Creating an AV profile
You must configure AV profiles to use the anti-virus service module, which can be done either from the GUI or the Console. Once created, you can include your AV profiles when creating advanced virtual server profiles that use the HTTP, HTTPS, or SMTP protocol. For more information, refer to Configuring virtual servers.
Configure AV profiles from the GUI
To configure an AV profile from the GUI:
- Click Network Security > Anti Virus.
- Select the Profile tab.
- Click the Create New button.
- Make the entries or selections as described in AV profile configuration.
- Click Save when done.
| Settings | Description |
| Name |
A unique name for the AV profile. An AV profile name can contain up to 63 alphanumeric characters. |
| Comments |
A brief description of the profile. A description can be up to 1024 alphanumeric characters long. |
| Uncomp Size Limit |
The maximum size in MB of the memory buffer used to temporarily decompress files. The default is 2 MB. Valid values range from 1 to 2000 MB. |
| Uncomp Nest Limit |
The maximum number of levels of nesting (compression) allowed for the system to decompress. The default is 2. Valid values range from 2 to 100. |
| Scan Bzip2 |
Scan archives using the bzip2 algorithm. This is disabled by default. |
| Streaming Content Bypass |
Enable or disable bypass streaming content (rather than buffering it). This is enabled by default. |
| Oversize Limit |
The maximum in-memory file size in KB to be scanned. The default is 1024 KB. Valid values range from 1 to 12000000 KB. Note: For AV files larger than 1000 KB, the device memory must be larger than 32 GB to support the scan. |
| Oversize |
Select one of the options for the system to handle over-sized files:
The default option is Bypass. |
| Options |
Select an option for the system to handle infected files:
The default is AV Monitor. |
| Emulator |
Enable or disable the Win32 Emulator. This is disabled by default to improve throughput. |
| FSA Analytics |
Select an option to submit files to to FortiSandbox.
The default is Disable. |
| Analytics Max Upload |
The maximum file size in KB allowed to upload to FortiSandbox. The default is 1024 KB. Valid values range from 1 to 2048 KB. |
| Analytics DB |
Enable or disable supplementing the AV signature databases with the FortiSandbox signature database. This is disabled by default. |
| AV Virus Log |
Enable or disable logging for anti-virus scanning. This is enabled by default. |
Note that FortiADC currently imposes no restriction on the types of files that can be uploaded for AV analysis or evaluation. When scanning files for viruses, it makes no distinction between viruses and Trojans, and submits all suspicious files to FortiSandbox for evaluation. A log is generated whenever a file is uploaded to FortiSandbox.
Configure AV profiles from the Console
To configure an AV profile from the Console, execute the following commands:
config security antivirus profile
edit <name_str>
set comment <var-string>
set uncomp-size-limit <limit_int>
set uncomp-nest-limit <limit_int>
set scan-bzip2 {enable | disable}
set streaming-content-bypass {enable | disable}
set oversize-limit <size_int>
set oversize {bypass | log | block}
set options {avmonitor | quarantine}
set emulator {enable | disable}
set fsa-analytics {disable | suspicious | everything}
set analytics-max-upload <integer>
set analytics-db {disable | enable}
set av-virus-log {enable | disable}
end