Fortinet black logo

Handbook

Databases

6.0.0
Copy Link
Copy Doc ID 4afb0436-a998-11e9-81a4-00505692583a:579041
Download PDF

Databases

The antivirus scanning engine relies on a database of virus signatures to detail the unique attributes of each infection. The antivirus scan searches for these signatures, and when one is discovered, the FortiGate unit determines the file is infected and takes action.

All FortiGate units have the normal antivirus signature database but some models have additional databases you can select for use. Which you choose depends on your network and security needs.

Normal

Includes viruses currently spreading as determined by the FortiGuard Global Security Research Team. These viruses are the greatest threat.

Extended

Includes the normal database in addition to recent viruses that are no-longer active. This is the default setting. These viruses may have been spreading within the last year but have since nearly or completely disappeared.

Extreme

Includes the extended database in addition to a large collection of ‘zoo’ viruses. These are viruses that have not spread in a long time and are largely dormant today. Some zoo viruses may rely on operating systems and hardware that are no longer widely used.

If your FortiGate unit supports extended, extreme, or flow-based virus database definitions, you can select the virus database most suited to your needs.

If you require the most comprehensive antivirus protection, use the extended virus database. This is the default setting. Extended coverage comes at a cost, however, because the extra processing requires additional resources.

To change the antivirus database

Use the CLI to run the following commands:

config antivirus settings

set default-db {normal | extended | extreme}

end

Databases

The antivirus scanning engine relies on a database of virus signatures to detail the unique attributes of each infection. The antivirus scan searches for these signatures, and when one is discovered, the FortiGate unit determines the file is infected and takes action.

All FortiGate units have the normal antivirus signature database but some models have additional databases you can select for use. Which you choose depends on your network and security needs.

Normal

Includes viruses currently spreading as determined by the FortiGuard Global Security Research Team. These viruses are the greatest threat.

Extended

Includes the normal database in addition to recent viruses that are no-longer active. This is the default setting. These viruses may have been spreading within the last year but have since nearly or completely disappeared.

Extreme

Includes the extended database in addition to a large collection of ‘zoo’ viruses. These are viruses that have not spread in a long time and are largely dormant today. Some zoo viruses may rely on operating systems and hardware that are no longer widely used.

If your FortiGate unit supports extended, extreme, or flow-based virus database definitions, you can select the virus database most suited to your needs.

If you require the most comprehensive antivirus protection, use the extended virus database. This is the default setting. Extended coverage comes at a cost, however, because the extra processing requires additional resources.

To change the antivirus database

Use the CLI to run the following commands:

config antivirus settings

set default-db {normal | extended | extreme}

end