Antivirus Scanning Profile for Instant Messaging Traffic

Note: Juniper Networks supports internal (scan engine embedded in the device) or external antivirus (AV) on select devices.

ScreenOS provides internal AV scanning for popular public Instant Messaging (IM) applications. Edit the following options to configure an AV profile for scanning IM traffic:

Profile name: Displays the AV profile name.

AOL Instant Messenger (AIM) / ICQ

To Scan AIM / ICQ Traffic

AIM / ICQ Scan Enable: Select the checkbox to enable scanning of AIM / ICQ traffic. By default, scanning is enabled.

Scan Mode: Select the appropriate scan mode:

Decompress Layer: Enter a value between 1 and 8 (maximum value is device-specific). The value specifies how many layers of nested compressed files the internal AV scanner can decompress before it executes the virus scan. Refer to the Release Notes for the maximum value for each device. The default setting for AIM/ICQ protocols is 3. See Example.

If a message contains a compressed .zip file that contains another compressed .zip file, there are two compression layers, and decompressing both files requires a decompress-layer setting of 2. Valid settings are between 1 and 4, so the AV scanner can decompress up to 4 layers of compressed files.

Note: Some protocols use a content encoding layer when transmitting data. The AV scan engine decodes this layer before scanning for viruses. Decoding this content is considered one layer of decompression.

Include Extension List: Select a file extension list to include for AV scanning. This option instructs the security device to only scan files with extensions specified in the file extension list. Make sure Scan Mode is set to Scan By Extension. To create a file extension list, see File Extension Configuration.

Exclude Extension List: Select an extension list to exclude from AV scanning. This option instructs the security device to not scan files with extensions specified in the list.  Make sure Scan Mode is set to Scan By Extension.  To create a file extension list, see File Extension Configuration.

Action for Unknown Version: Use this option to control scanning behavior when processing IM traffic for unsupported versions of AIM or ICQ protocols:

Timeout: Enter a value between 1 and 1800 seconds to specify the timeout value for AV scanning. The default is 180 seconds.

Yahoo! Messenger

To Scan Yahoo! Messenger Traffic

Yahoo! Messenger Scan Enable: Select the checkbox to enable scanning of Yahoo! Messenger traffic. By default, scanning is enabled.

Scan Mode: Select the appropriate scan mode:

Decompress Layer: Enter a value between 1 and 8 (maximum value is device-specific). The value specifies how many layers of nested compressed files the internal AV scanner can decompress before it executes the virus scan. Refer to the Release Notes for the maximum value for each device. The default value for this protocol is 3. See Example.

If a message contains a compressed .zip file that contains another compressed .zip file, there are two compression layers, and decompressing both files requires a decompress-layer setting of 2. Valid settings are between 1 and 4, so the AV scanner can decompress up to 4 layers of compressed files.

Note: Some protocols perform content encoding when transmitting data. The AV scan engine decodes this layer before scanning for viruses. Decoding this content is considered one layer of decompression.

Include Extension List: Select an extension list to include for AV scanning. This option instructs the security device to only scan files with extensions specified in the file extension list. Make sure Scan Mode is set to Scan By Extension. To create a file extension list, see File Extension Configuration.

Exclude Extension List: Select an extension list to exclude from AV scanning. This option instructs the security device to not scan files with extensions specified in the list. Make sure Scan Mode is set to Scan By Extension. To create a file extension list, see File Extension Configuration.

Action for Unknown Version: Use this option to control scanning behavior when processing IM traffic for unsupported versions of Yahoo! Messenger protocols:

Timeout: Enter a value between 1 and 1800 seconds to specify the timeout value for AV scanning. The default is 180 seconds.

Windows Live Messenger / MSN

To Scan MSN Messenger Traffic

MSN Messenger Scan Enable: Select the checkbox to enable scanning of MSN Messenger traffic. By default, scanning is enabled.

Scan Mode: Select the appropriate scan mode:

Decompress Layer: Enter a value between 1 and 8 (maximum value is device-specific). The value specifies how many layers of nested compressed files the internal AV scanner can decompress before it executes the virus scan. Refer to the Release Notes for the maximum value for each device. The default value for this protocol is 3. See Example.

If a message contains a compressed .zip file that contains another compressed .zip file, there are two compression layers, and decompressing both files requires a decompress-layer setting of 2. Valid settings are between 1 and 4, so the AV scanner can decompress up to 4 layers of compressed files.

Note: Some protocols use a content encoding layer when transmitting data. The AV scan engine decodes this layer before scanning for viruses. Decoding this content is considered one layer of decompression.

Include Extension List: Select an extension list to include for AV scanning. This option instructs the security device to only scan files with extensions specified in the file extension list. Make sure Scan Mode is set to Scan By Extension. To create a file extension list, see File Extension Configuration.

Exclude Extension List: Select an extension list to exclude from AV scanning. This option instructs the security device to not scan files with extensions specified in the list.  Make sure Scan Mode is set to Scan By Extension. To create a file extension list, see File Extension Configuration.

Supported Version

Action For Unknown Protocol Version: Use this option to control scanning behavior when processing IM traffic for unsupported versions of MSN Messenger protocol:

Timeout: Enter a value between 1 and 1800 seconds to specify the timeout value for AV scanning. The default is 180 seconds.