Note: Juniper Networks supports external or internal antivirus (AV) on select devices. Your security device communicates with the external AV scan engine using Internet Content Adaptation Protocol (ICAP).
Edit the following options to configure an antivirus (AV) profile for scanning SMTP traffic:
Profile name: Displays the AV profile name
Enable: Click the check box to enable scanning of SMTP traffic. By default, scanning is enabled.
Scan Mode: This option applies for internal AV scanning only. Select the appropriate scan mode:
scan-all: Select this mode to scan all traffic at all times.
scan-intelligent: This default mode specifies the AV engine to use an algorithm that scans the traffic for the most common and prevalent viruses, including ensuring the file type is true and that it does not infect other files directly. Although this option is not as broad in coverage as scan-all, it provides better performance.
scan-ext: Select this mode if you want all scanning decisions to be based on the file extensions in the traffic.
Decompress Layer: This
option applies for internal AV scanning only. Enter a value between
1 and 4. The value specifies how many layers of nested compressed files
the internal AV scanner can decompress before it executes the virus scan.
The default setting for SMTP is 3. See Example.
If a message contains a compressed .zip file that contains another compressed .zip file, there are two compression layers, and decompressing both files requires a decompress-layer setting of 2. Valid settings are between 1 and 4, so the AV scanner can decompress up to 4 layers of compressed files.
Include Extension List: This option applies for internal AV scanning only. Select an extension list to include for AV scanning. This option instructs the security device to only scan files with extensions specified in the file extension list. Make sure the above scan-mode option is set to scan-ext. To create a file extension list, see File Extension Configuration.
Exclude Extension List: This option applies for internal AV scanning only. Select an extension list to exclude from AV scanning. This option instructs the security device to not scan files with extensions specified in the list. Make sure the above scan-mode option is set to scan-ext. To create a file extension list, see File Extension Configuration.
Virus Detection Notify with Protocol Code: Click this check box to enable the AV scanner to drop the infected packet and send a warning message to the SMTP client.
Email Notify: Notifies the sender or recipient about detected viruses or scanning errors.
Notify Sender for Dropped
Email (Virus Detection): Notifies the sender if a virus is found
in an email message.
Notify Sender for Dropped Email (Unable to Scan): Notifies the sender
if an email message is dropped as a result of a scan error.
Notify Recipient for Email Unable to Scan: Notifies the recipient
if an email message is passed as a result of a scan error.