Fortinet black logo

CLI Reference

antivirus quarantine

antivirus quarantine

Configure the antivirus file quarantine options. FortiGate units with a hard disk or a connection to a FortiAnalyzer unit can quarantine files. FortiGate features such as virus scanning can also quarantine files.

note icon MM1, MM3, MM4, and MM7 traffic types are only supported in FortiOS Carrier.
config antivirus quarantine
    set agelimit {integer}   Age limit for quarantined files (0 - 479 hours, 0 means forever). range[0-479]
    set maxfilesize {integer}   Maximum file size to quarantine (0 - 500 Mbytes, 0 means unlimited). range[0-500]
    set quarantine-quota {integer}   The amount of disk space to reserve for quarantining files (0 - 4294967295 Mbytes, depends on disk space). range[0-4294967295]
    set drop-infected {option}   Do not quarantine infected files found in sessions using the selected protocols. Dropped files are deleted instead of being quarantined.
            imap   IMAP.
            smtp   SMTP.
            pop3   POP3.
            http   HTTP.
            ftp    FTP.
            nntp   NNTP.
            imaps  IMAPS.
            smtps  SMTPS.
            pop3s  POP3S.
            https  HTTPS.
            ftps   FTPS.
            mapi   MAPI.
            cifs   CIFS.
            mm1    MM1.
            mm3    MM3.
            mm4    MM4.
            mm7    MM7.
    set store-infected {option}   Quarantine infected files found in sessions using the selected protocols.
            imap   IMAP.
            smtp   SMTP.
            pop3   POP3.
            http   HTTP.
            ftp    FTP.
            nntp   NNTP.
            imaps  IMAPS.
            smtps  SMTPS.
            pop3s  POP3S.
            https  HTTPS.
            ftps   FTPS.
            mapi   MAPI.
            cifs   CIFS.
            mm1    MM1.
            mm3    MM3.
            mm4    MM4.
            mm7    MM7.
    set drop-blocked {option}   Do not quarantine dropped files found in sessions using the selected protocols. Dropped files are deleted instead of being quarantined.
            imap   IMAP.
            smtp   SMTP.
            pop3   POP3.
            http   HTTP.
            ftp    FTP.
            nntp   NNTP.
            imaps  IMAPS.
            smtps  SMTPS.
            pop3s  POP3S.
            ftps   FTPS.
            mapi   MAPI.
            cifs   CIFS.
            mm1    MM1.
            mm3    MM3.
            mm4    MM4.
            mm7    MM7.
    set store-blocked {option}   Quarantine blocked files found in sessions using the selected protocols.
            imap   IMAP.
            smtp   SMTP.
            pop3   POP3.
            http   HTTP.
            ftp    FTP.
            nntp   NNTP.
            imaps  IMAPS.
            smtps  SMTPS.
            pop3s  POP3S.
            ftps   FTPS.
            mapi   MAPI.
            cifs   CIFS.
            mm1    MM1.
            mm3    MM3.
            mm4    MM4.
            mm7    MM7.
    set drop-heuristic {option}   Do not quarantine files detected by heuristics found in sessions using the selected protocols. Dropped files are deleted instead of being quarantined.
            imap   IMAP.
            smtp   SMTP.
            pop3   POP3.
            http   HTTP.
            ftp    FTP.
            nntp   NNTP.
            imaps  IMAPS.
            smtps  SMTPS.
            pop3s  POP3S.
            https  HTTPS.
            ftps   FTPS.
            mapi   MAPI.
            cifs   CIFS.
            mm1    MM1.
            mm3    MM3.
            mm4    MM4.
            mm7    MM7.
    set store-heuristic {option}   Quarantine files detected by heuristics found in sessions using the selected protocols.
            imap   IMAP.
            smtp   SMTP.
            pop3   POP3.
            http   HTTP.
            ftp    FTP.
            nntp   NNTP.
            imaps  IMAPS.
            smtps  SMTPS.
            pop3s  POP3S.
            https  HTTPS.
            ftps   FTPS.
            mapi   MAPI.
            cifs   CIFS.
            mm1    MM1.
            mm3    MM3.
            mm4    MM4.
            mm7    MM7.
    set lowspace {drop-new | ovrw-old}   Select the method for handling additional files when running low on disk space.
            drop-new  Drop (delete) the most recently quarantined files.
            ovrw-old  Overwrite the oldest quarantined files. That is, the files that are closest to being deleted from the quarantine.
    set destination {NULL | disk | FortiAnalyzer}   Choose whether to quarantine files to the FortiGate disk or to FortiAnalyzer or to delete them instead of quarantining them.
            NULL           Files that would be quarantined are deleted.
            disk           Quarantine files to the FortiGate hard disk.
            FortiAnalyzer  FortiAnalyzer
end

Additional information

The following section is for those options that require additional explanation.

agelimit <hours>

Note: This entry is only available when destination is set to either disk or FortiAnalyzer.

Set the age limit in hours for how long files are kept in quarantine. Set the range between 0-479 (or no limit to just under 20 days). The default is 0.

destination {NULL | disk | FortiAnalyzer}

Set the destination where files are quarantined:

  • NULL: No files are quarantined.
  • disk: Files are quarantined using the FortiGate's hard disk (if present).
  • FortiAnalyzer: Files are quarantined using a FortiAnalyzer.

If the FortiGate has a hard disk, the default is disk. If no hard disk is available, the default is NULL.

drop-blocked {imap | smtp | pop3 | http | ftp | nntp | imaps | smtps | pop3s | https | ftps | mapi | mm1 | mm3 | mm4 | mm7}

Drop blocked files found in traffic for the specified protocols. By default, no files are dropped.

drop-heuristic {imap | smtp | pop3 | http | ftp | nntp | imaps | smtps | pop3s | https | ftps | mapi | mm1 | mm3 | mm4 | mm7}

Drop files found by heuristic scanning in traffic for the specified protocols. By default, no files are dropped.

drop-infected {imap | smtp | pop3 | http | ftp | mm1 | mm3 | mm4 | mm7}

For FortiOS Carrier, drop intercepted files found in traffic for the specified protocols. By default, no files are dropped.

lowspace {drop-new | ovrw-old}

Select the method for handling additional quarantined files when the FortiGate hard disk is running out of space:

  • drop-new: Drop new quarantine files.
  • ovrw-old: Overwrite the oldest file, or lowest TTL (set by default).

maxfilesize <mb>

Specify the maximum file size to quarantine in megabytes. Set the range between 0-500. 0 (set by default) means unlimited.

quarantine-quota <mb>

Set the antivirus quarantine quota in megabytes, which is the amount of disk space to reserve for quarantining files. The maximum limit depends on the FortiGate's total disk space. 0 (set by default) means unlimited.

store-blocked {imap | smtp | pop3 | http | ftp | nntp | imaps | smtps | pop3s | https | ftps | mapi | mm1 | mm3 | mm4 | mm7}

Quarantine blocked files found in traffic for the specified protocols. By default, all protocols are specified.

store-heuristic {imap | smtp | pop3 | http | ftp | nntp | imaps | smtps | pop3s | https | ftps | mapi | mm1 | mm3 | mm4 | mm7}

Quarantine files found by heuristic scanning in traffic for the specified protocols. By default, all protocols are specified.

store-infected {imap | smtp | pop3 | http | ftp | nntp | imaps | smtps | pop3s | https | ftps | mapi | mm1 | mm3 | mm4 | mm7}

Quarantine virus infected files found in traffic for the specified protocols. By default, all protocols are specified.

antivirus quarantine

Configure the antivirus file quarantine options. FortiGate units with a hard disk or a connection to a FortiAnalyzer unit can quarantine files. FortiGate features such as virus scanning can also quarantine files.

note icon MM1, MM3, MM4, and MM7 traffic types are only supported in FortiOS Carrier.
config antivirus quarantine
    set agelimit {integer}   Age limit for quarantined files (0 - 479 hours, 0 means forever). range[0-479]
    set maxfilesize {integer}   Maximum file size to quarantine (0 - 500 Mbytes, 0 means unlimited). range[0-500]
    set quarantine-quota {integer}   The amount of disk space to reserve for quarantining files (0 - 4294967295 Mbytes, depends on disk space). range[0-4294967295]
    set drop-infected {option}   Do not quarantine infected files found in sessions using the selected protocols. Dropped files are deleted instead of being quarantined.
            imap   IMAP.
            smtp   SMTP.
            pop3   POP3.
            http   HTTP.
            ftp    FTP.
            nntp   NNTP.
            imaps  IMAPS.
            smtps  SMTPS.
            pop3s  POP3S.
            https  HTTPS.
            ftps   FTPS.
            mapi   MAPI.
            cifs   CIFS.
            mm1    MM1.
            mm3    MM3.
            mm4    MM4.
            mm7    MM7.
    set store-infected {option}   Quarantine infected files found in sessions using the selected protocols.
            imap   IMAP.
            smtp   SMTP.
            pop3   POP3.
            http   HTTP.
            ftp    FTP.
            nntp   NNTP.
            imaps  IMAPS.
            smtps  SMTPS.
            pop3s  POP3S.
            https  HTTPS.
            ftps   FTPS.
            mapi   MAPI.
            cifs   CIFS.
            mm1    MM1.
            mm3    MM3.
            mm4    MM4.
            mm7    MM7.
    set drop-blocked {option}   Do not quarantine dropped files found in sessions using the selected protocols. Dropped files are deleted instead of being quarantined.
            imap   IMAP.
            smtp   SMTP.
            pop3   POP3.
            http   HTTP.
            ftp    FTP.
            nntp   NNTP.
            imaps  IMAPS.
            smtps  SMTPS.
            pop3s  POP3S.
            ftps   FTPS.
            mapi   MAPI.
            cifs   CIFS.
            mm1    MM1.
            mm3    MM3.
            mm4    MM4.
            mm7    MM7.
    set store-blocked {option}   Quarantine blocked files found in sessions using the selected protocols.
            imap   IMAP.
            smtp   SMTP.
            pop3   POP3.
            http   HTTP.
            ftp    FTP.
            nntp   NNTP.
            imaps  IMAPS.
            smtps  SMTPS.
            pop3s  POP3S.
            ftps   FTPS.
            mapi   MAPI.
            cifs   CIFS.
            mm1    MM1.
            mm3    MM3.
            mm4    MM4.
            mm7    MM7.
    set drop-heuristic {option}   Do not quarantine files detected by heuristics found in sessions using the selected protocols. Dropped files are deleted instead of being quarantined.
            imap   IMAP.
            smtp   SMTP.
            pop3   POP3.
            http   HTTP.
            ftp    FTP.
            nntp   NNTP.
            imaps  IMAPS.
            smtps  SMTPS.
            pop3s  POP3S.
            https  HTTPS.
            ftps   FTPS.
            mapi   MAPI.
            cifs   CIFS.
            mm1    MM1.
            mm3    MM3.
            mm4    MM4.
            mm7    MM7.
    set store-heuristic {option}   Quarantine files detected by heuristics found in sessions using the selected protocols.
            imap   IMAP.
            smtp   SMTP.
            pop3   POP3.
            http   HTTP.
            ftp    FTP.
            nntp   NNTP.
            imaps  IMAPS.
            smtps  SMTPS.
            pop3s  POP3S.
            https  HTTPS.
            ftps   FTPS.
            mapi   MAPI.
            cifs   CIFS.
            mm1    MM1.
            mm3    MM3.
            mm4    MM4.
            mm7    MM7.
    set lowspace {drop-new | ovrw-old}   Select the method for handling additional files when running low on disk space.
            drop-new  Drop (delete) the most recently quarantined files.
            ovrw-old  Overwrite the oldest quarantined files. That is, the files that are closest to being deleted from the quarantine.
    set destination {NULL | disk | FortiAnalyzer}   Choose whether to quarantine files to the FortiGate disk or to FortiAnalyzer or to delete them instead of quarantining them.
            NULL           Files that would be quarantined are deleted.
            disk           Quarantine files to the FortiGate hard disk.
            FortiAnalyzer  FortiAnalyzer
end

Additional information

The following section is for those options that require additional explanation.

agelimit <hours>

Note: This entry is only available when destination is set to either disk or FortiAnalyzer.

Set the age limit in hours for how long files are kept in quarantine. Set the range between 0-479 (or no limit to just under 20 days). The default is 0.

destination {NULL | disk | FortiAnalyzer}

Set the destination where files are quarantined:

  • NULL: No files are quarantined.
  • disk: Files are quarantined using the FortiGate's hard disk (if present).
  • FortiAnalyzer: Files are quarantined using a FortiAnalyzer.

If the FortiGate has a hard disk, the default is disk. If no hard disk is available, the default is NULL.

drop-blocked {imap | smtp | pop3 | http | ftp | nntp | imaps | smtps | pop3s | https | ftps | mapi | mm1 | mm3 | mm4 | mm7}

Drop blocked files found in traffic for the specified protocols. By default, no files are dropped.

drop-heuristic {imap | smtp | pop3 | http | ftp | nntp | imaps | smtps | pop3s | https | ftps | mapi | mm1 | mm3 | mm4 | mm7}

Drop files found by heuristic scanning in traffic for the specified protocols. By default, no files are dropped.

drop-infected {imap | smtp | pop3 | http | ftp | mm1 | mm3 | mm4 | mm7}

For FortiOS Carrier, drop intercepted files found in traffic for the specified protocols. By default, no files are dropped.

lowspace {drop-new | ovrw-old}

Select the method for handling additional quarantined files when the FortiGate hard disk is running out of space:

  • drop-new: Drop new quarantine files.
  • ovrw-old: Overwrite the oldest file, or lowest TTL (set by default).

maxfilesize <mb>

Specify the maximum file size to quarantine in megabytes. Set the range between 0-500. 0 (set by default) means unlimited.

quarantine-quota <mb>

Set the antivirus quarantine quota in megabytes, which is the amount of disk space to reserve for quarantining files. The maximum limit depends on the FortiGate's total disk space. 0 (set by default) means unlimited.

store-blocked {imap | smtp | pop3 | http | ftp | nntp | imaps | smtps | pop3s | https | ftps | mapi | mm1 | mm3 | mm4 | mm7}

Quarantine blocked files found in traffic for the specified protocols. By default, all protocols are specified.

store-heuristic {imap | smtp | pop3 | http | ftp | nntp | imaps | smtps | pop3s | https | ftps | mapi | mm1 | mm3 | mm4 | mm7}

Quarantine files found by heuristic scanning in traffic for the specified protocols. By default, all protocols are specified.

store-infected {imap | smtp | pop3 | http | ftp | nntp | imaps | smtps | pop3s | https | ftps | mapi | mm1 | mm3 | mm4 | mm7}

Quarantine virus infected files found in traffic for the specified protocols. By default, all protocols are specified.