I'm hoping someone can explain the difference/ mechanism surrounding the Juniper download for AV from download.juniper.net and the ESAP update we do every month or so. My understanding was that the ESAP was cumulative and once applied to the device, it will be the list the host checker refers too. The ESAP is then updated by the hourly downloads from download.juniper.net under the AV monitoring section.
However, I have just noticed the my pre-prod Juniper has had 'SSL failed-unable to download from download.juniper.net' for the past 3 months, but this has not affected any clients who are connecting to the pre-prod box... Any ideas as to how the two talk to each other, if in fact they do at all?
ESAP: the plugin component to check the endpoint integrity. This utilizes the OPSWAT library.
download.juniper.net: the list of definitions for the virus signatures
Thank you Braker and Zanyterp,
Another question then. If download.juniper.net keeps the virus definitions up to date, and it has not successfully connected for the last 3 months, then how are my users able to pass hostchecker and login to the VPN to work as normal? Is the error from my virus definition update just a red herring?
ESAP provide the functionality to assess the client system, including detecting the presence and status of anti-virus software.
The epupdate.xml file is a list of the virus definitions versions and release dates for the various AV products. It is used by Host Checker to determine if a client's definitions are up-to-date.
The epupdate file only comes into play if you have virus signature monitoring enabled. It is possible have Host Checker validate the presence of anti-virus software but not validate the version of virus definition running on that software.
If you do have version monitoring enabled but your epupdate file is not updating, my understanding is that virus definitions newer than those listed in the last successful download of epupdate (by date or version number, depending on your settings) will qualify.
More correctly said, the setting "Check for the Virus Definition files" determines if the client's virus definitions are evaluated against those listed in the epupdate file. Again, anything newer than what is listed in epupdate automatically qualify.
How does ESAP check and confirm the Antivirus out of date.
For Ex. If we are using McAfee VSE. Does it check for VSE version or DAT updated ? if DAT, is it check for latest DAT ?