antivirus quarantine
Configure the antivirus file quarantine options. FortiGate units with a hard disk or a connection to a FortiAnalyzer unit can quarantine files. FortiGate features such as virus scanning can also quarantine files.
MM1, MM3, MM4, and MM7 traffic types are only supported in FortiOS Carrier. |
config antivirus quarantine set agelimit {integer} Age limit for quarantined files (0 - 479 hours, 0 means forever). range[0-479] set maxfilesize {integer} Maximum file size to quarantine (0 - 500 Mbytes, 0 means unlimited). range[0-500] set quarantine-quota {integer} The amount of disk space to reserve for quarantining files (0 - 4294967295 Mbytes, depends on disk space). range[0-4294967295] set drop-infected {option} Do not quarantine infected files found in sessions using the selected protocols. Dropped files are deleted instead of being quarantined. imap IMAP. smtp SMTP. pop3 POP3. http HTTP. ftp FTP. nntp NNTP. imaps IMAPS. smtps SMTPS. pop3s POP3S. https HTTPS. ftps FTPS. mapi MAPI. cifs CIFS. mm1 MM1. mm3 MM3. mm4 MM4. mm7 MM7. set store-infected {option} Quarantine infected files found in sessions using the selected protocols. imap IMAP. smtp SMTP. pop3 POP3. http HTTP. ftp FTP. nntp NNTP. imaps IMAPS. smtps SMTPS. pop3s POP3S. https HTTPS. ftps FTPS. mapi MAPI. cifs CIFS. mm1 MM1. mm3 MM3. mm4 MM4. mm7 MM7. set drop-blocked {option} Do not quarantine dropped files found in sessions using the selected protocols. Dropped files are deleted instead of being quarantined. imap IMAP. smtp SMTP. pop3 POP3. http HTTP. ftp FTP. nntp NNTP. imaps IMAPS. smtps SMTPS. pop3s POP3S. ftps FTPS. mapi MAPI. cifs CIFS. mm1 MM1. mm3 MM3. mm4 MM4. mm7 MM7. set store-blocked {option} Quarantine blocked files found in sessions using the selected protocols. imap IMAP. smtp SMTP. pop3 POP3. http HTTP. ftp FTP. nntp NNTP. imaps IMAPS. smtps SMTPS. pop3s POP3S. ftps FTPS. mapi MAPI. cifs CIFS. mm1 MM1. mm3 MM3. mm4 MM4. mm7 MM7. set drop-heuristic {option} Do not quarantine files detected by heuristics found in sessions using the selected protocols. Dropped files are deleted instead of being quarantined. imap IMAP. smtp SMTP. pop3 POP3. http HTTP. ftp FTP. nntp NNTP. imaps IMAPS. smtps SMTPS. pop3s POP3S. https HTTPS. ftps FTPS. mapi MAPI. cifs CIFS. mm1 MM1. mm3 MM3. mm4 MM4. mm7 MM7. set store-heuristic {option} Quarantine files detected by heuristics found in sessions using the selected protocols. imap IMAP. smtp SMTP. pop3 POP3. http HTTP. ftp FTP. nntp NNTP. imaps IMAPS. smtps SMTPS. pop3s POP3S. https HTTPS. ftps FTPS. mapi MAPI. cifs CIFS. mm1 MM1. mm3 MM3. mm4 MM4. mm7 MM7. set lowspace {drop-new | ovrw-old} Select the method for handling additional files when running low on disk space. drop-new Drop (delete) the most recently quarantined files. ovrw-old Overwrite the oldest quarantined files. That is, the files that are closest to being deleted from the quarantine. set destination {NULL | disk | FortiAnalyzer} Choose whether to quarantine files to the FortiGate disk or to FortiAnalyzer or to delete them instead of quarantining them. NULL Files that would be quarantined are deleted. disk Quarantine files to the FortiGate hard disk. FortiAnalyzer FortiAnalyzer end
Additional information
The following section is for those options that require additional explanation.
agelimit <hours>
Note: This entry is only available when destination is set to either disk or FortiAnalyzer.
Set the age limit in hours for how long files are kept in quarantine. Set the range between 0-479 (or no limit to just under 20 days). The default is 0.
destination {NULL | disk | FortiAnalyzer}
Set the destination where files are quarantined:
- NULL: No files are quarantined.
- disk: Files are quarantined using the FortiGate's hard disk (if present).
- FortiAnalyzer: Files are quarantined using a FortiAnalyzer.
If the FortiGate has a hard disk, the default is disk. If no hard disk is available, the default is NULL.
drop-blocked {imap | smtp | pop3 | http | ftp | nntp | imaps | smtps | pop3s | https | ftps | mapi | mm1 | mm3 | mm4 | mm7}
Drop blocked files found in traffic for the specified protocols. By default, no files are dropped.
drop-heuristic {imap | smtp | pop3 | http | ftp | nntp | imaps | smtps | pop3s | https | ftps | mapi | mm1 | mm3 | mm4 | mm7}
Drop files found by heuristic scanning in traffic for the specified protocols. By default, no files are dropped.
drop-infected {imap | smtp | pop3 | http | ftp | mm1 | mm3 | mm4 | mm7}
For FortiOS Carrier, drop intercepted files found in traffic for the specified protocols. By default, no files are dropped.
lowspace {drop-new | ovrw-old}
Select the method for handling additional quarantined files when the FortiGate hard disk is running out of space:
- drop-new: Drop new quarantine files.
- ovrw-old: Overwrite the oldest file, or lowest TTL (set by default).
maxfilesize <mb>
Specify the maximum file size to quarantine in megabytes. Set the range between 0-500. 0 (set by default) means unlimited.
quarantine-quota <mb>
Set the antivirus quarantine quota in megabytes, which is the amount of disk space to reserve for quarantining files. The maximum limit depends on the FortiGate's total disk space. 0 (set by default) means unlimited.
store-blocked {imap | smtp | pop3 | http | ftp | nntp | imaps | smtps | pop3s | https | ftps | mapi | mm1 | mm3 | mm4 | mm7}
Quarantine blocked files found in traffic for the specified protocols. By default, all protocols are specified.
store-heuristic {imap | smtp | pop3 | http | ftp | nntp | imaps | smtps | pop3s | https | ftps | mapi | mm1 | mm3 | mm4 | mm7}
Quarantine files found by heuristic scanning in traffic for the specified protocols. By default, all protocols are specified.
store-infected {imap | smtp | pop3 | http | ftp | nntp | imaps | smtps | pop3s | https | ftps | mapi | mm1 | mm3 | mm4 | mm7}
Quarantine virus infected files found in traffic for the specified protocols. By default, all protocols are specified.