Fortinet black logo

CLI Reference

system replacemsg utm

system replacemsg utm

When data leaks or viruses are detected, these messages are substituted for the blocked item.

config system replacemsg utm
    edit {msg-type}
    # Replacement messages.
        set msg-type {string}   Message type. size[28]
        set buffer {string}   Message string. size[32768]
        set header {none | http | 8bit}   Header flag.
                none  No header type.
                http  HTTP
                8bit  8 bit.
        set format {none | text | html | wml}   Format flag.
                none  No format type.
                text  Text format.
                html  HTML format.
                wml   WML format
    next
end

Additional information

The following section is for those options that require additional explanation.

buffer <message>

Type a new replacement message to replace the current replacement message. Maximum length 32,768 characters.

utm message types

dlp-text

An email message is blocked because it appears to contain a data leak.

dlp-html

An HTTP transfer is blocked because it appears to contain a data leak.

virus-html

A virus was detected in a file being downloaded using an HTTP GET.

virus-text

A virus was detected in a file attachment. The file was removed.

Replacement message tags

Replacement messages can include replacement message tags. When users receive the replacement message, the replacement message tag is replaced with content relevant to the message.

%%FILE%%

The name of a file that has been removed from a content stream. This could be a file that contained a virus or was blocked by antivirus file blocking. %%FILE%% can be used in virus and file block messages.

%%VIRUS%%

The name of a virus that was found in a file by the antivirus system. %%VIRUS%% can be used in virus messages.

%%QUARFILENAME%%

The name of a file that has been removed from a content stream and added to the quarantine. This could be a file that contained a virus or was blocked by antivirus file blocking. %%QUARFILENAME%% can be used in virus and file block messages.

%%PROTOCOL%%

The protocol (HTTP, FTP, POP3, IMAP, SMTP) in which a virus was detected. %%PROTOCOL%% is added to alert email virus messages.

system replacemsg utm

When data leaks or viruses are detected, these messages are substituted for the blocked item.

config system replacemsg utm
    edit {msg-type}
    # Replacement messages.
        set msg-type {string}   Message type. size[28]
        set buffer {string}   Message string. size[32768]
        set header {none | http | 8bit}   Header flag.
                none  No header type.
                http  HTTP
                8bit  8 bit.
        set format {none | text | html | wml}   Format flag.
                none  No format type.
                text  Text format.
                html  HTML format.
                wml   WML format
    next
end

Additional information

The following section is for those options that require additional explanation.

buffer <message>

Type a new replacement message to replace the current replacement message. Maximum length 32,768 characters.

utm message types

dlp-text

An email message is blocked because it appears to contain a data leak.

dlp-html

An HTTP transfer is blocked because it appears to contain a data leak.

virus-html

A virus was detected in a file being downloaded using an HTTP GET.

virus-text

A virus was detected in a file attachment. The file was removed.

Replacement message tags

Replacement messages can include replacement message tags. When users receive the replacement message, the replacement message tag is replaced with content relevant to the message.

%%FILE%%

The name of a file that has been removed from a content stream. This could be a file that contained a virus or was blocked by antivirus file blocking. %%FILE%% can be used in virus and file block messages.

%%VIRUS%%

The name of a virus that was found in a file by the antivirus system. %%VIRUS%% can be used in virus messages.

%%QUARFILENAME%%

The name of a file that has been removed from a content stream and added to the quarantine. This could be a file that contained a virus or was blocked by antivirus file blocking. %%QUARFILENAME%% can be used in virus and file block messages.

%%PROTOCOL%%

The protocol (HTTP, FTP, POP3, IMAP, SMTP) in which a virus was detected. %%PROTOCOL%% is added to alert email virus messages.