AN Antivirus profile provides Valtix customers with the ability to specify the Ruleset definitions version for use with the ClamAV virus detection engine and the action to take when a virus definition match occurs in the traffic. ClamAV® is an antivirus engine for detecting trojans, viruses, malware & other malicious threats.
The following steps will guide you creating an Antivirus profile and associate it with a Policy Rule.
Create the Profile¶
- Navigate to Manage -> Profiles -> Network Threats
- Click Create Intrusion Profile
- Select AntiVirus
- Provide a name and description
- Click Manual or Automatic mode for Talos Ruleset Version selection
- In Manual mode, select the Talos Ruleset Version from dropdown. The selected ruleset version is used by the Valtix datapath engine on all gateways which use this profile and is not automatically updated to newer ruleset versions.
- In Automatic mode, select how many days to delay the deployment by, after the ruleset version is published by Valtix. New rulesets are published daily by Valtix and the gateways using this profile are automatically updated to the latest ruleset version which is N days or older, where N is the "delay by days" argument selected from the dropdown. For example, if you select to delay the deployment by 5 days on Jan 10, 2021, the Valtix controller will select a ruleset version which was published on Jan 5th or before. Note that Valtix may not publish on some days if our internal testing with that ruleset version fails for some reason.
- Select the desired Action to take when a match for a virus signature is found
Associate the Profile¶
Check this document to create/edit rules