Note: Juniper Networks supports external or internal antivirus (AV) on select devices. Your security device communicates with the external AV scan engine using Internet Content Adaptation Protocol (ICAP).
A virus is an executable code that infects or attaches itself to other executable code to reproduce itself. Some viruses are malicious, erasing files or locking up systems. Others present a problem merely by infecting other files, as their propagation can overwhelm the infected host or network with excessive amounts of bogus data.
This page allows you to configure global AV and HTTP settings.
When Unable to Scan: Select the Permit option to allow unexamined traffic when an error condition occurs. Select Block all traffic to block all traffic when an error condition occurs.
These options control the behavior of the security device when the scan engine cannot scan traffic--either permit or block the unexamined traffic. By default, a security device blocks HTTP and SMTP traffic that a policy with antivirus checking enabled permits.
Maximum
AV Resources Allowed per AV Client
Maximum AV Resources Allowed per AV Client: Determines how many resources (number of connections, expressed as a percentage of total resources) the client can use. Default value: 70.
Trickling: HTTP trickling is the forwarding of specified amounts of unscanned HTTP traffic to the requesting HTTP client to prevent the browser window from timing out while the scan manager examines downloaded HTTP files. (The security device forwards small amounts of data in advance of transferring an entire scanned file.)
Disable: Select this option to disable HTTP trickling. HTTP trickling is disabled by default.
Default: Select this option to enable HTTP trickling using the stated predefined parameters.
Custom: Select this option to enable HTTP trickling using user-defined parameters for the following:
Trickle when file size exceed: Enter the minimum size (in KB) of an HTTP file to trigger trickling.
Trickle Size: Enter the size (a non-zero value in bytes) of unscanned traffic that the security device forwards to the client.
Trickle for Every KB Sent for Scanning: Enter the size (in KB) of a block of traffic to which the security device applies trickling.
Trickle Interval: Enter a value between 0-600 seconds. The value 0 indicates that time-based trickling is disabled.
AV Warning Message: Enter or edit the warning message that the security device sends to the client when a virus is detected. The maximum string length for the warning message is 500 characters.
AV Notify Mail Charset: Enter the character set of the notification mail so it displays correctly. The maximum string length for AV Notify Mail Charset is 15 characters.
AV Notify Mail Source: Enter or edit the source address that the security device uses when it sends an AV notify mail to the client. The maximum string length for AV Notify Mail Source is 63 characters.
AV Notify Mail Subject: Enter or edit the mail subject that the security device uses to send AV notify mail to the client. The maximum string length for AV Notify Mail Subject is 500 characters. By default, the default mail subject is Mail Delivery Failure.