Configuring Icap Av Servers And Profiles - Juniper NETWORK AND SECURITY MANAGER 2010.4 - ADMININISTRATION GUIDE REV1 Administration Manual

Network and Security Manager Administration Guide
376
Email Notify Scan-Error Sender (IMAP, POP3, SMTP only): Notifies an e-mail sender
if the e-mail was dropped due to a scan error.
Email Notify Scan-Error Recipient (IMAP, POP3, SMTP only): Notifies an e-mail
recipient if the e-mail was passed due to a scan error.
Configuring Extension Lists
You can configure AV profiles to scan (or not scan) files based on their file extension.
File extension include lists and exclude lists are the same kind of lists. They become
include or exclude lists depending on how they are added to a profile.
To create a file extension list object, select Object Manager > UTM >ScreenOS >AV
Objects > Internal > Extension lists. Click Add.
Populate the following fields in the New Internal Antivirus Ext List dialog:
Name: Give the extension list a descriptive name.
Color: Assign a color, if desired.
Comment: Provide a comment describing the list and its use.
File Extension: Enter a list of file extensions, separated by semicolons. Example:
html;htm;jpg.

Configuring ICAP AV Servers and Profiles

Before a security device can forward traffic to an ICAP AV server, you must create a server
object in NSM. You can create multiple server objects and assign some or all of them to
server groups. You can then assign this server object or server group to an AV profile, then
assign that profile to a security policy.
To specify a server, you will need the following information:
Name: The name of the ICAP server as it will appear in the NSM GUI.
Host: The IP address of the ICAP server.
Port: The ICAP server port. (Default: 1143)
Enable: If selected, indicates that the server should be reachable and usable by a
security device. Deselect this check box if the server is unavailable or should not be
used by a security device.
Probe URL: The path on the ICAP AV server to probe for availability.
Probe Interval (in seconds and multiples of 5): Indicates how often the security device
should check to see that the server is in service and available to process traffic. If this
value is set to 0, then the security device will assume that the ICAP service is available
at all times. If it is set to a positive number of seconds, the security device will check
the server's status at that interval. If the server returns as in-service, the security device
will send it traffic. If it returns as out-of-service, the security device will not send traffic.
Maximum Connections: The maximum number of TCP connections between the
security device and the ICAP AV server.
Copyright © 2010, Juniper Networks, Inc.