks are the property of theirrespective owners.
Juniper Networks assumes no responsibility for any inaccuracies in this document. Juniper Networks reserves the right to change, modify,transfer, or otherwise revise this publication without notice.
Products made or sold byJuniper Networks or components thereof might be covered by oneor more of thefollowingpatents that areowned by or licensed to Juniper Networks: U.S. Patent Nos. 5,473,599, 5,905,725, 5,909,440,6,192,051, 6,333,650, 6,359,479, 6,406,312,6,429,706, 6,459,579, 6,493,347, 6,538,518,6,538,899, 6,552,918, 6,567,902, 6,578,186, and 6,590,785.
Junos OS UTM Sophos Antivirus Protection for SecurityDevices12.1Copyright 2012, Juniper Networks, Inc.All rights reserved.
The informationin this document is currentas of thedateon thetitlepage.
YEAR 2000 NOTICE
Juniper Networks hardware and software products are Year 2000 compliant. Junos OS has no known time-related limitations through theyear 2038. However,the NTPapplicationis known to have some difficulty in theyear2036.
END USER LICENSE AGREEMENT
The Juniper Networks product that is thesubject of this technical documentationconsists of (or is intended for usewith)Juniper Networkssoftware. Useof such software is subject to theterms and conditions of theEnd User License Agreement (EULA) posted athttp://www.juniper.net/support/eula.html . By downloading, installing or using such software, you agree to theterms and conditionsof that EULA.
Copyright 2012, Juniper Networks, Inc.ii
http://www.juniper.net/support/eula.htmlhttp://www.juniper.net/support/eula.html -
8/10/2019 Security Utm
3/122
Table of Contents
About the Documentation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ixDocumentation and Release Notes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ixSupported Platforms . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ixUsing the Examples in This Manual . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xMerging a Full Example . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xMerging a Snippet . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xiDocumentation Conventions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xiDocumentation Feedback . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xiiiRequesting Technical Support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xiiiSelf-Help Online Tools and Resources . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xiiiOpening a Case with JTAC . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xiv
Part 1 Overview
Chapter 1 Supported Features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3
Unified Threat Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3
Chapter 2 Sophos Antivirus Protection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5
Sophos Antivirus Protection Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5Sophos Antivirus Features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5Understanding Sophos Antivirus Data File Update . . . . . . . . . . . . . . . . . . . . . . . . . 6Comparison of Sophos Antivirus to Kaspersky Antivirus . . . . . . . . . . . . . . . . . . . . . 7
Part 2 Configuration
Chapter 3 Sophos Antivirus Protection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11
Sophos Antivirus Configuration Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11Example: Configuring Sophos Antivirus Custom Objects . . . . . . . . . . . . . . . . . . . . 11Example: Configuring Sophos Antivirus Feature Profile . . . . . . . . . . . . . . . . . . . . . 15Example: Configuring Sophos Antivirus UTM Policies . . . . . . . . . . . . . . . . . . . . . . . 21Example: Configuring Sophos Antivirus Firewall Security Policies . . . . . . . . . . . . . 22
Chapter 4 Configuration Statements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25
[edit security utm] Hierarchy Level . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25admin-email . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32administrator-email (Security Fallback Block) . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33administrator-email (Security Virus Detection) . . . . . . . . . . . . . . . . . . . . . . . . . . . 33allow-email (Security Fallback Block) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34allow-email (Security Virus Detection) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34anti-virus (Security Feature Profile) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35application (Security Policies) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39content-size (Security Antivirus Sophos Engine) . . . . . . . . . . . . . . . . . . . . . . . . . . 40
iiiCopyright 2012, Juniper Networks, Inc.
-
8/10/2019 Security Utm
4/122
content-size-limit . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41custom-message (Security Email Notify) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41custom-message (Security Fallback Block) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 42custom-message (Security Fallback Non-Block) . . . . . . . . . . . . . . . . . . . . . . . . . 42custom-message (Security Virus Detection) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43custom-message-subject (Security Email Notify) . . . . . . . . . . . . . . . . . . . . . . . . . 43custom-message-subject (Security Fallback Block) . . . . . . . . . . . . . . . . . . . . . . . 44custom-message-subject (Security Fallback Non-Block) . . . . . . . . . . . . . . . . . . 44custom-message-subject (Security Virus Detection) . . . . . . . . . . . . . . . . . . . . . . 45custom-url-category . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 46default (Security Antivirus Sophos Engine) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47display-host (Security Fallback Block) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47display-host (Security Virus Detection) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 48email-notify . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 48engine-not-ready (Security Antivirus Sophos Engine) . . . . . . . . . . . . . . . . . . . . . . 49fallback-block (Security Antivirus) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 50
fallback-non-block (Security Antivirus) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 51fallback-options (Security Antivirus Sophos Engine) . . . . . . . . . . . . . . . . . . . . . . . 52feature-profile . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 53filename-extension . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 59from-zone (Security Policies) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 60interval (Security Antivirus) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 62juniper-express-engine . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 63mime-pattern . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 64mime-whitelist . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 65no-autoupdate . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 66no-notify-mail-recipient . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 67no-notify-mail-sender (Security Fallback Block) . . . . . . . . . . . . . . . . . . . . . . . . . . 67
no-notify-mail-sender (Security Virus Detection) . . . . . . . . . . . . . . . . . . . . . . . . . 68no-uri-check . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 68notification-options (Security Antivirus) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 69notify-mail-recipient . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 70notify-mail-sender (Security Fallback Block) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 70notify-mail-sender (Security Virus Detection) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 71out-of-resources (Security Antivirus Sophos Engine) . . . . . . . . . . . . . . . . . . . . . . . 71password (Security Antivirus) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 72pattern-update (Security Antivirus) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 72port (Security Antivirus) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 73profile (Security Sophos Engine Antivirus) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 74protocol-command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 75proxy (Security Antivirus) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 76scan-options (Security Antivirus Sophos Engine) . . . . . . . . . . . . . . . . . . . . . . . . . 76server (Security Antivirus) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 77sophos-engine . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 78sxl-retry . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 79sxl-timeout . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 80timeout (Security Antivirus Fallback Options Sophos Engine) . . . . . . . . . . . . . . . 80timeout (Security Antivirus Scan Options) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 81to-zone (Security Policies) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 82
Copyright 2012, Juniper Networks, Inc.iv
UTM Sophos Antivirus Protection for SecurityDevices
-
8/10/2019 Security Utm
5/122
too-many-requests (Security Antivirus Fallback Options Sophos Engine) . . . . . 84trickling . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 85type (Security Antivirus Feature Profile) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 86type (Security Fallback Block) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 86type (Security Virus Detection) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 87url (Security Antivirus) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 87uri-check . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 88url-pattern . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 88username (Security Antivirus) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 89virus-detection (Security Antivirus) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 89
Part 3 Administration
Chapter 5 Managing Sophos Antivirus Protection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 93
Managing Sophos Antivirus Data Files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 93
Chapter 6 Operational Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 95
clear security utm antivirus statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 96request security utm anti-virus sophos-engine . . . . . . . . . . . . . . . . . . . . . . . . . . . 97show security utm anti-virus statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 98show security utm anti-virus status . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 100
Part 4 Index
Index . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 105
vCopyright 2012, Juniper Networks, Inc.
Table of Contents
-
8/10/2019 Security Utm
6/122
Copyright 2012, Juniper Networks, Inc.vi
UTM Sophos Antivirus Protection for SecurityDevices
-
8/10/2019 Security Utm
7/122
List of Tables
About the Documentation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ix
Table 1: Notice Icons . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xiTable 2: Text and Syntax Conventions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xii
Part 1 Overview
Chapter 1 Supported Features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3
Table 3: UTM Support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3
viiCopyright 2012, Juniper Networks, Inc.
-
8/10/2019 Security Utm
8/122
Copyright 2012, Juniper Networks, Inc.viii
UTM Sophos Antivirus Protection for SecurityDevices
-
8/10/2019 Security Utm
9/122
About the Documentation
Documentation and Release Notes on page ix
Supported Platforms on page ix
Using the Examples in This Manual on page x
Documentation Conventions on page xi
Documentation Feedback on page xiii
Requesting Technical Support on page xiii
Documentation and Release Notes
To obtain the most current version of all Juniper Networks technical documentation,
see the product documentation page on the Juniper Networks website athttp://www.juniper.net/techpubs/ .
If the information in the latest release notes differs from the information in thedocumentation, follow the product Release Notes.
Juniper Networks Books publishes books by Juniper Networks engineers and subject
matter experts. These books go beyond the technical documentation to explore thenuances of network architecture, deployment, and administration. The current list canbe viewed at http://www.juniper.net/books .
Supported Platforms
For the features described in this document, the following platforms are supported:
SRX220
SRX550
SRX110
SRX650 SRX100
SRX240
SRX210
ixCopyright 2012, Juniper Networks, Inc.
http://www.juniper.net/techpubs/http://www.juniper.net/bookshttp://www.juniper.net/techpubs/en_US/release-independent/junos/information-products/pathway-pages/hardware/SRX220/index.htmlhttp://www.juniper.net/techpubs/en_US/release-independent/junos/information-products/pathway-pages/hardware/srx550/index.htmlhttp://www.juniper.net/techpubs/en_US/release-independent/junos/information-products/pathway-pages/hardware/srx110/index.htmlhttp://www.juniper.net/techpubs/en_US/release-independent/junos/information-products/pathway-pages/hardware/SRX650/HW/index.htmlhttp://www.juniper.net/techpubs/en_US/release-independent/junos/information-products/pathway-pages/hardware/srx100/index.htmlhttp://www.juniper.net/techpubs/en_US/release-independent/junos/information-products/pathway-pages/hardware/srx240/index.htmlhttp://www.juniper.net/techpubs/en_US/release-independent/junos/information-products/pathway-pages/hardware/srx210/srx210.htmlhttp://www.juniper.net/techpubs/en_US/release-independent/junos/information-products/pathway-pages/hardware/srx210/srx210.htmlhttp://www.juniper.net/techpubs/en_US/release-independent/junos/information-products/pathway-pages/hardware/srx240/index.htmlhttp://www.juniper.net/techpubs/en_US/release-independent/junos/information-products/pathway-pages/hardware/srx100/index.htmlhttp://www.juniper.net/techpubs/en_US/release-independent/junos/information-products/pathway-pages/hardware/SRX650/HW/index.htmlhttp://www.juniper.net/techpubs/en_US/release-independent/junos/information-products/pathway-pages/hardware/srx110/index.htmlhttp://www.juniper.net/techpubs/en_US/release-independent/junos/information-products/pathway-pages/hardware/srx550/index.htmlhttp://www.juniper.net/techpubs/en_US/release-independent/junos/information-products/pathway-pages/hardware/SRX220/index.htmlhttp://www.juniper.net/bookshttp://www.juniper.net/techpubs/ -
8/10/2019 Security Utm
10/122
Using the Examples in This Manual
If you want touse the examples in this manual, you can use the load merge or the loadmerge relative command. These commands cause the software to merge the incomingconfiguration into the current candidate configuration. The example does not becomeactive until you commit the candidate configuration.
If the example configuration contains the top level of the hierarchy (or multiplehierarchies), the example is a full example . In this case, use the load merge command.
If the example configuration does not start at the top level of the hierarchy, the exampleis a snippet . In this case, use the load merge relative command. These procedures aredescribed in the following sections.
Merging a Full Example
To merge a full example, follow these steps:
1. From the HTML or PDF version of the manual, copy a configuration example into atext file, save the file with a name, and copy the file to a directory on your routingplatform.
Forexample, copy thefollowingconfiguration toa file andname thefile ex-script.conf .Copy the ex-script.conf file to the /var/tmp directory on your routing platform.
system {scripts {
commit {file ex-script.xsl;
}
}}interfaces {
fxp0 {disable;unit 0 {
family inet {address 10.0.0.1/24;
}}
}}
2. Merge the contents of the file into your routing platform configuration by issuing theload merge configuration mode command:
[edit]user@host# load merge /var/tmp/ex-script.confload complete
Copyright 2012, Juniper Networks, Inc.x
UTM Sophos Antivirus Protection for SecurityDevices
-
8/10/2019 Security Utm
11/122
Merging a Snippet
To merge a snippet, follow these steps:
1. From the HTML or PDF version of the manual, copya configuration snippet into a textfile, savethe filewith a name, and copythe fileto a directory on your routing platform.
For example, copy the following snippet to a file and name the fileex-script-snippet.conf . Copy the ex-script-snippet.conf file to the /var/tmp directoryon your routing platform.
commit {file ex-script-snippet.xsl; }
2. Move to the hierarchy level that is relevant for this snippet by issuing the followingconfiguration mode command:
[edit]
user@host# edit system scripts[edit system scripts]
3. Merge the contents of the file into your routing platform configuration by issuing theload merge relative configuration mode command:
[edit system scripts]user@host# load merge relative /var/tmp/ex-script-snippet.confload complete
For more information about the load command, see the Junos OS CLI User Guide .
Documentation Conventions
Table 1 on page xi defines notice icons used in this guide.
Table 1: Notice Icons
DescriptionMeaningIcon
Indicates important features or instructions.Informational note
Indicates a situation that might result in loss of data or hardware damage.Caution
Alerts you tothe risk of personal injury or death.Warning
Alerts you tothe risk of personal injury from a laser.Laser warning
Table 2 on page xii defines the text and syntax conventions used in this guide.
xiCopyright 2012, Juniper Networks, Inc.
About the Documentation
http://www.juniper.net/techpubs/en_US/junos12.2/information-products/pathway-pages/junos-cli/junos-cli.pdfhttp://www.juniper.net/techpubs/en_US/junos12.2/information-products/pathway-pages/junos-cli/junos-cli.pdf -
8/10/2019 Security Utm
12/122
Table 2: Text and Syntax Conventions
ExamplesDescriptionConvention
To enter configuration mode, typethe configure command:
user@host> configure
Represents text that you type.Bold text like this
user@host> show chassis alarms
No alarms currently active
Represents output that appears on theterminal screen.
Fixed-width text like this
A policy term is a named structurethat defines match conditions andactions.
JunosOS SystemBasics ConfigurationGuide
RFC 1997, BGP Communities Attribute
Introduces or emphasizes importantnew terms.
Identifies book names. Identifies RFC and Internet draft titles.
Italic text like this
Configure the machines domain name:
[edit]root@# set system domain-name
domain-name
Represents variables (options for whichyou substitute a value) in commands orconfiguration statements.
Italic text like this
To configure a stub area, include thestub statement at the [edit protocolsospf areaarea-id] hierarchy level.
Theconsole portis labeled CONSOLE .
Represents names of configurationstatements, commands, files, anddirectories;configuration hierarchylevels;or labels on routing platformcomponents.
Text like this
stub ;Enclose optional keywords or variables.< > (angle brackets)
broadcast | multicast
( string1 | string2 | string3 )
Indicates a choicebetween the mutuallyexclusive keywordsor variables on eitherside of the symbol. The set of choices isoften enclosed in parentheses for clarity.
| (pipe symbol)
rsvp { # Requiredfor dynamic MPLS onlyIndicates a comment specified on thesameline asthe configuration statementto which it applies.
# (pound sign)
communityname members[community-ids ]
Enclose a variable for which you cansubstitute one or more values.
[ ] (square brackets)
[edit]
routing-options {static {route default {
nexthop address ;retain;
}}
}
Identify a level in the configuration
hierarchy.
Indention and braces( { } )
Identifies a leaf statement at aconfiguration hierarchy level.
; (semicolon)
J-Web GUI Conventions
Copyright 2012, Juniper Networks, Inc.xii
UTM Sophos Antivirus Protection for SecurityDevices
-
8/10/2019 Security Utm
13/122
Table 2: Text and Syntax Conventions (continued)
ExamplesDescriptionConvention
In the Logical Interfaces box, selectAll Interfaces .
To cancel the configuration, clickCancel .
Represents J-Web graphical userinterface (GUI) items you click or select.
Bold text like this
In the configuration editor hierarchy,select Protocols>Ospf .
Separates levels in a hierarchy of J-Webselections.
> (bold right angle bracket)
Documentation Feedback
We encourage you to provide feedback, comments, and suggestions so that we canimprove the documentation. You can send your comments [email protected] , or fill out the documentation feedback form athttps://www.juniper.net/cgi-bin/docbugreport/ . If you are using e-mail, be sure to includethe following information with your comments:
Document or topic name
URL or page number
Software release version (if applicable)
Requesting Technical Support
Technical product support is available through the Juniper Networks TechnicalAssistanceCenter (JTAC). If you are a customer with an active J-Care or JNASC support contract,or are covered under warranty, and need post-sales technical support, you can accessour tools and resources online or open a case with JTAC.
JTAC policiesFor a complete understanding of our JTAC procedures and policies,review the JTAC User Guide located athttp://www.juniper.net/us/en/local/pdf/resource-guides/7100059-en.pdf .
Product warrantiesFor product warranty information, visithttp://www.juniper.net/support/warranty/ .
JTAC hours of operationThe JTAC centers have resources available 24 hours a day,7 daysa week, 365 days a year.
Self-Help Online Tools and Resources
For quick and easy problem resolution, Juniper Networks has designed an onlineself-service portal called the Customer Support Center (CSC) that provides you with thefollowing features:
Find CSC offerings: http://www.juniper.net/customers/support/
Search for known bugs: http://www2.juniper.net/kb/
xiiiCopyright 2012, Juniper Networks, Inc.
About the Documentation
mailto:[email protected]://www.juniper.net/cgi-bin/docbugreport/http://www.juniper.net/us/en/local/pdf/resource-guides/7100059-en.pdfhttp://www.juniper.net/support/warranty/http://www.juniper.net/customers/support/http://www2.juniper.net/kb/http://www2.juniper.net/kb/http://www.juniper.net/customers/support/http://www.juniper.net/support/warranty/http://www.juniper.net/us/en/local/pdf/resource-guides/7100059-en.pdfhttps://www.juniper.net/cgi-bin/docbugreport/mailto:[email protected] -
8/10/2019 Security Utm
14/122
Find product documentation: http://www.juniper.net/techpubs/
Find solutions and answer questions using our Knowledge Base: http://kb.juniper.net/
Download the latest versions of software and review release notes:http://www.juniper.net/customers/csc/software/
Search technical bulletins for relevant hardware and software notifications:https://www.juniper.net/alerts/
Join and participate in the Juniper Networks Community Forum:http://www.juniper.net/company/communities/
Open a case online in the CSC Case Management tool: http://www.juniper.net/cm/
To verify service entitlementby product serial number, use our Serial NumberEntitlement(SNE) Tool: https://tools.juniper.net/SerialNumberEntitlementSearch/
Opening a Case with JTAC
You can open a case with JTAC on the Web or by telephone.
Use the Case Management tool in the CSC at http://www.juniper.net/cm/ .
Call 1-888-314-JTAC (1-888-314-5822 toll-free in the USA, Canada, and Mexico).
For international or direct-dial options in countries without toll-free numbers, seehttp://www.juniper.net/support/requesting-support.html .
Copyright 2012, Juniper Networks, Inc.xiv
UTM Sophos Antivirus Protection for SecurityDevices
http://www.juniper.net/techpubs/http://kb.juniper.net/http://www.juniper.net/customers/csc/software/https://www.juniper.net/alerts/http://www.juniper.net/company/communities/http://www.juniper.net/cm/https://tools.juniper.net/SerialNumberEntitlementSearch/http://www.juniper.net/cm/http://www.juniper.net/support/requesting-support.htmlhttp://www.juniper.net/support/requesting-support.htmlhttp://www.juniper.net/cm/https://tools.juniper.net/SerialNumberEntitlementSearch/http://www.juniper.net/cm/http://www.juniper.net/company/communities/https://www.juniper.net/alerts/http://www.juniper.net/customers/csc/software/http://kb.juniper.net/http://www.juniper.net/techpubs/ -
8/10/2019 Security Utm
15/122
PART 1
Overview Supported Features on page 3
Sophos Antivirus Protection on page 5
1Copyright 2012, Juniper Networks, Inc.
-
8/10/2019 Security Utm
16/122
-
8/10/2019 Security Utm
17/122
CHAPTER 1
Supported Features
Unified Threat Management on page 3
Unified Threat Management
Unified ThreatManagement (UTM) is a term used to describe theconsolidation of severalsecurityfeatures intoone device,protecting againstmultiple threat types. Theadvantagesof UTM are streamlined installation and management of these multiple securitycapabilities.
Table 3 on page 3 lists the UTM features that are supported on SRX Series and J Seriesdevices.
Table 3: UTM Support
J Series
SRX1400SRX3400SRX3600SRX5600SRX5800
SRX550SRX650
SRX100SRX110SRX210SRX220SRX240Feature
YesNoYesYesAntispam
YesNoYesSRX210, SRX220, andSRX240 only.
Antivirus Express
YesNoYesYesAntivirus Full
NoNoYesYesAntivirus Sophos
NoNoYesSRX100, SRX210,SRX220, and SRX240only
Chassis cluster(active/active chassiscluster with the PacketForwarding Engineactive on both thecluster nodes [thePacket ForwardingEngineand theRoutingEngine active in thesame node])
YesNoYesYesContent filtering
3Copyright 2012, Juniper Networks, Inc.
-
8/10/2019 Security Utm
18/122
Table 3: UTM Support (continued)
J Series
SRX1400SRX3400SRX3600SRX5600SRX5800
SRX550SRX650
SRX100SRX110SRX210SRX220SRX240Feature
NoNoYesYesEnhancedWebfiltering
YesNoYesYesWeb filtering
YesNoYesYesWELF support
RelatedDocumentation
Junos OS Security Configuration Guide
Copyright 2012, Juniper Networks, Inc.4
UTM Sophos Antivirus Protection for SecurityDevices
-
8/10/2019 Security Utm
19/122
CHAPTER 2
Sophos Antivirus Protection
Sophos Antivirus Protection Overview on page 5
Sophos Antivirus Features on page 5
Understanding Sophos Antivirus Data File Update on page 6
Comparison of Sophos Antivirus to Kaspersky Antivirus on page 7
Sophos Antivirus Protection Overview
Sophos antivirus scanning is offered as a less CPU-intensive alternative to the fullfile-based antivirus feature. Sophos supports the same protocols as full antivirus andfunctions in much the same manner; however, it has a smaller memory footprint and iscompatible with lower end devices that have less memory.
Sophos antivirus is as an in-the-cloud antivirus solution. The virus pattern and malwaredatabase is located on external servers maintained by Sophos (Sophos Extensible List)servers, thus there is no need to download and maintain large pattern databases on the
Juniper device. The Sophos antivirus scanner also uses a local internal cache to maintainquery responses from the external list server to improve lookup performance.
Because a significantamount of traffic processed by Juniper Unified ThreatManagement(UTM) is HTTP based, Uniform Resource Identifier (URI) checking is used to effectivelyprevent malicious content from reaching the endpoint client or server. The followingchecks are performed for HTTP traffic: URI lookup, true file type detection, and filechecksum lookup. The following application layer protocols are supported: HTTP, FTP,SMTP, POP3 and IMAP.
RelatedDocumentation
Junos OS Feature Support Reference for SRX Series and J Series Devices
Sophos Antivirus Features on page 5
Sophos Antivirus Configuration Overview on page 11
Sophos Antivirus Features
Sophos Antivirus has the following main features:
5Copyright 2012, Juniper Networks, Inc.
-
8/10/2019 Security Utm
20/122
Sophos Antivirus Expanded MIMEDecoding Support Sophos antivirus offers decodingsupport for HTTP, POP3, SMTP, and IMAP. MIME decoding support includes thefollowing for each supported protocol:
Multipart and nested header decoding Base64 decoding, printedquotedecoding, andencodedworddecoding in the subject
field
SophosAntivirusScan ResultHandling With Sophos antivirus, theTCP traffic is closedgracefully when a virus is found and the data content is dropped.
Thefollowing fail modeoptionsaresupported: content-size, default, engine-not-ready,out-of-resource, timeout, and too-many-requests. You can set the following actions:block, log-and-permit, and permit. Fail mode handling of supported options withSophos is much the same as with full antivirus.
Sophos Uniform Resource Identifier Checking Sophos provides Uniform Resource
Identifier (URI) checking, which is similar to anti-spam realtime blackhole list (RBL)lookups. URI checking is a way of analyzing URI content in HTTP traffic against theSophos database to identify malware or malicious content. Because malware ispredominantly static, a checksum mechanism is used to identify malware to improveperformance. Files that are capable of using a checksum include: .exe, .zip, .rar, .swf,.pdf, and .ole2 (doc and xls).
NOTE: If you have a Juniper device protecting an internal network that hasno HTTP traffic, or has Web servers that are not accessible to the outsideworld, you may want to turn off URI checking. If the Web servers are notaccessible to the outside world, it is unlikely that they contain URIinformation that is in the Sophos URI database. URI checking is on by
default.
RelatedDocumentation
Junos OS Feature Support Reference for SRX Series and J Series Devices
Sophos Antivirus Protection Overview on page 5
Sophos Antivirus Configuration Overview on page 11
Example: Configuring Sophos Antivirus Feature Profile on page 15
Understanding Sophos Antivirus Data File Update
Sophos antivirususes a small setof data files that need tobe updatedperiodically.Thesedata files only contain information on guiding scanning logic and do not contain the fullpattern database. The main pattern database, which includes protection against criticalviruses, URI checks, malware,worms, Trojans, and spyware, is located on remote SophosExtensible List servers maintained by Sophos.
Copyright 2012, Juniper Networks, Inc.6
UTM Sophos Antivirus Protection for SecurityDevices
-
8/10/2019 Security Utm
21/122
-
8/10/2019 Security Utm
22/122
-
8/10/2019 Security Utm
23/122
PART 2
Configuration Sophos Antivirus Protection on page 11
Configuration Statements on page 25
9Copyright 2012, Juniper Networks, Inc.
-
8/10/2019 Security Utm
24/122
Copyright 2012, Juniper Networks, Inc.10
UTM Sophos Antivirus Protection for SecurityDevices
-
8/10/2019 Security Utm
25/122
CHAPTER 3
Sophos Antivirus Protection
Sophos Antivirus Configuration Overview on page 11
Example: Configuring Sophos Antivirus Custom Objects on page 11
Example: Configuring Sophos Antivirus Feature Profile on page 15
Example: Configuring Sophos Antivirus UTM Policies on page 21
Example: Configuring Sophos Antivirus Firewall Security Policies on page 22
Sophos Antivirus Configuration Overview
Sophos antivirus is part of the Unified Threat Management (UTM) feature set, so youfirst configure UTM options (custom objects), configure the Sophos Feature, then createa UTMpolicy anda security policy. Thesecuritypolicy controls all trafficthat is forwardedby the device, and the UTM policy specifies which parameters to use to scan traffic. TheUTM policy is also used to bind a set of protocols to one or more UTM feature profiles,including Sophos antivirus in this case.
You must complete the following tasks to configure Sophos antivirus:
1. Configure UTM custom objects and MIME lists. See Example: Configuring SophosAntivirus Custom Objects on page 11 ,
2. Configure the Sophos antivirus feature profile. See Example: Configuring SophosAntivirus Feature Profile on page 15 .
3. Configure a UTM policy. See Example: Configuring Sophos Antivirus UTM Policieson page 21
4. Configure a security policy. See Example: Configuring Sophos Antivirus FirewallSecurity Policies on page 22 .
Example: Configuring Sophos Antivirus Custom Objects
This example shows you how to create UTM global custom objects to be used withSophos antivirus.
Requirements on page 12
Overview on page 12
11Copyright 2012, Juniper Networks, Inc.
-
8/10/2019 Security Utm
26/122
Configuration on page 12
Verification on page 14
Requirements
Before you begin, read about UTM custom objects. See Understanding UTM CustomObjects.
Overview
Configure MIME lists. This includes creating a MIME whitelist and a MIME exception listfor antivirus scanning. In this example, you bypass scanning of QuickTime videos, unlessif they contain the MIME type quicktime-inappropriate.
WARNING: When you configure the MIME whitelist feature, be aware that,because header information in HTTP traffic can be spoofed, you cannot
always trust HTTP headers to be legitimate. When a Web browser isdetermining the appropriate action fora given filetype, it detectsthe filetypewithout checking the MIME header contents. However, the MIME whitelistfeature does refer to the MIME encoding in the HTTP header. For thesereasons, it is possible in certain cases for a malicious website to provide aninvalid HTTP header. For example, a network administrator mightinadvertently add a malicious website to a MIME whitelist, and, because thesite is in the whitelist, it will not be blocked by Sophos even though Sophoshas identified the site as malicious in its database. Internal hosts would thenbe able to reach this site and could become infected.
ConfigurationGUI Step-by-Step
ProcedureTo configure a MIME list:
1. Click the Configure tab from the taskbar, and then select Security>UTM>CustomObjects .
2. Click the MIME Pattern List tab and then click Add
3. In the MIME Pattern Name box, type avmime2 .
4. In the MIME Pattern Value box, type video/quicktime , and click Add .
5. In the MIME Pattern Value box, type image/x-portable-anympa , and click Add .
6. In the MIME Pattern Value box, type x-world/x-vrml , and click Add .
To configure a MIME exception list:
1. Click the Configure tab from the taskbar, and then select Security>UTM>CustomObjects .
2. Click the MIME Pattern List tab and then select Add
3. In the MIME Pattern Name box, type exception-avmime2 .
4. In the MIME Pattern Value box, type video/quicktime-inappropriate and click Add .
Copyright 2012, Juniper Networks, Inc.12
UTM Sophos Antivirus Protection for SecurityDevices
-
8/10/2019 Security Utm
27/122
Configure a URL pattern list (whitelist) of URLs or addresses that will be bypassed byantivirus scanning. After you create the URL pattern list, you will create a custom URLcategory list and add the pattern list to it.
NOTE: Because you use URL pattern lists to create custom URL categorylists, youmust configure URLpattern listcustom objectsbefore youconfigurecustom URL category lists.
To configure a URL pattern whitelist:
1. Click the Configure tab from the taskbar, and then select Security>UTM>CustomObjects .
2. Click the URL Pattern List tab, and then click Add
3. In the URL Pattern Name box, enter urlist2 .
4. In the URL Pattern Value box, enter http://juniper.net . (You can also us the IP addressof the server instead of the URL.)
Save your configuration:
1. Click OK to check your configuration and save it as a candidate configuration.
2. If you are done configuring the device, click Actions>Commit .
NOTE: URL pattern wildcard supportThe wildcard rule is as follows:
\*\.[]\?* and you must precede all wildcard URLs with http:// . You can use* onlyif it isat the beginning of the URL and is followedby a .. You canonly use ? at the end of the URL.
The following wildcard syntax is supported: http://* .juniper.net ,http://www.juniper.ne? , http://www.juniper.n?? . Thefollowingwildcardsyntaxis not supported: *.juniper.net , www.juniper.ne?, http://*juniper.net, http://*.
Step-by-StepProcedure
To configure antivirus protection using the CLI, you must create your custom objects inthe following order:
1. Create the MIME whitelist.
[edit security utm]user@host# set custom-objects mime-pattern avmime2 value [video/quicktime
image/x-portable-anymap x-world/x-vrml]
Create the MIME exception list.
[edit security utm]user@host# set custom-objects mime-pattern exception-avmime2 value
[video/quicktime-inappropriate]
13Copyright 2012, Juniper Networks, Inc.
Chapter 3: Sophos Antivirus Protection
-
8/10/2019 Security Utm
28/122
2. Configure a URL pattern list (whitelist) of URLs or addresses that you want tobypass. After you create the URL pattern list, you create a custom URL category listand add the pattern list to it. Configure a URL pattern list custom object bycreatingthe list name and adding values to it as follows.
NOTE: Because youuseURLpatternlists tocreate customURLcategorylists, you must configure URL pattern list custom objects before youconfigure custom URL category lists.
[edit security utm]user@host# set custom-objects url-pattern urllist2 value [http://www.juniper.net
192.168.1.5]
NOTE: URL pattern wildcard supportThe wildcard rule is as follows:\*\.[]\?* and you must precede all wildcard URLs with http:// . You canonly use * if it is at the beginning of the URL and isfollowed by a ..You can only use ? at the end of the URL.
The following wildcard syntax is supported: http://* .juniper.net ,http://www.juniper.ne? , http://www.juniper.n?? . The following wildcardsyntax is not supported: *.juniper.net , www.juniper.ne?,http://*juniper.net, http://*.
3. Configure a custom URL category list custom object by using the URL pattern listurllist2 that you created earlier:
[edit security utm]user@host# set custom-objects custom-url-category custurl2 value urllist2
Verification
To verify the configuration, enter the show security utm custom-objects command.
RelatedDocumentation
Junos OS Feature Support Reference for SRX Series and J Series Devices
Sophos Antivirus Protection Overview on page 5
Sophos Antivirus Configuration Overview on page 11
Example: Configuring Sophos Antivirus Feature Profile on page 15
Understanding UTM Custom Objects
Copyright 2012, Juniper Networks, Inc.14
UTM Sophos Antivirus Protection for SecurityDevices
-
8/10/2019 Security Utm
29/122
-
8/10/2019 Security Utm
30/122
c. Click OK and commit your changes.
d. Restart the device to enable Sophos as the antivirus engine.
2. Returnto the antivirusGlobal Options screenas youdid in step 1, andset the followingparameters:
a. In the MIME whitelist list, select exception-avmime2 .
b. In the URL whitelist list, select custurl2 .
c. In the Pattern update interval (sec) box, type 2880 .
d. In the box, type the e-mail address that will receive SophosAdmin email data fileupdate notifications. For example - [email protected].
e. In the Custom Message box, type The Sophos data fileupdate on the SRX240 hasbeencompleted . In theCustommessagesubjectbox, type SophosData FileUpdated .
f. Click OK to check your configuration and save it as a candidate configuration.
3. Configure a profile for the sophos-engine and set parameters.
a. Click the Configure tabfromthe taskbarandthen select Security>UTM>Anti-Virus .Click Add .
b. In the Add profile box, click the Main tab.
c. In the Profile name box, type sophos-prof1 .
d. In the Trickling timeout box, type 180 .
WARNING: When enabling the trickling option, its important tounderstand that trickling may send part of the file to the client duringthe antivirus scan. It is possible that some of the content could bereceived by the client and the client may become infected before thefile is fully scanned.
e. URI checking is on by default. To turn it off, clear yes in the URI check box.
f. In the Content size Limit box, type 20000 .
g. In the Scan engine timeout box, type 1800 .
4. Configure fallback settings by clicking the Fallback settings tab. In this example, allfallbackoptions are setto log andpermit.Click Logand permit forthe following items:Default action, Content size, Engine not ready, Timeout, Out of resource, Too manyrequests.
Copyright 2012, Juniper Networks, Inc.16
UTM Sophos Antivirus Protection for SecurityDevices
-
8/10/2019 Security Utm
31/122
-
8/10/2019 Security Utm
32/122
-
8/10/2019 Security Utm
33/122
user@host# set fallback-options too-many-requests log-and-permit
8. Configure notification options. You can configure notifications for fallback blocking,fallback nonblocking actions, and virus detection.
In this step, configure a custom message for the fallback blocking action and senda notification for protocol-only actions to the administrator and the sender.
[edit security utm feature-profile anti-virus sophos-engine profile sophos-prof1]user@host# set notification-options fallback-block custom-message ***Fallback
block action occurred*** custom-message-subject Antivirus Fallback Alertnotify-mail-sender type protocol-only allow email [email protected]
9. Configure a notification for protocol-only virus detection, and send a notification.
[edit security utm feature-profile anti-virus sophos-engine profile sophos-prof1]user@host# set notification-options virus-detection type protocol-only
notify-mail-sender custom-message-subject ***Virus detected***custom-message Virus has been detected
10. Configure content size parameters.
NOTE: When you configure the content-size value, keep in mind that incertain cases, content size is available in the protocol headers, so themax-content-size fallback is applied before a scan request is sent.However, in many cases, content size is not provided in the protocolheaders. In thesecases, theTCPpayload is sent tothe antivirusscannerand accumulates until the end of the payload. If the accumulatedpayload exceeds the maximum content size value, thenmax-content-size fallback is applied. The default fallback action is log
and permit, so you may want to change this option to block, in whichcase such a packet is dropped anda block messageis sent to theclient.
In this example, if the content size exceeds 20 MB, the packet is dropped.
[edit security utm feature-profile anti-virus sophos-engine profile sophos-prof1]user@host# set scan-options content-size-limit 20000
11. URI checking is on by default. To turn off URI checking:
[edit security utm feature-profile anti-virus sophos-engine profile sophos-prof1]user@host# set scan-options no-uri-check
12. Configure the timeout setting for the scanning operation to 1800 seconds.
[edit security utm feature-profile anti-virus sophos-engine profile sophos-prof1]user@host# set scan-options timeout 1800
13. The Sophos Extensible List servers contain the virus and malware database forscanning operations. Set the response timeout for these servers to 3 seconds (thedefault is 2 seconds).
[edit security utm feature-profile anti-virus sophos-engine profile sophos-prof1]user@host# set scan-options sxl-timeout 3
19Copyright 2012, Juniper Networks, Inc.
Chapter 3: Sophos Antivirus Protection
-
8/10/2019 Security Utm
34/122
14. Configure the Sophos Extensible List server retry option to 2 retries (the default is1).
[edit security utm feature-profile anti-virus sophos-engine profile sophos-prof1]user@host# set scan-options sxl-retry 2
15. Configure the trickling setting to 180 seconds. If you use trickling, you can also settimeout parameters. Trickling applies only to HTTP. HTTP trickling is a mechanismused to prevent the HTTP client or server from timing out during a file transfer orduring antivirus scanning.
WARNING: When you enable the trickling option, keep in mind thattrickling might send part of a file to the client during its antivirus scan.It is therefore possible that some of the content could be received bythe client before the file has been fully scanned.
[edit security utm feature-profile anti-virus]user@host# set sophos-engine profile sophos-prof1 trickling timeout 180
16. Configure the antivirus module to use MIME bypass lists and exception lists. Youcan use your own custom object lists, or you can use the default list that ships withthe device called junos-default-bypass-mime. In this example,you use the liststhatyou setup earlier.
[edit security utm feature-profile anti-virus]user@host# set mime-whitelist list avmime2[edit security utm feature-profile anti-virus]user@host# set mime-whitelist list exception-avmime2
17. Configure the antivirus module to use URL bypass lists. If you are using a URLwhitelist, this is a custom URL category you have previously configured as a customobject. URL whitelists are valid only for HTTP traffic. In this example you use thelists that you setup earlier.
[edit security utm feature-profile anti-virus]user@host# set url-whitelist custurl2
Verification
To verify your feature profile configuration, run the show security utm feature-profileanti-virus command.
Obtaining Information About the Current Antivirus Status
Action From operational mode, enter the show security utm anti-virus status command to viewthe antivirus status.
user@host> show security utm anti-virus status
Meaning Antivirus key expire dateThe license key expiration date.
Update serverURL for the data file update server.
Copyright 2012, Juniper Networks, Inc.20
UTM Sophos Antivirus Protection for SecurityDevices
-
8/10/2019 Security Utm
35/122
IntervalThe time period, in minutes, when the device will update the data file fromthe update server.
Pattern update statusWhenthe data filewill be updatednext, displayed in minutes.
Last resultResult of the last update. If you already have the latest version, this willdisplay already have latest database .
Antivirus signature versionVersion of the current data file.
Scan engine typeThe antivirus engine type that is currently running.
Scan engine informationResult of the last action that occurred with the current scanengine.
RelatedDocumentation
Junos OS Feature Support Reference for SRX Series and J Series Devices
Sophos Antivirus Protection Overview on page 5
Sophos Antivirus Configuration Overview on page 11
Example: Configuring Sophos Antivirus UTM Policies
This example shows how to create a UTM policy for Sophos antivirus.
Requirements on page 21
Overview on page 21
Configuration on page 22
Verification on page 22
Requirements
Before you create the UTM policy, create custom objects and the Sophos feature profile.
1. Configure UTM custom objects and MIME lists. See Example: Configuring SophosAntivirus Custom Objects on page 11 .
2. Configure the Sophos antivirus feature profile. See Example: Configuring SophosAntivirus Feature Profile on page 15 .
Overview
After you have created an antivirus feature profile, you configure a UTM policy for an
antivirus scanning protocol and attach this policy to a feature profile. In this example,HTTP will be scanned for viruses, as indicated by the http-profile statement. You canscan other protocols as well by creating different profiles or adding other protocols tothe profile, such as: imap-profile, pop3-profile, and smtp-profile.
21Copyright 2012, Juniper Networks, Inc.
Chapter 3: Sophos Antivirus Protection
-
8/10/2019 Security Utm
36/122
Configuration
GUI Step-by-StepProcedure
To configure a UTM policy for Sophos antivirus:
1. Click the Configure tab from the taskbar, and then select Security>Policy>UTMPolicies . Then click Add .
2. Click the Main tab. In the Policy name box, type utmp3 .
3. Click the Anti-Virus profiles tab. In the HTTP profile list, select sophos-prof1 .
4. Click OK to check your configuration and save it as a candidate configuration.
5. If you are done configuring the device, select Actions>Commit .
Step-by-StepProcedure
To configure a UTM policy for Sophos antivirus:
Go to the edit security utm hierarchy.1.
[edit]user@host# edit security utm
2. Create the UTM policy utmp3 and attach it to the http-profile sophos-prof1.
[edit security utm]user@host# set utm-policy utmp3 anti-virus http-profile sophos-prof1
NOTE: You can use the default Sophos feature profile settings byreplacing sophos-prof1 in the above statement withjunos-sophos-av-defaults.
Verification
To verify the configuration, enter the show security utm utm-policy utmp3 command.
RelatedDocumentation
Junos OS Feature Support Reference for SRX Series and J Series Devices
Sophos Antivirus Protection Overview on page 5
Sophos Antivirus Configuration Overview on page 11
Example: Configuring Sophos Antivirus Feature Profile on page 15
Example: Configuring Sophos Antivirus Firewall Security Policies
This example shows how to create a security policy for Sophos antivirus.
Requirements on page 23
Overview on page 23
Configuration on page 23
Verification on page 24
Copyright 2012, Juniper Networks, Inc.22
UTM Sophos Antivirus Protection for SecurityDevices
-
8/10/2019 Security Utm
37/122
-
8/10/2019 Security Utm
38/122
Step-by-StepProcedure
To configure a security policy for Sophos antivirus:
Configure the untrust to trust policy to match any source-address.1.
[edit security]user@host# set policies from-zone untrust to-zone trust policy p3 match
source-address any
2. Configure the untrust to trust policy to match any destination-address.
[edit security]user@host# set policies from-zone untrust to-zone trust policy p3 match
destination-address any
3. Configure the untrust to trust policy to match any application type.
[edit security]user@host# setpolicies from-zoneuntrustto-zone trustpolicyp3 matchapplication
any
4. Attach the UTM policy named utmp3 to the firewall security policy. This will causematched traffic to be scanned by the Sophos antivirus feature.
[edit security]user@host# set policies from-zone untrust to-zone trust policy p3 then permit
application-services utm-policy utmp3
Verification
To verify the configuration, enter the show security policies command.
RelatedDocumentation
Junos OS Feature Support Reference for SRX Series and J Series Devices
Sophos Antivirus Protection Overview on page 5
Sophos Antivirus Configuration Overview on page 11
Example: Configuring Sophos Antivirus Feature Profile on page 15
Copyright 2012, Juniper Networks, Inc.24
UTM Sophos Antivirus Protection for SecurityDevices
-
8/10/2019 Security Utm
39/122
CHAPTER 4
Configuration Statements
[edit security utm] Hierarchy Level on page 25
[edit security utm] Hierarchy Level
security {utm {
application-proxy {traceoptions {
flag flag ;}
}custom-objects {
custom-url-category object-name {value [ value ];
}filename-extension object-name {
value [ value ];}mime-pattern object-name {
value [ value ];}protocol-command object-name {
value [ value ];}url-pattern object-name {
value [ value ];}
}feature-profile {
anti-spam {address-blacklist list-name ;address-whitelist list-name ;sbl {
profile profile-name {custom-tag-string [ string ];(no-sbl-default-server | sbl-default-server);spam-action (block | tag-header | tag-subject);
}}traceoptions {
flag flag ;
25Copyright 2012, Juniper Networks, Inc.
-
8/10/2019 Security Utm
40/122
}}anti-virus {
juniper-express-engine {
pattern-update {email-notify {admin-email email-address ;custom-message message ;custom-message-subject message-subject ;
}interval value ;no-autoupdate;proxy {
password password-string ;port port-number ;server address-or-url ;username name ;
}
url url ;}profile profile-name {
fallback-options {content-size (block | log-and-permit);default (block | log-and-permit);engine-not-ready (block | log-and-permit);out-of-resources (block | (log-and-permit);timeout (block | log-and-permit);too-many-requests (block | log-and-permit);
}notification-options {
fallback-block {administrator-email email-address ;
allow-email;custom-message message ;custom-message-subject message-subject ;display-host;(no-notify-mail-sender | notify-mail-sender);type (message | protocol-only);
}fallback-non-block {
custom-message message ;custom-message-subject message-subject ;(no-notify-mail-recipient | notify-mail-recipient);
}virus-detection {
custom-message message ;
custom-message-subject message-subject ;(no-notify-mail-sender | notify-mail-sender);type (message | protocol-only);
}}scan-options {
content-size-limit value ;(intelligent-prescreening | no-intelligent-prescreening);timeout value ;
}
Copyright 2012, Juniper Networks, Inc.26
UTM Sophos Antivirus Protection for SecurityDevices
-
8/10/2019 Security Utm
41/122
trickling {timeout value ;
}}
}kaspersky-lab-engine {pattern-update {
email-notify {admin-email email-address ;custom-message message ;custom-message-subject message-subject ;
}interval value ;no-autoupdate;proxy {
password password-string ;port port-number ;server address-or-url ;
username name ;}url url ;
}profile profile-name {
fallback-options {content-size (block | log-and-permit);corrupt-file (block | log-and-permit);decompress-layer (block | log-and-permit);default (block | log-and-permit);engine-not-ready (block | log-and-permit);out-of-resources (block | (log-and-permit);password-file (block | (log-and-permit);timeout (block | log-and-permit);
too-many-requests (block | log-and-permit);}notification-options {
fallback-block {administrator-email email-address ;allow-email;custom-message message ;custom-message-subject message-subject ;display-host;(no-notify-mail-sender | notify-mail-sender);type (message | protocol-only);
}fallback-non-block {
custom-message message ;
custom-message-subject message-subject ;(no-notify-mail-recipient | notify-mail-recipient);
}virus-detection {
custom-message message ;custom-message-subject message-subject ;(no-notify-mail-sender | notify-mail-sender);type (message | protocol-only);
}}
27Copyright 2012, Juniper Networks, Inc.
Chapter4: Configuration Statements
-
8/10/2019 Security Utm
42/122
scan-options {content-size-limit value ;decompress-layer-limit value ;(intelligent-prescreening | no-intelligent-prescreening);
scan-extension filename ;scan-mode (all | by-extension);timeout value ;
}trickling {
timeout value ;}
}}mime-whitelist {
exception listname ;list listname {
exception listname ;}
}sophos-engine {
pattern-update {email-notify {
admin-email email-address ;custom-message message ;custom-message-subject message-subject ;
}interval value ;no-autoupdate;proxy {
password password-string ;port port-number ;server address-or-url ;
username name ;}url url ;
}profile {
fallback-options {content-size (block | log-and-permit | permit);default (block | log-and-permit | permit);engine-not-ready (block | log-and-permit | permit);out-of-resources (block | log-and-permit | permit);timeout (block | log-and-permit | permit);too-many-requests (block | log-and-permit | permit);
}notification-options {
fallback-block {administrator-email email-address ;allow-email;custom-message message ;custom-message-subject message-subject ;display-host;(no-notify-mail-sender | notify-mail-sender);type (message | protocol-only);
}fallback-non-block {
Copyright 2012, Juniper Networks, Inc.28
UTM Sophos Antivirus Protection for SecurityDevices
-
8/10/2019 Security Utm
43/122
-
8/10/2019 Security Utm
44/122
block-message {type {
custom-redirect-url;}
url url ;}category customurl-list name {
action (block | log-and-permit | permit);}custom-block-message value ;default (block | log-and-permit | permit);fallback-settings {
default (block | log-and-permit);server-connectivity (block | log-and-permit);timeout (block | log-and-permit);too-many-requests (block | log-and-permit);
}no-safe-search;
site-reputation-action {fairly-safe (block | log-and-permit | permit);harmful (block | log-and-permit | permit);moderately-safe (block | log-and-permit | permit);suspicious (block | log-and-permit | permit);very-safe (block | log-and-permit | permit);
}timeout value ;
}server {
host host-name ;port number ;
}}
juniper-local {profile profile-name {
custom-block-message value ;default (block | log-and-permit | permit);fallback-settings {
default (block | log-and-permit);server-connectivity (block | log-and-permit);timeout (block | log-and-permit);too-many-requests (block | log-and-permit);
}timeout value ;
}}surf-control-integrated {
cache {size value ;timeout value ;
}profile profile-name {
category customurl-list name {action (block | log-and-permit | permit);
}custom-block-message value ;default (block | log-and-permit | permit);
Copyright 2012, Juniper Networks, Inc.30
UTM Sophos Antivirus Protection for SecurityDevices
-
8/10/2019 Security Utm
45/122
fallback-settings {default (block | log-and-permit);server-connectivity (block | log-and-permit);timeout (block | log-and-permit);
too-many-requests (block | log-and-permit);}timeout value ;
}server {
host host-name ;port number ;
}}traceoptions {
flag flag ;}type (juniper-enhanced | juniper-local | surf-control-integrated |
websense-redirect);
url-blacklist listname ;url-whitelist listname ;websense-redirect {
profile profile-name {account value ;custom-block-message value ;fallback-settings {
default (block | log-and-permit);server-connectivity (block | log-and-permit);timeout (block | log-and-permit);too-many-requests (block | log-and-permit);
}server {
host host-name ;
port number ;}sockets value ;timeout value ;
}}
}}ipc {
traceoptions {flag flag ;}
}traceoptions {
flag flag ;}utm-policy policy-name {
anti-spam {smtp-profile profile-name ;
}anti-virus {
ftp {download-profile profile-name ;upload-profile profile-name ;
31Copyright 2012, Juniper Networks, Inc.
Chapter4: Configuration Statements
-
8/10/2019 Security Utm
46/122
}http-profile profile-name ;imap-profile profile-name ;pop3-profile profile-name ;
smtp-profile profile-name ;}content-filtering {
ftp {download-profile profile-name ;upload-profile profile-name ;
}http-profile profile-name ;imap-profile profile-name ;pop3-profile profile-name ;smtp-profile profile-name ;
}traffic-options {
sessions-per-client {
limit value ;over-limit (block | log-and-permit);
}}web-filtering {
http-profile profile-name ;}
}}
}
RelatedDocumentation
Junos OS Feature Support Reference for SRX Series and J Series Devices
admin-email
Syntax admin-email email-address ;
Hierarchy Level [edit security utm feature-profile anti-virus juniper-express-engine pattern-updateemail-notify]
[editsecurityutm feature-profileanti-virus kaspersky-lab-enginepattern-update email-notify][edit security utm feature-profile anti-virus sophos-engine pattern-update email-notify]
Release Information Statement introduced in Release 9.5 of Junos OS.
Description You can configure the device to notify a specified administrator when patterns areupdated. This is an email notification with a custom message and a custom subject line.
Required PrivilegeLevel
securityTo view this statement in the configuration.security-controlTo add this statement to the configuration.
RelatedDocumentation
Junos OS Security Configuration Guide
Copyright 2012, Juniper Networks, Inc.32
UTM Sophos Antivirus Protection for SecurityDevices
-
8/10/2019 Security Utm
47/122
administrator-email (Security Fallback Block)
Syntax administrator-email email-address ;
Hierarchy Level [edit security utm feature-profile anti-virus juniper-express-engine profile profile-namenotification-options fallback-block]
[edit security utm feature-profile anti-virus kaspersky-lab-engine profile profile-namenotification-options fallback-block]
[edit security utm feature-profile anti-virus sophos-engine profile profile-namenotification-options fallback-block]
Release Information Statement introduced in Release 9.5 of Junos OS. Support for Sophos engine added inRelease 11.1 of Junos OS.
Description Configure the administrator e-mail address that will be notified when a fallback-blockoccurs. This is an e-mail notification with a custom message and a custom subject line.
Required PrivilegeLevel
securityTo view this statement in the configuration.security-controlTo add this statement to the configuration.
RelatedDocumentation
Junos OS Security Configuration Guide
administrator-email (Security Virus Detection)
Syntax administrator-email email address ;
Hierarchy Level [edit security utm feature-profile anti-virus sophos-engine profile profile namenotification-options virus-detection]
Release Information Statement introduced in Release 11.1 of Junos OS.
Description Configure the administrator e-mail address that will be notified when a virus is detectedby Sophos antivirus. This is an e-mail notification with a custom message and a customsubject line.
Required PrivilegeLevel
securityTo view this statement in the configuration.security-controlTo add this statement to the configuration.
RelatedDocumentation
Junos OS Security Configuration Guide
33Copyright 2012, Juniper Networks, Inc.
Chapter4: Configuration Statements
-
8/10/2019 Security Utm
48/122
allow-email (Security Fallback Block)
Syntax allow-email;
Hierarchy Level [edit security utm feature-profile anti-virus juniper-express-engine profile profile-namenotification-options fallback-block]
[edit security utm feature-profile anti-virus kaspersky-lab-engine profile profile-namenotification-options fallback-block]
[edit security utm feature-profile anti-virus sophos-engine profile profile-namenotification-options fallback-block]
Release Information Statement introduced in Release 9.5 of Junos OS. Support for Sophos engine added inRelease 11.1 of Junos OS.
Description Enable e-mail notification to notify a specified administrator when a fallback-blockoccurs.
Required PrivilegeLevel
securityTo view this statement in the configuration.security-controlTo add this statement to the configuration.
RelatedDocumentation
Junos OS Security Configuration Guide
allow-email (Security Virus Detection)
Syntax allowemail;
Hierarchy Level [edit security utm feature-profile anti-virus profile notification-options virus-detect]
Release Information Statement introduced in Release 11.1 of Junos OS.
Description Enable e-mail notification to notify a specified administrator when a virus is detected.
Required PrivilegeLevel
securityTo view this statement in the configuration.security-controlTo add this statement to the configuration.
RelatedDocumentation
Junos OS Security Configuration Guide
Copyright 2012, Juniper Networks, Inc.34
UTM Sophos Antivirus Protection for SecurityDevices
-
8/10/2019 Security Utm
49/122
anti-virus (Security Feature Profile)
Syntax anti-virus {
juniper-express-engine {pattern-update {
email-notify {admin-email email-address ;custom-message message ;custom-message-subject message-subject ;
}interval value ;no-autoupdate;proxy {
password password-string ;port port-number ;server address-or-url ;username name ;
}url url ;
}profile profile-name {
fallback-options {content-size (block | log-and-permit);default (block | log-and-permit);engine-not-ready (block | log-and-permit);out-of-resources (block | (log-and-permit);timeout (block | log-and-permit);too-many-requests (block | log-and-permit);
}notification-options {
fallback-block {administrator-email email-address ;allow-email;custom-message message ;custom-message-subject message-subject ;display-host;(no-notify-mail-sender | notify-mail-sender);type (message | protocol-only);
}fallback-non-block {
custom-message message ;custom-message-subject message-subject ;(no-notify-mail-recipient | notify-mail-recipient);
}virus-detection {
custom-message message ;custom-message-subject message-subject ;(no-notify-mail-sender | notify-mail-sender);type (message | protocol-only);
}}scan-options {
content-size-limit value ;(intelligent-prescreening | no-intelligent-prescreening);
35Copyright 2012, Juniper Networks, Inc.
Chapter4: Configuration Statements
-
8/10/2019 Security Utm
50/122
timeout value ;}trickling {
timeout value ;
}}}kaspersky-lab-engine {
pattern-update {email-notify {
admin-email email-address ;custom-message message ;custom-message-subject message-subject ;
}interval value ;no-autoupdate;proxy {
password password-string ;
port port-number ;server address-or-url ;username name ;
}url url ;
}profile profile-name {
fallback-options {content-size (block | log-and-permit);corrupt-file (block | log-and-permit);decompress-layer (block | log-and-permit);default (block | log-and-permit);engine-not-ready (block | log-and-permit);out-of-resources (block | (log-and-permit);
password-file (block | (log-and-permit);timeout (block | log-and-permit);too-many-requests (block | log-and-permit);
}notification-options {
fallback-block {administrator-email email-address ;allow-email;custom-message message ;custom-message-subject message-subject ;display-host;(no-notify-mail-sender | notify-mail-sender);type (message | protocol-only);
}
fallback-non-block {custom-message message ;custom-message-subject message-subject ;(no-notify-mail-recipient | notify-mail-recipient);
}virus-detection {
custom-message message ;custom-message-subject message-subject ;(no-notify-mail-sender | notify-mail-sender);type (message | protocol-only);
Copyright 2012, Juniper Networks, Inc.36
UTM Sophos Antivirus Protection for SecurityDevices
-
8/10/2019 Security Utm
51/122
}}scan-options {
content-size-limit value ;
decompress-layer-limit value ;(intelligent-prescreening | no-intelligent-prescreening);scan-extension filename ;scan-mode (all | by-extension);timeout value ;
}trickling {
timeout value ;}
}}mime-whitelist {
exception listname ;list listname {
exception listname ;}
}sophos-engine {
pattern-update {email-notify {
admin-email email-address ;custom-message message ;custom-message-subject message-subject ;
}interval value ;no-autoupdate;proxy {
password password-string ;
port port-number ;server address-or-url ;username name ;
}url url ;
}profile {
fallback-options {content-size (block | log-and-permit | permit);default (block | log-and-permit | permit);engine-not-ready (block | log-and-permit | permit);out-of-resources (block | log-and-permit | permit);timeout (block | log-and-permit | permit);too-many-requests (block | log-and-permit | permit);
}notification-options {
fallback-block {administrator-email email-address ;allow-email;custom-message message ;custom-message-subject message-subject ;display-host;(no-notify-mail-sender | notify-mail-sender);type (message | protocol-only);
37Copyright 2012, Juniper Networks, Inc.
Chapter4: Configuration Statements
-
8/10/2019 Security Utm
52/122
}fallback-non-block {
custom-message message ;custom-message-subject message-subject ;
(no-notify-mail-recipient | notify-mail-recipient);}virus-detection {
custom-message message ;custom-message-subject message-subject ;(no-notify-mail-sender | notify-mail-sender);type (message | protocol-only);
}}scan-options {
content-size-limit value ;(no-uri-check | uri-check);timeout value ;
}
trickling {timeout value ;
}}sxl-retry value;sxl-timeout seconds;
}traceoptions flag flag ;type (juniper-express-engine | kaspersky-lab-engine | sophos-engine);url-whitelist listname ;
}
Hierarchy Level [edit security utm feature-profile]
Release Information Statement introduced in Release 9.5 of Junos OS.
Description Configure UTM antivirus full and express features.
Options The remaining statements are explained separately.
Required PrivilegeLevel
securityTo view this statement in the configuration.security-controlTo add this statement to the configuration.
RelatedDocumentation
Junos OS Security Configuration Guide
Copyright 2012, Juniper Networks, Inc.38
UTM Sophos Antivirus Protection for SecurityDevices
-
8/10/2019 Security Utm
53/122
application (Security Policies)
Syntax application {
[ application ];any;
}
Hierarchy Level [edit security policies from-zone zone-name to-zone zone-name policy policy-name match]
Release Information Statement introduced in Release 8.5 of Junos OS.
Description Specify the IP or remote procedure call (RPC) application or set of applications to beused as match criteria.
Options application-name-or-set Name of the application or application set used as matchcriteria.
Required PrivilegeLevel
securityTo view this statement in the configuration.security-controlTo add this statement to the configuration.
RelatedDocumentation
Junos OS Security Configuration Guide
39Copyright 2012, Juniper Networks, Inc.
Chapter4: Configuration Statements
-
8/10/2019 Security Utm
54/122
content-size (Security Antivirus Sophos Engine)
Syntax content-size (block | log-and-permit | permit);
Hierarchy Level [edit security utm feature-profile anti-virus sophos-engine profile profile-namefallback-options]
Release Information Statement introduced in Release 11.1 of Junos OS.
Description If the content size exceeds a set limit, the content is either passed or blocked.
NOTE: When youconfigure thecontent-sizevalue,keep inmind that incertaincases, content size is available in the protocol headers, so themax-content-size fallback is applied before a scan request is sent. However,
in many cases, content size is not provided in the protocol headers. In thesecases, the TCP payload is sent to the antivirusscannerand accumulates untilthe end of the payload. If the accumulated payload exceeds the maximumcontent sizevalue, thenmax-content-sizefallbackis applied. Youmight wantto set the fallback action to block, in which case such a packet is droppedand a block message is sent to the client.
Options block Log the error and deny the traffic
log-and-permit Log the error and permit the traffic
permit Permit the traffic
Required PrivilegeLevel
securityTo view this statement in the configuration.security-controlTo add this statement to the configuration.
RelatedDocumentation
Junos OS Security Configuration Guide
Copyright 2012, Juniper Networks, Inc.40
UTM Sophos Antivirus Protection for SecurityDevices
-
8/10/2019 Security Utm
55/122
content-size-limit
Syntax content-size-limit value ;
Hierarchy Level [edit security utm feature-profile anti-virus juniper-express-engine profile profile-namescan-options]
[edit security utm feature-profile anti-virus kaspersky-lab-engine profile profile-namescan-options]
[editsecurity utm feature-profileanti-virussophos-engine profile profile-name scan-options]
Release Information Statement introduced in Release 9.5 of Junos OS. Support for Sophos engine added inRelease 11.1 of Junos OS.
Description The content size check occurs before the scan request is sent. The content size refers toaccumulated TCP payload size.
Range: 20 through 20,000
Required PrivilegeLevel
securityTo view this statement in the configuration.security-controlTo add this statement to the configuration.
RelatedDocumentation
Junos OS Security Configuration Guide
custom-message (Security Email Notify)
Syntax custom-message message ;
Hierarchy Level [edit security utm feature-profile anti-virus juniper-express-engine pattern-update
email-notify][editsecurityutm feature-profileanti-virus kaspersky-lab-enginepattern-update email-notify][edit security utm feature-profile anti-virus sophos-engine pattern-update email-notify]
Release Information Statement introduced in Release 9.5 of Junos OS. Support for Sophos engine added inRelease 11.1 of Junos OS.
Description You can configure the device to notify a specified administrator when patterns areupdated. This is an email notification with a custom message.
Required PrivilegeLevel
securityTo view this statement in the configuration.security-controlTo add this statement to the configuration.
RelatedDocumentation
Junos OS Security Configuration Guide
41Copyright 2012, Juniper Networks, Inc.
Chapter4: Configuration Statements
-
8/10/2019 Security Utm
56/122
custom-message (Security Fallback Block)
Syntax custom-message message ;
Hierarchy Level [edit security utm feature-profile anti-virus juniper-express-engine profile profile-namenotification-options fallback-block]
[edit security utm feature-profile anti-virus kaspersky-lab-engine profile profile-namenotification-options fallback-block]
[edit security utm feature-profile anti-virus sophos-engine profile profile-namenotification-options fallback-block]
Release Information Statement introduced in Release 9.5 of Junos OS. Support for Sophos engine added inRelease 11.1 of Junos OS.
Description Custom message notifications are mainly used in file replacement or in a responsemessage when the antivirus scan result is to drop the file.
Required PrivilegeLevel
securityTo view this statement in the configuration.security-controlTo add this statement to the configuration.
RelatedDocumentation
Junos OS Security Configuration Guide
custom-message (Security Fallback Non-Block)
Syntax custom-message message ;
Hierarchy Level [edit security utm feature-profile anti-virus juniper-express-engine profile profile-namenotification-options fallback-non-block]
[edit security utm feature-profile anti-virus kaspersky-lab-engine profile profile-namenotification-options fallback-non-block]
[edit security utm feature-profile anti-virus sophos-engine profile profile-namenotification-options fallback-non-block]
Release Information Statement introduced in Release 9.5 of Junos OS. Support for Sophos engine added inRelease 11.1 of Junos OS.
Description Custom message notifications are mainly used in file replacement or in a responsemessage when the antivirus scan result is to drop the file.
Required PrivilegeLevel
securityTo view this statement in the configuration.security-controlTo add this statement to the configuration.
RelatedDocumentation
Junos OS Security Configuration Guide
Copyright 2012, Juniper Networks, Inc.42
UTM Sophos Antivirus Protection for SecurityDevices
-
8/10/2019 Security Utm
57/122
custom-message (Security Virus Detection)
Syntax custom-message message ;
Hierarchy Level [edit security utm feature-profile anti-virus juniper-express-engine profile profile-namenotification-options virus-detection]
[edit security utm feature-profile anti-virus kaspersky-lab-engine profile profile-namenotification-options virus-detection]
[edit security utm feature-profile anti-virus sophos-engine profile profile-namenotification-options virus-detection]
Release Information Statement introduced in Release 9.5 of Junos OS. Support for Sophos engine added inRelease 11.1 of Junos OS.
Description Custom message notifications are mainly used in file replacement or in a responsemessage when the antivirus scan result is to drop the file.
Required PrivilegeLevel
securityTo view this statement in the configuration.security-controlTo add this statement to the configuration.
RelatedDocumentation
Junos OS Security Configuration Guide
custom-message-subject (Security Email Notify)
Syntax custom-message-subject message-subject ;
Hierarchy Level [edit security utm feature-profile anti-virus juniper-express-engine pattern-updateemail-notify]
[editsecurityutm feature-profileanti-virus kaspersky-lab-enginepattern-update email-notify][edit security utm feature-profile anti-virus sophos-engine pattern-update email-notify]
Release Information Statement introduced in Release 9.5 of Junos OS. Support for Sophos engine added inRelease 11.1 of Junos OS.
Description You can configure the device to notify a specified administrator when patterns areupdated. This is an email notification with a custom message and a custom subject line.