Juniper NETWORK AND SECURITY MANAGER 2010.4 - CONFIGURING SCREENOS DEVICES GUIDE REV 01 Manual page 206

Configuring ScreenOS Devices Guide
Table 42: Antivirus Scanner Settings
Antivirus Scanner Options
Fail Mode Traffic Permit
Maximum AV resources allowed per
AV client
HTTP keep alive
Trickling
Warning message for virus notification
Subject of virus notification e-mail
Source address of notification e-mail
Charset of virus notification e-mail
182
Description
Select this check box if you want the device to forward unexamined traffic when it fails
to contact the antivirus scanner. If you want the device to block unexamined traffic,
leave the box clear.
Set the maximum percentage of device resources a single source can occupy at one
time. Prevent one source from overwhelming the device.
Select this check box to keep the HTTP connection alive while antivirus scanning occurs.
Forward some HTTP traffic to the requesting client so the browser does not time out
during the antivirus scan. The following are the trickling settings and its respective steps
for configuration:
Disable — Disables HTTP trickling.
Default — Enables HTTP trickling using the stated predefined parameters. If content
length is larger than 3 MB, trickle 500 bytes for every 1 MB sent for scanning.
Custom — Enables HTTP trickling using user-defined parameters.
To configure trickling:
1. In the Minimum length to start trickling (MB) box, select the minimum size (in
megabytes) of an HTTP file to trigger trickling. Note that you must enter a valid
integer value less than 4096.
2. In the Trickle for every (MB) box, select the size (in megabytes) of a block of
traffic to which the security device applies trickling.
3. In the Trickle size box (Bytes) box, select the size (in bytes) of unscanned traffic
that the security device forwards.
For FTP, HTTP, IMAP, POP3, and SMTP only. Allows you to customize the warning
message for virus notification. When a virus is detected, the AV scanner appends the
customized warning message to the default message and the device sends the message
to the client. If you do not set a customized message, the AV scanner sends only the
default warning message.
For IMAP, POP3, and SMTP only. Allows you to set a customized subject for virus
notification e-mail. When the AV scanner sends an AV notification e-mail to the client
on detecting a virus, the AV scanner uses the default e-mail subject, if you do not set
the customized subject. You can configure the AV scanner to use a customized subject
for the virus notification email.
For IMAP, POP3, and SMTP only. Allows you to set a customized source address for
virus notification e-mail. When the AV scanner sends an AV notification e-mail to the
client on detecting a virus, by default, the AV scanner uses the IP address of the security
device. You can configure the AV scanner to use a customized source address for the
virus notification e-mail.
For IMAP, POP3, and SMTP only. Allows you to enter the character set for the notification
e-mail. If the notification e-mail includes Japanese or other double-byte characters,
you can specify the character set to be used to display the notification e-mail. For
example, if the virus notification e-mail includes Japanese characters, you can set the
charset to shift_jis.
Copyright © 2010, Juniper Networks, Inc.