Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions

    • CLI Reference

    Home FortiADC 7.4.5 CLI Reference
    7.4.5
    7.6.0
    7.4.5
    7.4.4
    7.4.3
    7.4.2
    7.4.1
    7.4.0
    7.2.7
    7.2.6
    7.2.5
    7.2.4
    7.2.3
    7.2.2
    7.2.1
    7.2.0
    7.1.4
    7.1.3
    7.1.2
    7.1.1
    7.1.0
    7.0.5
    7.0.4
    7.0.3
    7.0.2
    7.0.1
    7.0.0
    6.2.6
    6.2.5
    6.2.4
    6.2.3
    6.2.2
    6.2.1
    6.2.0
    6.1.6
    6.1.5
    6.1.4
    6.1.3
    6.1.2
    6.1.1
    6.1.0
    6.0.2
    6.0.1
    6.0.0
    5.4.5
    5.4.3
    5.4.2
    5.4.1
    5.4.0
    5.3.0
    4.8.1
    4.7.0

    config security antivirus profile

    config security antivirus profile

    Use this command to configure an anti-virus profile.

    In many cases, you can use a predefined AV profile, and you are not required to create a new AV profile of your own.

    Before you begin, make sure that you have read-write permission to configure the system's security settings.

    After you have created an anti-virus profile, you can include it in HTTP or HTTPS virtual service profiles.

    Syntax

    config security antivirus profile

    edit <name>

    set comments <string>

    set uncomp-size-limit <integer>

    set uncomp-nest-limit <integer>

    set scan-bzip2 {enable | disable}

    set streaming-content-bypass {enable | disable}

    set oversize-limit <integer>

    set oversize {bypass | log | block}

    set options {avmonitor | quarantine}

    set emulator {enable | disable}

    set fsa-analytics {disable | suspicious | all}

    set analytics-max-upload <integer>

    set analytics-db {disable | enable}

    set av-virus-log {disable | enable}

    next

    end

    uncomp-size-limit The maximum size in MB of the memory buffer used to temporarily decompress files. (Range: 1 - 2000 MB, default: 2 MB).
    uncomp-nest-limit The maximum number of levels of nesting (compression) allowed to decompress.
    scan-bzip2 Enable or disable bzip2 scanning algorithm.
    streaming-content-bypass Enable or disable bypass streaming content (rather than buffering it).
    oversize-limit

    The maximum in-memory file size in KB to be scanned. (Range: 1 - 12000000 KB, default: 1024 KB).

    Note: For AV files larger than 1000 KB, the device memory must be larger than 32 GB to support the scan.
    options Select an option for the system to handle infected files.
    emulator Enable or disable Win32 Emulator.
    fsa-analytics Select an option to submit files to FortiSandbox.
    analytics-max-upload The maximum file size in KB allowed to upload to FortiSandbox.
    analytics-db Enable or disable FortiSandbox signature database.
    av-virus-log The maximum file size in KB allowed to upload to FortiSandbox.

    Example

    FortiADC-docs # config security antivirus profile

    FortiADC-docs (profile) # edit av_profile_01

    FortiADC-docs (av_profile_01) # set comments test_for_doc

    FortiADC-docs (av_profile_01) # set uncomp-size-limit 10

    FortiADC-docs (av_profile_01) # set uncomp-nest-limit 5

    FortiADC-docs (av_profile_01) # set scan-bzip2 enable

    FortiADC-docs (av_profile_01) # set streaming-content-bypass enable

    FortiADC-docs (av_profile_01) # set oversize-limit 1024

    FortiADC-docs (av_profile_01) # set oversize log

    FortiADC-docs (av_profile_01) # set options quarantine

    FortiADC-docs (av_profile_01) # set emulator enable

    FortiADC-docs (av_profile_01) # set fsa-analytics suspicious

    FortiADC-docs (av_profile_01) # set analytics-max-upload 1024

    FortiADC-docs (av_profile_01) # set analytics-db enable

    FortiADC-docs (av_profile_01) # set av-virus-log enable

    FortiADC-docs (av_profile_01) # next

    FortiADC-docs (profile) # end

    Reference to an AV profile

    Use the following commands to reference an AV profile to a HTTP/HTTPs or SMTP virtual service.

    Syntax

    config load-balance virtual-server

    edit <name>

    set av-profile <profile-name>

    end

    end

    Example

    FortiADC-docs # config load-balance virtual-server

    FortiADC-docs (virtual-server) # edit vs1

    FortiADC-docs (vs1) # set load-balance-profile LB_PROF_HTTP

    FortiADC-docs (vs1) # set av-profile av_profile_01

    FortiADC-docs (vs1) # end

    Previous
    Next

    config security antivirus profile

    config security antivirus profile

    Use this command to configure an anti-virus profile.

    In many cases, you can use a predefined AV profile, and you are not required to create a new AV profile of your own.

    Before you begin, make sure that you have read-write permission to configure the system's security settings.

    After you have created an anti-virus profile, you can include it in HTTP or HTTPS virtual service profiles.

    Syntax

    config security antivirus profile

    edit <name>

    set comments <string>

    set uncomp-size-limit <integer>

    set uncomp-nest-limit <integer>

    set scan-bzip2 {enable | disable}

    set streaming-content-bypass {enable | disable}

    set oversize-limit <integer>

    set oversize {bypass | log | block}

    set options {avmonitor | quarantine}

    set emulator {enable | disable}

    set fsa-analytics {disable | suspicious | all}

    set analytics-max-upload <integer>

    set analytics-db {disable | enable}

    set av-virus-log {disable | enable}

    next

    end

    uncomp-size-limit The maximum size in MB of the memory buffer used to temporarily decompress files. (Range: 1 - 2000 MB, default: 2 MB).
    uncomp-nest-limit The maximum number of levels of nesting (compression) allowed to decompress.
    scan-bzip2 Enable or disable bzip2 scanning algorithm.
    streaming-content-bypass Enable or disable bypass streaming content (rather than buffering it).
    oversize-limit

    The maximum in-memory file size in KB to be scanned. (Range: 1 - 12000000 KB, default: 1024 KB).

    Note: For AV files larger than 1000 KB, the device memory must be larger than 32 GB to support the scan.
    options Select an option for the system to handle infected files.
    emulator Enable or disable Win32 Emulator.
    fsa-analytics Select an option to submit files to FortiSandbox.
    analytics-max-upload The maximum file size in KB allowed to upload to FortiSandbox.
    analytics-db Enable or disable FortiSandbox signature database.
    av-virus-log The maximum file size in KB allowed to upload to FortiSandbox.

    Example

    FortiADC-docs # config security antivirus profile

    FortiADC-docs (profile) # edit av_profile_01

    FortiADC-docs (av_profile_01) # set comments test_for_doc

    FortiADC-docs (av_profile_01) # set uncomp-size-limit 10

    FortiADC-docs (av_profile_01) # set uncomp-nest-limit 5

    FortiADC-docs (av_profile_01) # set scan-bzip2 enable

    FortiADC-docs (av_profile_01) # set streaming-content-bypass enable

    FortiADC-docs (av_profile_01) # set oversize-limit 1024

    FortiADC-docs (av_profile_01) # set oversize log

    FortiADC-docs (av_profile_01) # set options quarantine

    FortiADC-docs (av_profile_01) # set emulator enable

    FortiADC-docs (av_profile_01) # set fsa-analytics suspicious

    FortiADC-docs (av_profile_01) # set analytics-max-upload 1024

    FortiADC-docs (av_profile_01) # set analytics-db enable

    FortiADC-docs (av_profile_01) # set av-virus-log enable

    FortiADC-docs (av_profile_01) # next

    FortiADC-docs (profile) # end

    Reference to an AV profile

    Use the following commands to reference an AV profile to a HTTP/HTTPs or SMTP virtual service.

    Syntax

    config load-balance virtual-server

    edit <name>

    set av-profile <profile-name>

    end

    end

    Example

    FortiADC-docs # config load-balance virtual-server

    FortiADC-docs (virtual-server) # edit vs1

    FortiADC-docs (vs1) # set load-balance-profile LB_PROF_HTTP

    FortiADC-docs (vs1) # set av-profile av_profile_01

    FortiADC-docs (vs1) # end

    Previous
    Next