config antivirus profile
Description: Configure AntiVirus profiles.
edit <name>
set comment {var-string}
set replacemsg-group {string}
set ftgd-analytics [disable|suspicious|...]
set analytics-max-upload {integer}
set analytics-wl-filetype {integer}
set analytics-bl-filetype {integer}
set analytics-db [disable|enable]
set mobile-malware-db [disable|enable]
config http
Description: Configure HTTP AntiVirus options.
set options {option1}, {option2}, ...
set archive-block {option1}, {option2}, ...
set archive-log {option1}, {option2}, ...
set emulator [enable|disable]
set outbreak-prevention [disabled|files|...]
set content-disarm [disable|enable]
set av-optimize [disable|enable]
end
config ftp
Description: Configure FTP AntiVirus options.
set options {option1}, {option2}, ...
set archive-block {option1}, {option2}, ...
set archive-log {option1}, {option2}, ...
set emulator [enable|disable]
set outbreak-prevention [disabled|files|...]
end
config imap
Description: Configure IMAP AntiVirus options.
set options {option1}, {option2}, ...
set archive-block {option1}, {option2}, ...
set archive-log {option1}, {option2}, ...
set emulator [enable|disable]
set executables [default|virus]
set outbreak-prevention [disabled|files|...]
set content-disarm [disable|enable]
end
config pop3
Description: Configure POP3 AntiVirus options.
set options {option1}, {option2}, ...
set archive-block {option1}, {option2}, ...
set archive-log {option1}, {option2}, ...
set emulator [enable|disable]
set executables [default|virus]
set outbreak-prevention [disabled|files|...]
set content-disarm [disable|enable]
end
config smtp
Description: Configure SMTP AntiVirus options.
set options {option1}, {option2}, ...
set archive-block {option1}, {option2}, ...
set archive-log {option1}, {option2}, ...
set emulator [enable|disable]
set executables [default|virus]
set outbreak-prevention [disabled|files|...]
set content-disarm [disable|enable]
end
config mapi
Description: Configure MAPI AntiVirus options.
set options {option1}, {option2}, ...
set archive-block {option1}, {option2}, ...
set archive-log {option1}, {option2}, ...
set emulator [enable|disable]
set executables [default|virus]
set outbreak-prevention [disabled|files|...]
end
config nntp
Description: Configure NNTP AntiVirus options.
set options {option1}, {option2}, ...
set archive-block {option1}, {option2}, ...
set archive-log {option1}, {option2}, ...
set emulator [enable|disable]
set outbreak-prevention [disabled|files|...]
end
config cifs
Description: Configure CIFS AntiVirus options.
set options {option1}, {option2}, ...
set archive-block {option1}, {option2}, ...
set archive-log {option1}, {option2}, ...
set emulator [enable|disable]
set outbreak-prevention [disabled|files|...]
end
config nac-quar
Description: Configure AntiVirus quarantine settings.
set infected [none|quar-src-ip]
set expiry {user}
set log [enable|disable]
end
config outbreak-prevention
Description: Configure Virus Outbreak Prevention settings.
set ftgd-service [disable|enable]
set external-blocklist [disable|enable]
end
config content-disarm
Description: AV Content Disarm and Reconstruction settings.
set original-file-destination [fortisandbox|quarantine|...]
set office-macro [disable|enable]
set office-hylink [disable|enable]
set office-linked [disable|enable]
set office-embed [disable|enable]
set office-dde [disable|enable]
set office-action [disable|enable]
set pdf-javacode [disable|enable]
set pdf-embedfile [disable|enable]
set pdf-hyperlink [disable|enable]
set pdf-act-gotor [disable|enable]
set pdf-act-launch [disable|enable]
set pdf-act-sound [disable|enable]
set pdf-act-movie [disable|enable]
set pdf-act-java [disable|enable]
set pdf-act-form [disable|enable]
set cover-page [disable|enable]
set detect-only [disable|enable]
end
set av-virus-log [enable|disable]
set av-block-log [enable|disable]
set extended-log [enable|disable]
set scan-mode [quick|full]
next
end
Parameter Name | Description | Type | Size |
---|---|---|---|
comment | Comment. | var-string | Maximum length: 255 |
replacemsg-group | Replacement message group customized for this profile. | string | Maximum length: 35 |
ftgd-analytics | Settings to control which files are uploaded to FortiSandbox. disable: Do not upload files to FortiSandbox. suspicious: Submit files supported by FortiSandbox if heuristics or other methods determine they are suspicious. everything: Submit all files scanned by AntiVirus to FortiSandbox. AntiVirus may not scan all files. |
option | - |
analytics-max-upload | Maximum size of files that can be uploaded to FortiSandbox (1 - 395 MBytes, default = 10). | integer | Minimum value: 1 Maximum value: 395 |
analytics-wl-filetype | Do not submit files matching this DLP file-pattern to FortiSandbox. | integer | Minimum value: 0 Maximum value: 4294967295 |
analytics-bl-filetype | Only submit files matching this DLP file-pattern to FortiSandbox. | integer | Minimum value: 0 Maximum value: 4294967295 |
analytics-db | Enable/disable using the FortiSandbox signature database to supplement the AV signature databases. disable: Use only the standard AV signature databases. enable: Also use the FortiSandbox signature database. |
option | - |
mobile-malware-db | Enable/disable using the mobile malware signature database. disable: Do not use the mobile malware signature database. enable: Also use the mobile malware signature database. |
option | - |
av-virus-log | Enable/disable AntiVirus logging. enable: Enable setting. disable: Disable setting. |
option | - |
av-block-log | Enable/disable logging for AntiVirus file blocking. enable: Enable setting. disable: Disable setting. |
option | - |
extended-log | Enable/disable extended logging for antivirus. enable: Enable setting. disable: Disable setting. |
option | - |
scan-mode | Choose between full scan mode and quick scan mode. quick: Use quick mode scanning. Quick mode uses a smaller database and may be less accurate. Full mode is recommended. full: Full mode virus scanning. Recommended scanning mode. More accurate than quick mode with similar performance. |
option | - |
Parameter Name | Description | Type | Size |
---|---|---|---|
options | Enable/disable HTTP AntiVirus scanning, monitoring, and quarantine. scan: Enable HTTP antivirus scanning. avmonitor: Enable HTTP antivirus logging. quarantine: Enable HTTP antivirus quarantine. Files are quarantined depending on quarantine settings. |
option | - |
archive-block | Select the archive types to block. encrypted: Block encrypted archives. corrupted: Block corrupted archives. partiallycorrupted: Block partially corrupted archives. multipart: Block multipart archives. nested: Block nested archives. mailbomb: Block mail bomb archives. fileslimit: Block exceeded archive files limit. timeout: Block scan timeout. unhandled: Block archives that FortiOS cannot open. |
option | - |
archive-log | Select the archive types to log. encrypted: Log encrypted archives. corrupted: Log corrupted archives. partiallycorrupted: Log partially corrupted archives. multipart: Log multipart archives. nested: Log nested archives. mailbomb: Log mail bomb archives. fileslimit: Log exceeded archive files limit. timeout: Log scan timeout. unhandled: Log archives that FortiOS cannot open. |
option | - |
emulator | Enable/disable the virus emulator. enable: Enable the virus emulator. disable: Disable the virus emulator. |
option | - |
outbreak-prevention | Enable Virus Outbreak Prevention service. disabled: Disabled. files: Analyze files as sent, not the content of archives. full-archive: Analyze files including the content of archives. |
option | - |
content-disarm | Enable Content Disarm and Reconstruction for this protocol. disable: Disable Content Disarm and Reconstruction for this protocol. enable: Enable Content Disarm and Reconstruction for this protocol. |
option | - |
av-optimize | Enable/disable AV optimization for this protocol. disable: Disable AV optimization for this protocol. enable: Enable AV optimization for this protocol. |
option | - |
Parameter Name | Description | Type | Size |
---|---|---|---|
options | Enable/disable FTP AntiVirus scanning, monitoring, and quarantine. scan: Enable FTP antivirus scanning. avmonitor: Enable FTP antivirus logging. quarantine: Enable FTP antivirus quarantine. Files are quarantined depending on quarantine settings. |
option | - |
archive-block | Select the archive types to block. encrypted: Block encrypted archives. corrupted: Block corrupted archives. partiallycorrupted: Block partially corrupted archives. multipart: Block multipart archives. nested: Block nested archives. mailbomb: Block mail bomb archives. fileslimit: Block exceeded archive files limit. timeout: Block scan timeout. unhandled: Block archives that FortiOS cannot open. |
option | - |
archive-log | Select the archive types to log. encrypted: Log encrypted archives. corrupted: Log corrupted archives. partiallycorrupted: Log partially corrupted archives. multipart: Log multipart archives. nested: Log nested archives. mailbomb: Log mail bomb archives. fileslimit: Log exceeded archive files limit. timeout: Log scan timeout. unhandled: Log archives that FortiOS cannot open. |
option | - |
emulator | Enable/disable the virus emulator. enable: Enable the virus emulator. disable: Disable the virus emulator. |
option | - |
outbreak-prevention | Enable Virus Outbreak Prevention service. disabled: Disabled. files: Analyze files as sent, not the content of archives. full-archive: Analyze files including the content of archives. |
option | - |
Parameter Name | Description | Type | Size |
---|---|---|---|
options | Enable/disable IMAP AntiVirus scanning, monitoring, and quarantine. scan: Enable IMAP antivirus scanning. avmonitor: Enable IMAP antivirus logging. quarantine: Enable IMAP antivirus quarantine. Files are quarantined depending on quarantine settings. |
option | - |
archive-block | Select the archive types to block. encrypted: Block encrypted archives. corrupted: Block corrupted archives. partiallycorrupted: Block partially corrupted archives. multipart: Block multipart archives. nested: Block nested archives. mailbomb: Block mail bomb archives. fileslimit: Block exceeded archive files limit. timeout: Block scan timeout. unhandled: Block archives that FortiOS cannot open. |
option | - |
archive-log | Select the archive types to log. encrypted: Log encrypted archives. corrupted: Log corrupted archives. partiallycorrupted: Log partially corrupted archives. multipart: Log multipart archives. nested: Log nested archives. mailbomb: Log mail bomb archives. fileslimit: Log exceeded archive files limit. timeout: Log scan timeout. unhandled: Log archives that FortiOS cannot open. |
option | - |
emulator | Enable/disable the virus emulator. enable: Enable the virus emulator. disable: Disable the virus emulator. |
option | - |
executables | Treat Windows executable files as viruses for the purpose of blocking or monitoring. default: Perform standard AntiVirus scanning of Windows executable files. virus: Treat Windows executables as viruses. |
option | - |
outbreak-prevention | Enable Virus Outbreak Prevention service. disabled: Disabled. files: Analyze files as sent, not the content of archives. full-archive: Analyze files including the content of archives. |
option | - |
content-disarm | Enable Content Disarm and Reconstruction for this protocol. disable: Disable Content Disarm and Reconstruction for this protocol. enable: Enable Content Disarm and Reconstruction for this protocol. |
option | - |
Parameter Name | Description | Type | Size |
---|---|---|---|
options | Enable/disable POP3 AntiVirus scanning, monitoring, and quarantine. scan: Enable POP3 antivirus scanning. avmonitor: Enable POP3 antivirus logging. quarantine: Enable POP3 antivirus quarantine. Files are quarantined depending on quarantine settings. |
option | - |
archive-block | Select the archive types to block. encrypted: Block encrypted archives. corrupted: Block corrupted archives. partiallycorrupted: Block partially corrupted archives. multipart: Block multipart archives. nested: Block nested archives. mailbomb: Block mail bomb archives. fileslimit: Block exceeded archive files limit. timeout: Block scan timeout. unhandled: Block archives that FortiOS cannot open. |
option | - |
archive-log | Select the archive types to log. encrypted: Log encrypted archives. corrupted: Log corrupted archives. partiallycorrupted: Log partially corrupted archives. multipart: Log multipart archives. nested: Log nested archives. mailbomb: Log mail bomb archives. fileslimit: Log exceeded archive files limit. timeout: Log scan timeout. unhandled: Log archives that FortiOS cannot open. |
option | - |
emulator | Enable/disable the virus emulator. enable: Enable the virus emulator. disable: Disable the virus emulator. |
option | - |
executables | Treat Windows executable files as viruses for the purpose of blocking or monitoring. default: Perform standard AntiVirus scanning of Windows executable files. virus: Treat Windows executables as viruses. |
option | - |
outbreak-prevention | Enable Virus Outbreak Prevention service. disabled: Disabled. files: Analyze files as sent, not the content of archives. full-archive: Analyze files including the content of archives. |
option | - |
content-disarm | Enable Content Disarm and Reconstruction for this protocol. disable: Disable Content Disarm and Reconstruction for this protocol. enable: Enable Content Disarm and Reconstruction for this protocol. |
option | - |
Parameter Name | Description | Type | Size |
---|---|---|---|
options | Enable/disable SMTP AntiVirus scanning, monitoring, and quarantine. scan: Enable SMTP antivirus scanning. avmonitor: Enable SMTP antivirus logging. quarantine: Enable SMTP antivirus quarantine. Files are quarantined depending on quarantine settings. |
option | - |
archive-block | Select the archive types to block. encrypted: Block encrypted archives. corrupted: Block corrupted archives. partiallycorrupted: Block partially corrupted archives. multipart: Block multipart archives. nested: Block nested archives. mailbomb: Block mail bomb archives. fileslimit: Block exceeded archive files limit. timeout: Block scan timeout. unhandled: Block archives that FortiOS cannot open. |
option | - |
archive-log | Select the archive types to log. encrypted: Log encrypted archives. corrupted: Log corrupted archives. partiallycorrupted: Log partially corrupted archives. multipart: Log multipart archives. nested: Log nested archives. mailbomb: Log mail bomb archives. fileslimit: Log exceeded archive files limit. timeout: Log scan timeout. unhandled: Log archives that FortiOS cannot open. |
option | - |
emulator | Enable/disable the virus emulator. enable: Enable the virus emulator. disable: Disable the virus emulator. |
option | - |
executables | Treat Windows executable files as viruses for the purpose of blocking or monitoring. default: Perform standard AntiVirus scanning of Windows executable files. virus: Treat Windows executables as viruses. |
option | - |
outbreak-prevention | Enable Virus Outbreak Prevention service. disabled: Disabled. files: Analyze files as sent, not the content of archives. full-archive: Analyze files including the content of archives. |
option | - |
content-disarm | Enable Content Disarm and Reconstruction for this protocol. disable: Disable Content Disarm and Reconstruction for this protocol. enable: Enable Content Disarm and Reconstruction for this protocol. |
option | - |
Parameter Name | Description | Type | Size |
---|---|---|---|
options | Enable/disable MAPI AntiVirus scanning, monitoring, and quarantine. scan: Enable MAPI antivirus scanning. avmonitor: Enable MAPI antivirus logging. quarantine: Enable MAPI antivirus quarantine. Files are quarantined depending on quarantine settings. |
option | - |
archive-block | Select the archive types to block. encrypted: Block encrypted archives. corrupted: Block corrupted archives. partiallycorrupted: Block partially corrupted archives. multipart: Block multipart archives. nested: Block nested archives. mailbomb: Block mail bomb archives. fileslimit: Block exceeded archive files limit. timeout: Block scan timeout. unhandled: Block archives that FortiOS cannot open. |
option | - |
archive-log | Select the archive types to log. encrypted: Log encrypted archives. corrupted: Log corrupted archives. partiallycorrupted: Log partially corrupted archives. multipart: Log multipart archives. nested: Log nested archives. mailbomb: Log mail bomb archives. fileslimit: Log exceeded archive files limit. timeout: Log scan timeout. unhandled: Log archives that FortiOS cannot open. |
option | - |
emulator | Enable/disable the virus emulator. enable: Enable the virus emulator. disable: Disable the virus emulator. |
option | - |
executables | Treat Windows executable files as viruses for the purpose of blocking or monitoring. default: Perform standard AntiVirus scanning of Windows executable files. virus: Treat Windows executables as viruses. |
option | - |
outbreak-prevention | Enable Virus Outbreak Prevention service. disabled: Disabled. files: Analyze files as sent, not the content of archives. full-archive: Analyze files including the content of archives. |
option | - |
Parameter Name | Description | Type | Size |
---|---|---|---|
options | Enable/disable NNTP AntiVirus scanning, monitoring, and quarantine. scan: Enable NNTP antivirus scanning. avmonitor: Enable NNTP antivirus logging. quarantine: Enable NNTP antivirus quarantine. Files are quarantined depending on quarantine settings. |
option | - |
archive-block | Select the archive types to block. encrypted: Block encrypted archives. corrupted: Block corrupted archives. partiallycorrupted: Block partially corrupted archives. multipart: Block multipart archives. nested: Block nested archives. mailbomb: Block mail bomb archives. fileslimit: Block exceeded archive files limit. timeout: Block scan timeout. unhandled: Block archives that FortiOS cannot open. |
option | - |
archive-log | Select the archive types to log. encrypted: Log encrypted archives. corrupted: Log corrupted archives. partiallycorrupted: Log partially corrupted archives. multipart: Log multipart archives. nested: Log nested archives. mailbomb: Log mail bomb archives. fileslimit: Log exceeded archive files limit. timeout: Log scan timeout. unhandled: Log archives that FortiOS cannot open. |
option | - |
emulator | Enable/disable the virus emulator. enable: Enable the virus emulator. disable: Disable the virus emulator. |
option | - |
outbreak-prevention | Enable Virus Outbreak Prevention service. disabled: Disabled. files: Analyze files as sent, not the content of archives. full-archive: Analyze files including the content of archives. |
option | - |
Parameter Name | Description | Type | Size |
---|---|---|---|
options | Enable/disable CIFS AntiVirus scanning, monitoring, and quarantine. scan: Enable CIFS antivirus scanning. avmonitor: Enable CIFS antivirus logging. quarantine: Enable CIFS antivirus quarantine. Files are quarantined depending on quarantine settings. |
option | - |
archive-block | Select the archive types to block. encrypted: Block encrypted archives. corrupted: Block corrupted archives. partiallycorrupted: Block partially corrupted archives. multipart: Block multipart archives. nested: Block nested archives. mailbomb: Block mail bomb archives. fileslimit: Block exceeded archive files limit. timeout: Block scan timeout. unhandled: Block archives that FortiOS cannot open. |
option | - |
archive-log | Select the archive types to log. encrypted: Log encrypted archives. corrupted: Log corrupted archives. partiallycorrupted: Log partially corrupted archives. multipart: Log multipart archives. nested: Log nested archives. mailbomb: Log mail bomb archives. fileslimit: Log exceeded archive files limit. timeout: Log scan timeout. unhandled: Log archives that FortiOS cannot open. |
option | - |
emulator | Enable/disable the virus emulator. enable: Enable the virus emulator. disable: Disable the virus emulator. |
option | - |
outbreak-prevention | Enable Virus Outbreak Prevention service. disabled: Disabled. files: Analyze files as sent, not the content of archives. full-archive: Analyze files including the content of archives. |
option | - |
Parameter Name | Description | Type | Size |
---|---|---|---|
infected | Enable/Disable quarantining infected hosts to the banned user list. none: Do not quarantine infected hosts. quar-src-ip: Quarantine all traffic from the infected hosts source IP. |
option | - |
expiry | Duration of quarantine. | user | Not Specified |
log | Enable/disable AntiVirus quarantine logging. enable: Enable AntiVirus quarantine logging. disable: Disable AntiVirus quarantine logging. |
option | - |
Parameter Name | Description | Type | Size |
---|---|---|---|
ftgd-service | Enable/disable FortiGuard Virus outbreak prevention service. disable: Disable FortiGuard Virus Outbreak Prevention service. enable: Enable FortiGuard Virus Outbreak Prevention service. |
option | - |
external-blocklist | Enable/disable external malware blocklist. disable: Disable external malware blocklist. enable: Enable external malware blocklist. |
option | - |
Parameter Name | Description | Type | Size |
---|---|---|---|
original-file-destination | Destination to send original file if active content is removed. fortisandbox: Send original file to configured FortiSandbox. quarantine: Send original file to quarantine. discard: Original file will be discarded after content disarm. |
option | - |
office-macro | Enable/disable stripping of macros in Microsoft Office documents. disable: Disable this Content Disarm and Reconstruction feature. enable: Enable this Content Disarm and Reconstruction feature. |
option | - |
office-hylink | Enable/disable stripping of hyperlinks in Microsoft Office documents. disable: Disable this Content Disarm and Reconstruction feature. enable: Enable this Content Disarm and Reconstruction feature. |
option | - |
office-linked | Enable/disable stripping of linked objects in Microsoft Office documents. disable: Disable this Content Disarm and Reconstruction feature. enable: Enable this Content Disarm and Reconstruction feature. |
option | - |
office-embed | Enable/disable stripping of embedded objects in Microsoft Office documents. disable: Disable this Content Disarm and Reconstruction feature. enable: Enable this Content Disarm and Reconstruction feature. |
option | - |
office-dde | Enable/disable stripping of Dynamic Data Exchange events in Microsoft Office documents. disable: Disable this Content Disarm and Reconstruction feature. enable: Enable this Content Disarm and Reconstruction feature. |
option | - |
office-action | Enable/disable stripping of PowerPoint action events in Microsoft Office documents. disable: Disable this Content Disarm and Reconstruction feature. enable: Enable this Content Disarm and Reconstruction feature. |
option | - |
pdf-javacode | Enable/disable stripping of JavaScript code in PDF documents. disable: Disable this Content Disarm and Reconstruction feature. enable: Enable this Content Disarm and Reconstruction feature. |
option | - |
pdf-embedfile | Enable/disable stripping of embedded files in PDF documents. disable: Disable this Content Disarm and Reconstruction feature. enable: Enable this Content Disarm and Reconstruction feature. |
option | - |
pdf-hyperlink | Enable/disable stripping of hyperlinks from PDF documents. disable: Disable this Content Disarm and Reconstruction feature. enable: Enable this Content Disarm and Reconstruction feature. |
option | - |
pdf-act-gotor | Enable/disable stripping of PDF document actions that access other PDF documents. disable: Disable this Content Disarm and Reconstruction feature. enable: Enable this Content Disarm and Reconstruction feature. |
option | - |
pdf-act-launch | Enable/disable stripping of PDF document actions that launch other applications. disable: Disable this Content Disarm and Reconstruction feature. enable: Enable this Content Disarm and Reconstruction feature. |
option | - |
pdf-act-sound | Enable/disable stripping of PDF document actions that play a sound. disable: Disable this Content Disarm and Reconstruction feature. enable: Enable this Content Disarm and Reconstruction feature. |
option | - |
pdf-act-movie | Enable/disable stripping of PDF document actions that play a movie. disable: Disable this Content Disarm and Reconstruction feature. enable: Enable this Content Disarm and Reconstruction feature. |
option | - |
pdf-act-java | Enable/disable stripping of PDF document actions that execute JavaScript code. disable: Disable this Content Disarm and Reconstruction feature. enable: Enable this Content Disarm and Reconstruction feature. |
option | - |
pdf-act-form | Enable/disable stripping of PDF document actions that submit data to other targets. disable: Disable this Content Disarm and Reconstruction feature. enable: Enable this Content Disarm and Reconstruction feature. |
option | - |
cover-page | Enable/disable inserting a cover page into the disarmed document. disable: Disable this Content Disarm and Reconstruction feature. enable: Enable this Content Disarm and Reconstruction feature. |
option | - |
detect-only | Enable/disable only detect disarmable files, do not alter content. disable: Disable this Content Disarm and Reconstruction feature. enable: Enable this Content Disarm and Reconstruction feature. |
option | - |
config antivirus profile
Description: Configure AntiVirus profiles.
edit <name>
set comment {var-string}
set replacemsg-group {string}
set ftgd-analytics [disable|suspicious|...]
set analytics-max-upload {integer}
set analytics-wl-filetype {integer}
set analytics-bl-filetype {integer}
set analytics-db [disable|enable]
set mobile-malware-db [disable|enable]
config http
Description: Configure HTTP AntiVirus options.
set options {option1}, {option2}, ...
set archive-block {option1}, {option2}, ...
set archive-log {option1}, {option2}, ...
set emulator [enable|disable]
set outbreak-prevention [disabled|files|...]
set content-disarm [disable|enable]
set av-optimize [disable|enable]
end
config ftp
Description: Configure FTP AntiVirus options.
set options {option1}, {option2}, ...
set archive-block {option1}, {option2}, ...
set archive-log {option1}, {option2}, ...
set emulator [enable|disable]
set outbreak-prevention [disabled|files|...]
end
config imap
Description: Configure IMAP AntiVirus options.
set options {option1}, {option2}, ...
set archive-block {option1}, {option2}, ...
set archive-log {option1}, {option2}, ...
set emulator [enable|disable]
set executables [default|virus]
set outbreak-prevention [disabled|files|...]
set content-disarm [disable|enable]
end
config pop3
Description: Configure POP3 AntiVirus options.
set options {option1}, {option2}, ...
set archive-block {option1}, {option2}, ...
set archive-log {option1}, {option2}, ...
set emulator [enable|disable]
set executables [default|virus]
set outbreak-prevention [disabled|files|...]
set content-disarm [disable|enable]
end
config smtp
Description: Configure SMTP AntiVirus options.
set options {option1}, {option2}, ...
set archive-block {option1}, {option2}, ...
set archive-log {option1}, {option2}, ...
set emulator [enable|disable]
set executables [default|virus]
set outbreak-prevention [disabled|files|...]
set content-disarm [disable|enable]
end
config mapi
Description: Configure MAPI AntiVirus options.
set options {option1}, {option2}, ...
set archive-block {option1}, {option2}, ...
set archive-log {option1}, {option2}, ...
set emulator [enable|disable]
set executables [default|virus]
set outbreak-prevention [disabled|files|...]
end
config nntp
Description: Configure NNTP AntiVirus options.
set options {option1}, {option2}, ...
set archive-block {option1}, {option2}, ...
set archive-log {option1}, {option2}, ...
set emulator [enable|disable]
set outbreak-prevention [disabled|files|...]
end
config cifs
Description: Configure CIFS AntiVirus options.
set options {option1}, {option2}, ...
set archive-block {option1}, {option2}, ...
set archive-log {option1}, {option2}, ...
set emulator [enable|disable]
set outbreak-prevention [disabled|files|...]
end
config nac-quar
Description: Configure AntiVirus quarantine settings.
set infected [none|quar-src-ip]
set expiry {user}
set log [enable|disable]
end
config outbreak-prevention
Description: Configure Virus Outbreak Prevention settings.
set ftgd-service [disable|enable]
set external-blocklist [disable|enable]
end
config content-disarm
Description: AV Content Disarm and Reconstruction settings.
set original-file-destination [fortisandbox|quarantine|...]
set office-macro [disable|enable]
set office-hylink [disable|enable]
set office-linked [disable|enable]
set office-embed [disable|enable]
set office-dde [disable|enable]
set office-action [disable|enable]
set pdf-javacode [disable|enable]
set pdf-embedfile [disable|enable]
set pdf-hyperlink [disable|enable]
set pdf-act-gotor [disable|enable]
set pdf-act-launch [disable|enable]
set pdf-act-sound [disable|enable]
set pdf-act-movie [disable|enable]
set pdf-act-java [disable|enable]
set pdf-act-form [disable|enable]
set cover-page [disable|enable]
set detect-only [disable|enable]
end
set av-virus-log [enable|disable]
set av-block-log [enable|disable]
set extended-log [enable|disable]
set scan-mode [quick|full]
next
end
Parameter Name | Description | Type | Size |
---|---|---|---|
comment | Comment. | var-string | Maximum length: 255 |
replacemsg-group | Replacement message group customized for this profile. | string | Maximum length: 35 |
ftgd-analytics | Settings to control which files are uploaded to FortiSandbox. disable: Do not upload files to FortiSandbox. suspicious: Submit files supported by FortiSandbox if heuristics or other methods determine they are suspicious. everything: Submit all files scanned by AntiVirus to FortiSandbox. AntiVirus may not scan all files. |
option | - |
analytics-max-upload | Maximum size of files that can be uploaded to FortiSandbox (1 - 395 MBytes, default = 10). | integer | Minimum value: 1 Maximum value: 395 |
analytics-wl-filetype | Do not submit files matching this DLP file-pattern to FortiSandbox. | integer | Minimum value: 0 Maximum value: 4294967295 |
analytics-bl-filetype | Only submit files matching this DLP file-pattern to FortiSandbox. | integer | Minimum value: 0 Maximum value: 4294967295 |
analytics-db | Enable/disable using the FortiSandbox signature database to supplement the AV signature databases. disable: Use only the standard AV signature databases. enable: Also use the FortiSandbox signature database. |
option | - |
mobile-malware-db | Enable/disable using the mobile malware signature database. disable: Do not use the mobile malware signature database. enable: Also use the mobile malware signature database. |
option | - |
av-virus-log | Enable/disable AntiVirus logging. enable: Enable setting. disable: Disable setting. |
option | - |
av-block-log | Enable/disable logging for AntiVirus file blocking. enable: Enable setting. disable: Disable setting. |
option | - |
extended-log | Enable/disable extended logging for antivirus. enable: Enable setting. disable: Disable setting. |
option | - |
scan-mode | Choose between full scan mode and quick scan mode. quick: Use quick mode scanning. Quick mode uses a smaller database and may be less accurate. Full mode is recommended. full: Full mode virus scanning. Recommended scanning mode. More accurate than quick mode with similar performance. |
option | - |
Parameter Name | Description | Type | Size |
---|---|---|---|
options | Enable/disable HTTP AntiVirus scanning, monitoring, and quarantine. scan: Enable HTTP antivirus scanning. avmonitor: Enable HTTP antivirus logging. quarantine: Enable HTTP antivirus quarantine. Files are quarantined depending on quarantine settings. |
option | - |
archive-block | Select the archive types to block. encrypted: Block encrypted archives. corrupted: Block corrupted archives. partiallycorrupted: Block partially corrupted archives. multipart: Block multipart archives. nested: Block nested archives. mailbomb: Block mail bomb archives. fileslimit: Block exceeded archive files limit. timeout: Block scan timeout. unhandled: Block archives that FortiOS cannot open. |
option | - |
archive-log | Select the archive types to log. encrypted: Log encrypted archives. corrupted: Log corrupted archives. partiallycorrupted: Log partially corrupted archives. multipart: Log multipart archives. nested: Log nested archives. mailbomb: Log mail bomb archives. fileslimit: Log exceeded archive files limit. timeout: Log scan timeout. unhandled: Log archives that FortiOS cannot open. |
option | - |
emulator | Enable/disable the virus emulator. enable: Enable the virus emulator. disable: Disable the virus emulator. |
option | - |
outbreak-prevention | Enable Virus Outbreak Prevention service. disabled: Disabled. files: Analyze files as sent, not the content of archives. full-archive: Analyze files including the content of archives. |
option | - |
content-disarm | Enable Content Disarm and Reconstruction for this protocol. disable: Disable Content Disarm and Reconstruction for this protocol. enable: Enable Content Disarm and Reconstruction for this protocol. |
option | - |
av-optimize | Enable/disable AV optimization for this protocol. disable: Disable AV optimization for this protocol. enable: Enable AV optimization for this protocol. |
option | - |
Parameter Name | Description | Type | Size |
---|---|---|---|
options | Enable/disable FTP AntiVirus scanning, monitoring, and quarantine. scan: Enable FTP antivirus scanning. avmonitor: Enable FTP antivirus logging. quarantine: Enable FTP antivirus quarantine. Files are quarantined depending on quarantine settings. |
option | - |
archive-block | Select the archive types to block. encrypted: Block encrypted archives. corrupted: Block corrupted archives. partiallycorrupted: Block partially corrupted archives. multipart: Block multipart archives. nested: Block nested archives. mailbomb: Block mail bomb archives. fileslimit: Block exceeded archive files limit. timeout: Block scan timeout. unhandled: Block archives that FortiOS cannot open. |
option | - |
archive-log | Select the archive types to log. encrypted: Log encrypted archives. corrupted: Log corrupted archives. partiallycorrupted: Log partially corrupted archives. multipart: Log multipart archives. nested: Log nested archives. mailbomb: Log mail bomb archives. fileslimit: Log exceeded archive files limit. timeout: Log scan timeout. unhandled: Log archives that FortiOS cannot open. |
option | - |
emulator | Enable/disable the virus emulator. enable: Enable the virus emulator. disable: Disable the virus emulator. |
option | - |
outbreak-prevention | Enable Virus Outbreak Prevention service. disabled: Disabled. files: Analyze files as sent, not the content of archives. full-archive: Analyze files including the content of archives. |
option | - |
Parameter Name | Description | Type | Size |
---|---|---|---|
options | Enable/disable IMAP AntiVirus scanning, monitoring, and quarantine. scan: Enable IMAP antivirus scanning. avmonitor: Enable IMAP antivirus logging. quarantine: Enable IMAP antivirus quarantine. Files are quarantined depending on quarantine settings. |
option | - |
archive-block | Select the archive types to block. encrypted: Block encrypted archives. corrupted: Block corrupted archives. partiallycorrupted: Block partially corrupted archives. multipart: Block multipart archives. nested: Block nested archives. mailbomb: Block mail bomb archives. fileslimit: Block exceeded archive files limit. timeout: Block scan timeout. unhandled: Block archives that FortiOS cannot open. |
option | - |
archive-log | Select the archive types to log. encrypted: Log encrypted archives. corrupted: Log corrupted archives. partiallycorrupted: Log partially corrupted archives. multipart: Log multipart archives. nested: Log nested archives. mailbomb: Log mail bomb archives. fileslimit: Log exceeded archive files limit. timeout: Log scan timeout. unhandled: Log archives that FortiOS cannot open. |
option | - |
emulator | Enable/disable the virus emulator. enable: Enable the virus emulator. disable: Disable the virus emulator. |
option | - |
executables | Treat Windows executable files as viruses for the purpose of blocking or monitoring. default: Perform standard AntiVirus scanning of Windows executable files. virus: Treat Windows executables as viruses. |
option | - |
outbreak-prevention | Enable Virus Outbreak Prevention service. disabled: Disabled. files: Analyze files as sent, not the content of archives. full-archive: Analyze files including the content of archives. |
option | - |
content-disarm | Enable Content Disarm and Reconstruction for this protocol. disable: Disable Content Disarm and Reconstruction for this protocol. enable: Enable Content Disarm and Reconstruction for this protocol. |
option | - |
Parameter Name | Description | Type | Size |
---|---|---|---|
options | Enable/disable POP3 AntiVirus scanning, monitoring, and quarantine. scan: Enable POP3 antivirus scanning. avmonitor: Enable POP3 antivirus logging. quarantine: Enable POP3 antivirus quarantine. Files are quarantined depending on quarantine settings. |
option | - |
archive-block | Select the archive types to block. encrypted: Block encrypted archives. corrupted: Block corrupted archives. partiallycorrupted: Block partially corrupted archives. multipart: Block multipart archives. nested: Block nested archives. mailbomb: Block mail bomb archives. fileslimit: Block exceeded archive files limit. timeout: Block scan timeout. unhandled: Block archives that FortiOS cannot open. |
option | - |
archive-log | Select the archive types to log. encrypted: Log encrypted archives. corrupted: Log corrupted archives. partiallycorrupted: Log partially corrupted archives. multipart: Log multipart archives. nested: Log nested archives. mailbomb: Log mail bomb archives. fileslimit: Log exceeded archive files limit. timeout: Log scan timeout. unhandled: Log archives that FortiOS cannot open. |
option | - |
emulator | Enable/disable the virus emulator. enable: Enable the virus emulator. disable: Disable the virus emulator. |
option | - |
executables | Treat Windows executable files as viruses for the purpose of blocking or monitoring. default: Perform standard AntiVirus scanning of Windows executable files. virus: Treat Windows executables as viruses. |
option | - |
outbreak-prevention | Enable Virus Outbreak Prevention service. disabled: Disabled. files: Analyze files as sent, not the content of archives. full-archive: Analyze files including the content of archives. |
option | - |
content-disarm | Enable Content Disarm and Reconstruction for this protocol. disable: Disable Content Disarm and Reconstruction for this protocol. enable: Enable Content Disarm and Reconstruction for this protocol. |
option | - |
Parameter Name | Description | Type | Size |
---|---|---|---|
options | Enable/disable SMTP AntiVirus scanning, monitoring, and quarantine. scan: Enable SMTP antivirus scanning. avmonitor: Enable SMTP antivirus logging. quarantine: Enable SMTP antivirus quarantine. Files are quarantined depending on quarantine settings. |
option | - |
archive-block | Select the archive types to block. encrypted: Block encrypted archives. corrupted: Block corrupted archives. partiallycorrupted: Block partially corrupted archives. multipart: Block multipart archives. nested: Block nested archives. mailbomb: Block mail bomb archives. fileslimit: Block exceeded archive files limit. timeout: Block scan timeout. unhandled: Block archives that FortiOS cannot open. |
option | - |
archive-log | Select the archive types to log. encrypted: Log encrypted archives. corrupted: Log corrupted archives. partiallycorrupted: Log partially corrupted archives. multipart: Log multipart archives. nested: Log nested archives. mailbomb: Log mail bomb archives. fileslimit: Log exceeded archive files limit. timeout: Log scan timeout. unhandled: Log archives that FortiOS cannot open. |
option | - |
emulator | Enable/disable the virus emulator. enable: Enable the virus emulator. disable: Disable the virus emulator. |
option | - |
executables | Treat Windows executable files as viruses for the purpose of blocking or monitoring. default: Perform standard AntiVirus scanning of Windows executable files. virus: Treat Windows executables as viruses. |
option | - |
outbreak-prevention | Enable Virus Outbreak Prevention service. disabled: Disabled. files: Analyze files as sent, not the content of archives. full-archive: Analyze files including the content of archives. |
option | - |
content-disarm | Enable Content Disarm and Reconstruction for this protocol. disable: Disable Content Disarm and Reconstruction for this protocol. enable: Enable Content Disarm and Reconstruction for this protocol. |
option | - |
Parameter Name | Description | Type | Size |
---|---|---|---|
options | Enable/disable MAPI AntiVirus scanning, monitoring, and quarantine. scan: Enable MAPI antivirus scanning. avmonitor: Enable MAPI antivirus logging. quarantine: Enable MAPI antivirus quarantine. Files are quarantined depending on quarantine settings. |
option | - |
archive-block | Select the archive types to block. encrypted: Block encrypted archives. corrupted: Block corrupted archives. partiallycorrupted: Block partially corrupted archives. multipart: Block multipart archives. nested: Block nested archives. mailbomb: Block mail bomb archives. fileslimit: Block exceeded archive files limit. timeout: Block scan timeout. unhandled: Block archives that FortiOS cannot open. |
option | - |
archive-log | Select the archive types to log. encrypted: Log encrypted archives. corrupted: Log corrupted archives. partiallycorrupted: Log partially corrupted archives. multipart: Log multipart archives. nested: Log nested archives. mailbomb: Log mail bomb archives. fileslimit: Log exceeded archive files limit. timeout: Log scan timeout. unhandled: Log archives that FortiOS cannot open. |
option | - |
emulator | Enable/disable the virus emulator. enable: Enable the virus emulator. disable: Disable the virus emulator. |
option | - |
executables | Treat Windows executable files as viruses for the purpose of blocking or monitoring. default: Perform standard AntiVirus scanning of Windows executable files. virus: Treat Windows executables as viruses. |
option | - |
outbreak-prevention | Enable Virus Outbreak Prevention service. disabled: Disabled. files: Analyze files as sent, not the content of archives. full-archive: Analyze files including the content of archives. |
option | - |
Parameter Name | Description | Type | Size |
---|---|---|---|
options | Enable/disable NNTP AntiVirus scanning, monitoring, and quarantine. scan: Enable NNTP antivirus scanning. avmonitor: Enable NNTP antivirus logging. quarantine: Enable NNTP antivirus quarantine. Files are quarantined depending on quarantine settings. |
option | - |
archive-block | Select the archive types to block. encrypted: Block encrypted archives. corrupted: Block corrupted archives. partiallycorrupted: Block partially corrupted archives. multipart: Block multipart archives. nested: Block nested archives. mailbomb: Block mail bomb archives. fileslimit: Block exceeded archive files limit. timeout: Block scan timeout. unhandled: Block archives that FortiOS cannot open. |
option | - |
archive-log | Select the archive types to log. encrypted: Log encrypted archives. corrupted: Log corrupted archives. partiallycorrupted: Log partially corrupted archives. multipart: Log multipart archives. nested: Log nested archives. mailbomb: Log mail bomb archives. fileslimit: Log exceeded archive files limit. timeout: Log scan timeout. unhandled: Log archives that FortiOS cannot open. |
option | - |
emulator | Enable/disable the virus emulator. enable: Enable the virus emulator. disable: Disable the virus emulator. |
option | - |
outbreak-prevention | Enable Virus Outbreak Prevention service. disabled: Disabled. files: Analyze files as sent, not the content of archives. full-archive: Analyze files including the content of archives. |
option | - |
Parameter Name | Description | Type | Size |
---|---|---|---|
options | Enable/disable CIFS AntiVirus scanning, monitoring, and quarantine. scan: Enable CIFS antivirus scanning. avmonitor: Enable CIFS antivirus logging. quarantine: Enable CIFS antivirus quarantine. Files are quarantined depending on quarantine settings. |
option | - |
archive-block | Select the archive types to block. encrypted: Block encrypted archives. corrupted: Block corrupted archives. partiallycorrupted: Block partially corrupted archives. multipart: Block multipart archives. nested: Block nested archives. mailbomb: Block mail bomb archives. fileslimit: Block exceeded archive files limit. timeout: Block scan timeout. unhandled: Block archives that FortiOS cannot open. |
option | - |
archive-log | Select the archive types to log. encrypted: Log encrypted archives. corrupted: Log corrupted archives. partiallycorrupted: Log partially corrupted archives. multipart: Log multipart archives. nested: Log nested archives. mailbomb: Log mail bomb archives. fileslimit: Log exceeded archive files limit. timeout: Log scan timeout. unhandled: Log archives that FortiOS cannot open. |
option | - |
emulator | Enable/disable the virus emulator. enable: Enable the virus emulator. disable: Disable the virus emulator. |
option | - |
outbreak-prevention | Enable Virus Outbreak Prevention service. disabled: Disabled. files: Analyze files as sent, not the content of archives. full-archive: Analyze files including the content of archives. |
option | - |
Parameter Name | Description | Type | Size |
---|---|---|---|
infected | Enable/Disable quarantining infected hosts to the banned user list. none: Do not quarantine infected hosts. quar-src-ip: Quarantine all traffic from the infected hosts source IP. |
option | - |
expiry | Duration of quarantine. | user | Not Specified |
log | Enable/disable AntiVirus quarantine logging. enable: Enable AntiVirus quarantine logging. disable: Disable AntiVirus quarantine logging. |
option | - |
Parameter Name | Description | Type | Size |
---|---|---|---|
ftgd-service | Enable/disable FortiGuard Virus outbreak prevention service. disable: Disable FortiGuard Virus Outbreak Prevention service. enable: Enable FortiGuard Virus Outbreak Prevention service. |
option | - |
external-blocklist | Enable/disable external malware blocklist. disable: Disable external malware blocklist. enable: Enable external malware blocklist. |
option | - |
Parameter Name | Description | Type | Size |
---|---|---|---|
original-file-destination | Destination to send original file if active content is removed. fortisandbox: Send original file to configured FortiSandbox. quarantine: Send original file to quarantine. discard: Original file will be discarded after content disarm. |
option | - |
office-macro | Enable/disable stripping of macros in Microsoft Office documents. disable: Disable this Content Disarm and Reconstruction feature. enable: Enable this Content Disarm and Reconstruction feature. |
option | - |
office-hylink | Enable/disable stripping of hyperlinks in Microsoft Office documents. disable: Disable this Content Disarm and Reconstruction feature. enable: Enable this Content Disarm and Reconstruction feature. |
option | - |
office-linked | Enable/disable stripping of linked objects in Microsoft Office documents. disable: Disable this Content Disarm and Reconstruction feature. enable: Enable this Content Disarm and Reconstruction feature. |
option | - |
office-embed | Enable/disable stripping of embedded objects in Microsoft Office documents. disable: Disable this Content Disarm and Reconstruction feature. enable: Enable this Content Disarm and Reconstruction feature. |
option | - |
office-dde | Enable/disable stripping of Dynamic Data Exchange events in Microsoft Office documents. disable: Disable this Content Disarm and Reconstruction feature. enable: Enable this Content Disarm and Reconstruction feature. |
option | - |
office-action | Enable/disable stripping of PowerPoint action events in Microsoft Office documents. disable: Disable this Content Disarm and Reconstruction feature. enable: Enable this Content Disarm and Reconstruction feature. |
option | - |
pdf-javacode | Enable/disable stripping of JavaScript code in PDF documents. disable: Disable this Content Disarm and Reconstruction feature. enable: Enable this Content Disarm and Reconstruction feature. |
option | - |
pdf-embedfile | Enable/disable stripping of embedded files in PDF documents. disable: Disable this Content Disarm and Reconstruction feature. enable: Enable this Content Disarm and Reconstruction feature. |
option | - |
pdf-hyperlink | Enable/disable stripping of hyperlinks from PDF documents. disable: Disable this Content Disarm and Reconstruction feature. enable: Enable this Content Disarm and Reconstruction feature. |
option | - |
pdf-act-gotor | Enable/disable stripping of PDF document actions that access other PDF documents. disable: Disable this Content Disarm and Reconstruction feature. enable: Enable this Content Disarm and Reconstruction feature. |
option | - |
pdf-act-launch | Enable/disable stripping of PDF document actions that launch other applications. disable: Disable this Content Disarm and Reconstruction feature. enable: Enable this Content Disarm and Reconstruction feature. |
option | - |
pdf-act-sound | Enable/disable stripping of PDF document actions that play a sound. disable: Disable this Content Disarm and Reconstruction feature. enable: Enable this Content Disarm and Reconstruction feature. |
option | - |
pdf-act-movie | Enable/disable stripping of PDF document actions that play a movie. disable: Disable this Content Disarm and Reconstruction feature. enable: Enable this Content Disarm and Reconstruction feature. |
option | - |
pdf-act-java | Enable/disable stripping of PDF document actions that execute JavaScript code. disable: Disable this Content Disarm and Reconstruction feature. enable: Enable this Content Disarm and Reconstruction feature. |
option | - |
pdf-act-form | Enable/disable stripping of PDF document actions that submit data to other targets. disable: Disable this Content Disarm and Reconstruction feature. enable: Enable this Content Disarm and Reconstruction feature. |
option | - |
cover-page | Enable/disable inserting a cover page into the disarmed document. disable: Disable this Content Disarm and Reconstruction feature. enable: Enable this Content Disarm and Reconstruction feature. |
option | - |
detect-only | Enable/disable only detect disarmable files, do not alter content. disable: Disable this Content Disarm and Reconstruction feature. enable: Enable this Content Disarm and Reconstruction feature. |
option | - |