Fortinet black logo

CLI Reference

antivirus profile

Configure AntiVirus profiles.

  config antivirus profile
      Description: Configure AntiVirus profiles.
      edit <name>
          set comment {var-string}
          set replacemsg-group {string}
          set ftgd-analytics [disable|suspicious|...]
          set analytics-max-upload {integer}
          set analytics-wl-filetype {integer}
          set analytics-bl-filetype {integer}
          set analytics-db [disable|enable]
          set mobile-malware-db [disable|enable]
          config http
              Description: Configure HTTP AntiVirus options.
              set options {option1}, {option2}, ...
              set archive-block {option1}, {option2}, ...
              set archive-log {option1}, {option2}, ...
              set emulator [enable|disable]
              set outbreak-prevention [disabled|files|...]
              set content-disarm [disable|enable]
              set av-optimize [disable|enable]
          end
          config ftp
              Description: Configure FTP AntiVirus options.
              set options {option1}, {option2}, ...
              set archive-block {option1}, {option2}, ...
              set archive-log {option1}, {option2}, ...
              set emulator [enable|disable]
              set outbreak-prevention [disabled|files|...]
          end
          config imap
              Description: Configure IMAP AntiVirus options.
              set options {option1}, {option2}, ...
              set archive-block {option1}, {option2}, ...
              set archive-log {option1}, {option2}, ...
              set emulator [enable|disable]
              set executables [default|virus]
              set outbreak-prevention [disabled|files|...]
              set content-disarm [disable|enable]
          end
          config pop3
              Description: Configure POP3 AntiVirus options.
              set options {option1}, {option2}, ...
              set archive-block {option1}, {option2}, ...
              set archive-log {option1}, {option2}, ...
              set emulator [enable|disable]
              set executables [default|virus]
              set outbreak-prevention [disabled|files|...]
              set content-disarm [disable|enable]
          end
          config smtp
              Description: Configure SMTP AntiVirus options.
              set options {option1}, {option2}, ...
              set archive-block {option1}, {option2}, ...
              set archive-log {option1}, {option2}, ...
              set emulator [enable|disable]
              set executables [default|virus]
              set outbreak-prevention [disabled|files|...]
              set content-disarm [disable|enable]
          end
          config mapi
              Description: Configure MAPI AntiVirus options.
              set options {option1}, {option2}, ...
              set archive-block {option1}, {option2}, ...
              set archive-log {option1}, {option2}, ...
              set emulator [enable|disable]
              set executables [default|virus]
              set outbreak-prevention [disabled|files|...]
          end
          config nntp
              Description: Configure NNTP AntiVirus options.
              set options {option1}, {option2}, ...
              set archive-block {option1}, {option2}, ...
              set archive-log {option1}, {option2}, ...
              set emulator [enable|disable]
              set outbreak-prevention [disabled|files|...]
          end
          config cifs
              Description: Configure CIFS AntiVirus options.
              set options {option1}, {option2}, ...
              set archive-block {option1}, {option2}, ...
              set archive-log {option1}, {option2}, ...
              set emulator [enable|disable]
              set outbreak-prevention [disabled|files|...]
          end
          config nac-quar
              Description: Configure AntiVirus quarantine settings.
              set infected [none|quar-src-ip]
              set expiry {user}
              set log [enable|disable]
          end
          config outbreak-prevention
              Description: Configure Virus Outbreak Prevention settings.
              set ftgd-service [disable|enable]
              set external-blocklist [disable|enable]
          end
          config content-disarm
              Description: AV Content Disarm and Reconstruction settings.
              set original-file-destination [fortisandbox|quarantine|...]
              set office-macro [disable|enable]
              set office-hylink [disable|enable]
              set office-linked [disable|enable]
              set office-embed [disable|enable]
              set office-dde [disable|enable]
              set office-action [disable|enable]
              set pdf-javacode [disable|enable]
              set pdf-embedfile [disable|enable]
              set pdf-hyperlink [disable|enable]
              set pdf-act-gotor [disable|enable]
              set pdf-act-launch [disable|enable]
              set pdf-act-sound [disable|enable]
              set pdf-act-movie [disable|enable]
              set pdf-act-java [disable|enable]
              set pdf-act-form [disable|enable]
              set cover-page [disable|enable]
              set detect-only [disable|enable]
          end
          set av-virus-log [enable|disable]
          set av-block-log [enable|disable]
          set extended-log [enable|disable]
          set scan-mode [quick|full]
      next
  end

config antivirus profile

Parameter Name Description Type Size
comment Comment. var-string Maximum length: 255
replacemsg-group Replacement message group customized for this profile. string Maximum length: 35
ftgd-analytics Settings to control which files are uploaded to FortiSandbox.
disable: Do not upload files to FortiSandbox.
suspicious: Submit files supported by FortiSandbox if heuristics or other methods determine they are suspicious.
everything: Submit all files scanned by AntiVirus to FortiSandbox. AntiVirus may not scan all files.
option -
analytics-max-upload Maximum size of files that can be uploaded to FortiSandbox (1 - 395 MBytes, default = 10). integer Minimum value: 1 Maximum value: 395
analytics-wl-filetype Do not submit files matching this DLP file-pattern to FortiSandbox. integer Minimum value: 0 Maximum value: 4294967295
analytics-bl-filetype Only submit files matching this DLP file-pattern to FortiSandbox. integer Minimum value: 0 Maximum value: 4294967295
analytics-db Enable/disable using the FortiSandbox signature database to supplement the AV signature databases.
disable: Use only the standard AV signature databases.
enable: Also use the FortiSandbox signature database.
option -
mobile-malware-db Enable/disable using the mobile malware signature database.
disable: Do not use the mobile malware signature database.
enable: Also use the mobile malware signature database.
option -
av-virus-log Enable/disable AntiVirus logging.
enable: Enable setting.
disable: Disable setting.
option -
av-block-log Enable/disable logging for AntiVirus file blocking.
enable: Enable setting.
disable: Disable setting.
option -
extended-log Enable/disable extended logging for antivirus.
enable: Enable setting.
disable: Disable setting.
option -
scan-mode Choose between full scan mode and quick scan mode.
quick: Use quick mode scanning. Quick mode uses a smaller database and may be less accurate. Full mode is recommended.
full: Full mode virus scanning. Recommended scanning mode. More accurate than quick mode with similar performance.
option -

config http

Parameter Name Description Type Size
options Enable/disable HTTP AntiVirus scanning, monitoring, and quarantine.
scan: Enable HTTP antivirus scanning.
avmonitor: Enable HTTP antivirus logging.
quarantine: Enable HTTP antivirus quarantine. Files are quarantined depending on quarantine settings.
option -
archive-block Select the archive types to block.
encrypted: Block encrypted archives.
corrupted: Block corrupted archives.
partiallycorrupted: Block partially corrupted archives.
multipart: Block multipart archives.
nested: Block nested archives.
mailbomb: Block mail bomb archives.
fileslimit: Block exceeded archive files limit.
timeout: Block scan timeout.
unhandled: Block archives that FortiOS cannot open.
option -
archive-log Select the archive types to log.
encrypted: Log encrypted archives.
corrupted: Log corrupted archives.
partiallycorrupted: Log partially corrupted archives.
multipart: Log multipart archives.
nested: Log nested archives.
mailbomb: Log mail bomb archives.
fileslimit: Log exceeded archive files limit.
timeout: Log scan timeout.
unhandled: Log archives that FortiOS cannot open.
option -
emulator Enable/disable the virus emulator.
enable: Enable the virus emulator.
disable: Disable the virus emulator.
option -
outbreak-prevention Enable Virus Outbreak Prevention service.
disabled: Disabled.
files: Analyze files as sent, not the content of archives.
full-archive: Analyze files including the content of archives.
option -
content-disarm Enable Content Disarm and Reconstruction for this protocol.
disable: Disable Content Disarm and Reconstruction for this protocol.
enable: Enable Content Disarm and Reconstruction for this protocol.
option -
av-optimize Enable/disable AV optimization for this protocol.
disable: Disable AV optimization for this protocol.
enable: Enable AV optimization for this protocol.
option -

config ftp

Parameter Name Description Type Size
options Enable/disable FTP AntiVirus scanning, monitoring, and quarantine.
scan: Enable FTP antivirus scanning.
avmonitor: Enable FTP antivirus logging.
quarantine: Enable FTP antivirus quarantine. Files are quarantined depending on quarantine settings.
option -
archive-block Select the archive types to block.
encrypted: Block encrypted archives.
corrupted: Block corrupted archives.
partiallycorrupted: Block partially corrupted archives.
multipart: Block multipart archives.
nested: Block nested archives.
mailbomb: Block mail bomb archives.
fileslimit: Block exceeded archive files limit.
timeout: Block scan timeout.
unhandled: Block archives that FortiOS cannot open.
option -
archive-log Select the archive types to log.
encrypted: Log encrypted archives.
corrupted: Log corrupted archives.
partiallycorrupted: Log partially corrupted archives.
multipart: Log multipart archives.
nested: Log nested archives.
mailbomb: Log mail bomb archives.
fileslimit: Log exceeded archive files limit.
timeout: Log scan timeout.
unhandled: Log archives that FortiOS cannot open.
option -
emulator Enable/disable the virus emulator.
enable: Enable the virus emulator.
disable: Disable the virus emulator.
option -
outbreak-prevention Enable Virus Outbreak Prevention service.
disabled: Disabled.
files: Analyze files as sent, not the content of archives.
full-archive: Analyze files including the content of archives.
option -

config imap

Parameter Name Description Type Size
options Enable/disable IMAP AntiVirus scanning, monitoring, and quarantine.
scan: Enable IMAP antivirus scanning.
avmonitor: Enable IMAP antivirus logging.
quarantine: Enable IMAP antivirus quarantine. Files are quarantined depending on quarantine settings.
option -
archive-block Select the archive types to block.
encrypted: Block encrypted archives.
corrupted: Block corrupted archives.
partiallycorrupted: Block partially corrupted archives.
multipart: Block multipart archives.
nested: Block nested archives.
mailbomb: Block mail bomb archives.
fileslimit: Block exceeded archive files limit.
timeout: Block scan timeout.
unhandled: Block archives that FortiOS cannot open.
option -
archive-log Select the archive types to log.
encrypted: Log encrypted archives.
corrupted: Log corrupted archives.
partiallycorrupted: Log partially corrupted archives.
multipart: Log multipart archives.
nested: Log nested archives.
mailbomb: Log mail bomb archives.
fileslimit: Log exceeded archive files limit.
timeout: Log scan timeout.
unhandled: Log archives that FortiOS cannot open.
option -
emulator Enable/disable the virus emulator.
enable: Enable the virus emulator.
disable: Disable the virus emulator.
option -
executables Treat Windows executable files as viruses for the purpose of blocking or monitoring.
default: Perform standard AntiVirus scanning of Windows executable files.
virus: Treat Windows executables as viruses.
option -
outbreak-prevention Enable Virus Outbreak Prevention service.
disabled: Disabled.
files: Analyze files as sent, not the content of archives.
full-archive: Analyze files including the content of archives.
option -
content-disarm Enable Content Disarm and Reconstruction for this protocol.
disable: Disable Content Disarm and Reconstruction for this protocol.
enable: Enable Content Disarm and Reconstruction for this protocol.
option -

config pop3

Parameter Name Description Type Size
options Enable/disable POP3 AntiVirus scanning, monitoring, and quarantine.
scan: Enable POP3 antivirus scanning.
avmonitor: Enable POP3 antivirus logging.
quarantine: Enable POP3 antivirus quarantine. Files are quarantined depending on quarantine settings.
option -
archive-block Select the archive types to block.
encrypted: Block encrypted archives.
corrupted: Block corrupted archives.
partiallycorrupted: Block partially corrupted archives.
multipart: Block multipart archives.
nested: Block nested archives.
mailbomb: Block mail bomb archives.
fileslimit: Block exceeded archive files limit.
timeout: Block scan timeout.
unhandled: Block archives that FortiOS cannot open.
option -
archive-log Select the archive types to log.
encrypted: Log encrypted archives.
corrupted: Log corrupted archives.
partiallycorrupted: Log partially corrupted archives.
multipart: Log multipart archives.
nested: Log nested archives.
mailbomb: Log mail bomb archives.
fileslimit: Log exceeded archive files limit.
timeout: Log scan timeout.
unhandled: Log archives that FortiOS cannot open.
option -
emulator Enable/disable the virus emulator.
enable: Enable the virus emulator.
disable: Disable the virus emulator.
option -
executables Treat Windows executable files as viruses for the purpose of blocking or monitoring.
default: Perform standard AntiVirus scanning of Windows executable files.
virus: Treat Windows executables as viruses.
option -
outbreak-prevention Enable Virus Outbreak Prevention service.
disabled: Disabled.
files: Analyze files as sent, not the content of archives.
full-archive: Analyze files including the content of archives.
option -
content-disarm Enable Content Disarm and Reconstruction for this protocol.
disable: Disable Content Disarm and Reconstruction for this protocol.
enable: Enable Content Disarm and Reconstruction for this protocol.
option -

config smtp

Parameter Name Description Type Size
options Enable/disable SMTP AntiVirus scanning, monitoring, and quarantine.
scan: Enable SMTP antivirus scanning.
avmonitor: Enable SMTP antivirus logging.
quarantine: Enable SMTP antivirus quarantine. Files are quarantined depending on quarantine settings.
option -
archive-block Select the archive types to block.
encrypted: Block encrypted archives.
corrupted: Block corrupted archives.
partiallycorrupted: Block partially corrupted archives.
multipart: Block multipart archives.
nested: Block nested archives.
mailbomb: Block mail bomb archives.
fileslimit: Block exceeded archive files limit.
timeout: Block scan timeout.
unhandled: Block archives that FortiOS cannot open.
option -
archive-log Select the archive types to log.
encrypted: Log encrypted archives.
corrupted: Log corrupted archives.
partiallycorrupted: Log partially corrupted archives.
multipart: Log multipart archives.
nested: Log nested archives.
mailbomb: Log mail bomb archives.
fileslimit: Log exceeded archive files limit.
timeout: Log scan timeout.
unhandled: Log archives that FortiOS cannot open.
option -
emulator Enable/disable the virus emulator.
enable: Enable the virus emulator.
disable: Disable the virus emulator.
option -
executables Treat Windows executable files as viruses for the purpose of blocking or monitoring.
default: Perform standard AntiVirus scanning of Windows executable files.
virus: Treat Windows executables as viruses.
option -
outbreak-prevention Enable Virus Outbreak Prevention service.
disabled: Disabled.
files: Analyze files as sent, not the content of archives.
full-archive: Analyze files including the content of archives.
option -
content-disarm Enable Content Disarm and Reconstruction for this protocol.
disable: Disable Content Disarm and Reconstruction for this protocol.
enable: Enable Content Disarm and Reconstruction for this protocol.
option -

config mapi

Parameter Name Description Type Size
options Enable/disable MAPI AntiVirus scanning, monitoring, and quarantine.
scan: Enable MAPI antivirus scanning.
avmonitor: Enable MAPI antivirus logging.
quarantine: Enable MAPI antivirus quarantine. Files are quarantined depending on quarantine settings.
option -
archive-block Select the archive types to block.
encrypted: Block encrypted archives.
corrupted: Block corrupted archives.
partiallycorrupted: Block partially corrupted archives.
multipart: Block multipart archives.
nested: Block nested archives.
mailbomb: Block mail bomb archives.
fileslimit: Block exceeded archive files limit.
timeout: Block scan timeout.
unhandled: Block archives that FortiOS cannot open.
option -
archive-log Select the archive types to log.
encrypted: Log encrypted archives.
corrupted: Log corrupted archives.
partiallycorrupted: Log partially corrupted archives.
multipart: Log multipart archives.
nested: Log nested archives.
mailbomb: Log mail bomb archives.
fileslimit: Log exceeded archive files limit.
timeout: Log scan timeout.
unhandled: Log archives that FortiOS cannot open.
option -
emulator Enable/disable the virus emulator.
enable: Enable the virus emulator.
disable: Disable the virus emulator.
option -
executables Treat Windows executable files as viruses for the purpose of blocking or monitoring.
default: Perform standard AntiVirus scanning of Windows executable files.
virus: Treat Windows executables as viruses.
option -
outbreak-prevention Enable Virus Outbreak Prevention service.
disabled: Disabled.
files: Analyze files as sent, not the content of archives.
full-archive: Analyze files including the content of archives.
option -

config nntp

Parameter Name Description Type Size
options Enable/disable NNTP AntiVirus scanning, monitoring, and quarantine.
scan: Enable NNTP antivirus scanning.
avmonitor: Enable NNTP antivirus logging.
quarantine: Enable NNTP antivirus quarantine. Files are quarantined depending on quarantine settings.
option -
archive-block Select the archive types to block.
encrypted: Block encrypted archives.
corrupted: Block corrupted archives.
partiallycorrupted: Block partially corrupted archives.
multipart: Block multipart archives.
nested: Block nested archives.
mailbomb: Block mail bomb archives.
fileslimit: Block exceeded archive files limit.
timeout: Block scan timeout.
unhandled: Block archives that FortiOS cannot open.
option -
archive-log Select the archive types to log.
encrypted: Log encrypted archives.
corrupted: Log corrupted archives.
partiallycorrupted: Log partially corrupted archives.
multipart: Log multipart archives.
nested: Log nested archives.
mailbomb: Log mail bomb archives.
fileslimit: Log exceeded archive files limit.
timeout: Log scan timeout.
unhandled: Log archives that FortiOS cannot open.
option -
emulator Enable/disable the virus emulator.
enable: Enable the virus emulator.
disable: Disable the virus emulator.
option -
outbreak-prevention Enable Virus Outbreak Prevention service.
disabled: Disabled.
files: Analyze files as sent, not the content of archives.
full-archive: Analyze files including the content of archives.
option -

config cifs

Parameter Name Description Type Size
options Enable/disable CIFS AntiVirus scanning, monitoring, and quarantine.
scan: Enable CIFS antivirus scanning.
avmonitor: Enable CIFS antivirus logging.
quarantine: Enable CIFS antivirus quarantine. Files are quarantined depending on quarantine settings.
option -
archive-block Select the archive types to block.
encrypted: Block encrypted archives.
corrupted: Block corrupted archives.
partiallycorrupted: Block partially corrupted archives.
multipart: Block multipart archives.
nested: Block nested archives.
mailbomb: Block mail bomb archives.
fileslimit: Block exceeded archive files limit.
timeout: Block scan timeout.
unhandled: Block archives that FortiOS cannot open.
option -
archive-log Select the archive types to log.
encrypted: Log encrypted archives.
corrupted: Log corrupted archives.
partiallycorrupted: Log partially corrupted archives.
multipart: Log multipart archives.
nested: Log nested archives.
mailbomb: Log mail bomb archives.
fileslimit: Log exceeded archive files limit.
timeout: Log scan timeout.
unhandled: Log archives that FortiOS cannot open.
option -
emulator Enable/disable the virus emulator.
enable: Enable the virus emulator.
disable: Disable the virus emulator.
option -
outbreak-prevention Enable Virus Outbreak Prevention service.
disabled: Disabled.
files: Analyze files as sent, not the content of archives.
full-archive: Analyze files including the content of archives.
option -

config nac-quar

Parameter Name Description Type Size
infected Enable/Disable quarantining infected hosts to the banned user list.
none: Do not quarantine infected hosts.
quar-src-ip: Quarantine all traffic from the infected hosts source IP.
option -
expiry Duration of quarantine. user Not Specified
log Enable/disable AntiVirus quarantine logging.
enable: Enable AntiVirus quarantine logging.
disable: Disable AntiVirus quarantine logging.
option -

config outbreak-prevention

Parameter Name Description Type Size
ftgd-service Enable/disable FortiGuard Virus outbreak prevention service.
disable: Disable FortiGuard Virus Outbreak Prevention service.
enable: Enable FortiGuard Virus Outbreak Prevention service.
option -
external-blocklist Enable/disable external malware blocklist.
disable: Disable external malware blocklist.
enable: Enable external malware blocklist.
option -

config content-disarm

Parameter Name Description Type Size
original-file-destination Destination to send original file if active content is removed.
fortisandbox: Send original file to configured FortiSandbox.
quarantine: Send original file to quarantine.
discard: Original file will be discarded after content disarm.
option -
office-macro Enable/disable stripping of macros in Microsoft Office documents.
disable: Disable this Content Disarm and Reconstruction feature.
enable: Enable this Content Disarm and Reconstruction feature.
option -
office-hylink Enable/disable stripping of hyperlinks in Microsoft Office documents.
disable: Disable this Content Disarm and Reconstruction feature.
enable: Enable this Content Disarm and Reconstruction feature.
option -
office-linked Enable/disable stripping of linked objects in Microsoft Office documents.
disable: Disable this Content Disarm and Reconstruction feature.
enable: Enable this Content Disarm and Reconstruction feature.
option -
office-embed Enable/disable stripping of embedded objects in Microsoft Office documents.
disable: Disable this Content Disarm and Reconstruction feature.
enable: Enable this Content Disarm and Reconstruction feature.
option -
office-dde Enable/disable stripping of Dynamic Data Exchange events in Microsoft Office documents.
disable: Disable this Content Disarm and Reconstruction feature.
enable: Enable this Content Disarm and Reconstruction feature.
option -
office-action Enable/disable stripping of PowerPoint action events in Microsoft Office documents.
disable: Disable this Content Disarm and Reconstruction feature.
enable: Enable this Content Disarm and Reconstruction feature.
option -
pdf-javacode Enable/disable stripping of JavaScript code in PDF documents.
disable: Disable this Content Disarm and Reconstruction feature.
enable: Enable this Content Disarm and Reconstruction feature.
option -
pdf-embedfile Enable/disable stripping of embedded files in PDF documents.
disable: Disable this Content Disarm and Reconstruction feature.
enable: Enable this Content Disarm and Reconstruction feature.
option -
pdf-hyperlink Enable/disable stripping of hyperlinks from PDF documents.
disable: Disable this Content Disarm and Reconstruction feature.
enable: Enable this Content Disarm and Reconstruction feature.
option -
pdf-act-gotor Enable/disable stripping of PDF document actions that access other PDF documents.
disable: Disable this Content Disarm and Reconstruction feature.
enable: Enable this Content Disarm and Reconstruction feature.
option -
pdf-act-launch Enable/disable stripping of PDF document actions that launch other applications.
disable: Disable this Content Disarm and Reconstruction feature.
enable: Enable this Content Disarm and Reconstruction feature.
option -
pdf-act-sound Enable/disable stripping of PDF document actions that play a sound.
disable: Disable this Content Disarm and Reconstruction feature.
enable: Enable this Content Disarm and Reconstruction feature.
option -
pdf-act-movie Enable/disable stripping of PDF document actions that play a movie.
disable: Disable this Content Disarm and Reconstruction feature.
enable: Enable this Content Disarm and Reconstruction feature.
option -
pdf-act-java Enable/disable stripping of PDF document actions that execute JavaScript code.
disable: Disable this Content Disarm and Reconstruction feature.
enable: Enable this Content Disarm and Reconstruction feature.
option -
pdf-act-form Enable/disable stripping of PDF document actions that submit data to other targets.
disable: Disable this Content Disarm and Reconstruction feature.
enable: Enable this Content Disarm and Reconstruction feature.
option -
cover-page Enable/disable inserting a cover page into the disarmed document.
disable: Disable this Content Disarm and Reconstruction feature.
enable: Enable this Content Disarm and Reconstruction feature.
option -
detect-only Enable/disable only detect disarmable files, do not alter content.
disable: Disable this Content Disarm and Reconstruction feature.
enable: Enable this Content Disarm and Reconstruction feature.
option -

Configure AntiVirus profiles.

  config antivirus profile
      Description: Configure AntiVirus profiles.
      edit <name>
          set comment {var-string}
          set replacemsg-group {string}
          set ftgd-analytics [disable|suspicious|...]
          set analytics-max-upload {integer}
          set analytics-wl-filetype {integer}
          set analytics-bl-filetype {integer}
          set analytics-db [disable|enable]
          set mobile-malware-db [disable|enable]
          config http
              Description: Configure HTTP AntiVirus options.
              set options {option1}, {option2}, ...
              set archive-block {option1}, {option2}, ...
              set archive-log {option1}, {option2}, ...
              set emulator [enable|disable]
              set outbreak-prevention [disabled|files|...]
              set content-disarm [disable|enable]
              set av-optimize [disable|enable]
          end
          config ftp
              Description: Configure FTP AntiVirus options.
              set options {option1}, {option2}, ...
              set archive-block {option1}, {option2}, ...
              set archive-log {option1}, {option2}, ...
              set emulator [enable|disable]
              set outbreak-prevention [disabled|files|...]
          end
          config imap
              Description: Configure IMAP AntiVirus options.
              set options {option1}, {option2}, ...
              set archive-block {option1}, {option2}, ...
              set archive-log {option1}, {option2}, ...
              set emulator [enable|disable]
              set executables [default|virus]
              set outbreak-prevention [disabled|files|...]
              set content-disarm [disable|enable]
          end
          config pop3
              Description: Configure POP3 AntiVirus options.
              set options {option1}, {option2}, ...
              set archive-block {option1}, {option2}, ...
              set archive-log {option1}, {option2}, ...
              set emulator [enable|disable]
              set executables [default|virus]
              set outbreak-prevention [disabled|files|...]
              set content-disarm [disable|enable]
          end
          config smtp
              Description: Configure SMTP AntiVirus options.
              set options {option1}, {option2}, ...
              set archive-block {option1}, {option2}, ...
              set archive-log {option1}, {option2}, ...
              set emulator [enable|disable]
              set executables [default|virus]
              set outbreak-prevention [disabled|files|...]
              set content-disarm [disable|enable]
          end
          config mapi
              Description: Configure MAPI AntiVirus options.
              set options {option1}, {option2}, ...
              set archive-block {option1}, {option2}, ...
              set archive-log {option1}, {option2}, ...
              set emulator [enable|disable]
              set executables [default|virus]
              set outbreak-prevention [disabled|files|...]
          end
          config nntp
              Description: Configure NNTP AntiVirus options.
              set options {option1}, {option2}, ...
              set archive-block {option1}, {option2}, ...
              set archive-log {option1}, {option2}, ...
              set emulator [enable|disable]
              set outbreak-prevention [disabled|files|...]
          end
          config cifs
              Description: Configure CIFS AntiVirus options.
              set options {option1}, {option2}, ...
              set archive-block {option1}, {option2}, ...
              set archive-log {option1}, {option2}, ...
              set emulator [enable|disable]
              set outbreak-prevention [disabled|files|...]
          end
          config nac-quar
              Description: Configure AntiVirus quarantine settings.
              set infected [none|quar-src-ip]
              set expiry {user}
              set log [enable|disable]
          end
          config outbreak-prevention
              Description: Configure Virus Outbreak Prevention settings.
              set ftgd-service [disable|enable]
              set external-blocklist [disable|enable]
          end
          config content-disarm
              Description: AV Content Disarm and Reconstruction settings.
              set original-file-destination [fortisandbox|quarantine|...]
              set office-macro [disable|enable]
              set office-hylink [disable|enable]
              set office-linked [disable|enable]
              set office-embed [disable|enable]
              set office-dde [disable|enable]
              set office-action [disable|enable]
              set pdf-javacode [disable|enable]
              set pdf-embedfile [disable|enable]
              set pdf-hyperlink [disable|enable]
              set pdf-act-gotor [disable|enable]
              set pdf-act-launch [disable|enable]
              set pdf-act-sound [disable|enable]
              set pdf-act-movie [disable|enable]
              set pdf-act-java [disable|enable]
              set pdf-act-form [disable|enable]
              set cover-page [disable|enable]
              set detect-only [disable|enable]
          end
          set av-virus-log [enable|disable]
          set av-block-log [enable|disable]
          set extended-log [enable|disable]
          set scan-mode [quick|full]
      next
  end

config antivirus profile

Parameter Name Description Type Size
comment Comment. var-string Maximum length: 255
replacemsg-group Replacement message group customized for this profile. string Maximum length: 35
ftgd-analytics Settings to control which files are uploaded to FortiSandbox.
disable: Do not upload files to FortiSandbox.
suspicious: Submit files supported by FortiSandbox if heuristics or other methods determine they are suspicious.
everything: Submit all files scanned by AntiVirus to FortiSandbox. AntiVirus may not scan all files.
option -
analytics-max-upload Maximum size of files that can be uploaded to FortiSandbox (1 - 395 MBytes, default = 10). integer Minimum value: 1 Maximum value: 395
analytics-wl-filetype Do not submit files matching this DLP file-pattern to FortiSandbox. integer Minimum value: 0 Maximum value: 4294967295
analytics-bl-filetype Only submit files matching this DLP file-pattern to FortiSandbox. integer Minimum value: 0 Maximum value: 4294967295
analytics-db Enable/disable using the FortiSandbox signature database to supplement the AV signature databases.
disable: Use only the standard AV signature databases.
enable: Also use the FortiSandbox signature database.
option -
mobile-malware-db Enable/disable using the mobile malware signature database.
disable: Do not use the mobile malware signature database.
enable: Also use the mobile malware signature database.
option -
av-virus-log Enable/disable AntiVirus logging.
enable: Enable setting.
disable: Disable setting.
option -
av-block-log Enable/disable logging for AntiVirus file blocking.
enable: Enable setting.
disable: Disable setting.
option -
extended-log Enable/disable extended logging for antivirus.
enable: Enable setting.
disable: Disable setting.
option -
scan-mode Choose between full scan mode and quick scan mode.
quick: Use quick mode scanning. Quick mode uses a smaller database and may be less accurate. Full mode is recommended.
full: Full mode virus scanning. Recommended scanning mode. More accurate than quick mode with similar performance.
option -

config http

Parameter Name Description Type Size
options Enable/disable HTTP AntiVirus scanning, monitoring, and quarantine.
scan: Enable HTTP antivirus scanning.
avmonitor: Enable HTTP antivirus logging.
quarantine: Enable HTTP antivirus quarantine. Files are quarantined depending on quarantine settings.
option -
archive-block Select the archive types to block.
encrypted: Block encrypted archives.
corrupted: Block corrupted archives.
partiallycorrupted: Block partially corrupted archives.
multipart: Block multipart archives.
nested: Block nested archives.
mailbomb: Block mail bomb archives.
fileslimit: Block exceeded archive files limit.
timeout: Block scan timeout.
unhandled: Block archives that FortiOS cannot open.
option -
archive-log Select the archive types to log.
encrypted: Log encrypted archives.
corrupted: Log corrupted archives.
partiallycorrupted: Log partially corrupted archives.
multipart: Log multipart archives.
nested: Log nested archives.
mailbomb: Log mail bomb archives.
fileslimit: Log exceeded archive files limit.
timeout: Log scan timeout.
unhandled: Log archives that FortiOS cannot open.
option -
emulator Enable/disable the virus emulator.
enable: Enable the virus emulator.
disable: Disable the virus emulator.
option -
outbreak-prevention Enable Virus Outbreak Prevention service.
disabled: Disabled.
files: Analyze files as sent, not the content of archives.
full-archive: Analyze files including the content of archives.
option -
content-disarm Enable Content Disarm and Reconstruction for this protocol.
disable: Disable Content Disarm and Reconstruction for this protocol.
enable: Enable Content Disarm and Reconstruction for this protocol.
option -
av-optimize Enable/disable AV optimization for this protocol.
disable: Disable AV optimization for this protocol.
enable: Enable AV optimization for this protocol.
option -

config ftp

Parameter Name Description Type Size
options Enable/disable FTP AntiVirus scanning, monitoring, and quarantine.
scan: Enable FTP antivirus scanning.
avmonitor: Enable FTP antivirus logging.
quarantine: Enable FTP antivirus quarantine. Files are quarantined depending on quarantine settings.
option -
archive-block Select the archive types to block.
encrypted: Block encrypted archives.
corrupted: Block corrupted archives.
partiallycorrupted: Block partially corrupted archives.
multipart: Block multipart archives.
nested: Block nested archives.
mailbomb: Block mail bomb archives.
fileslimit: Block exceeded archive files limit.
timeout: Block scan timeout.
unhandled: Block archives that FortiOS cannot open.
option -
archive-log Select the archive types to log.
encrypted: Log encrypted archives.
corrupted: Log corrupted archives.
partiallycorrupted: Log partially corrupted archives.
multipart: Log multipart archives.
nested: Log nested archives.
mailbomb: Log mail bomb archives.
fileslimit: Log exceeded archive files limit.
timeout: Log scan timeout.
unhandled: Log archives that FortiOS cannot open.
option -
emulator Enable/disable the virus emulator.
enable: Enable the virus emulator.
disable: Disable the virus emulator.
option -
outbreak-prevention Enable Virus Outbreak Prevention service.
disabled: Disabled.
files: Analyze files as sent, not the content of archives.
full-archive: Analyze files including the content of archives.
option -

config imap

Parameter Name Description Type Size
options Enable/disable IMAP AntiVirus scanning, monitoring, and quarantine.
scan: Enable IMAP antivirus scanning.
avmonitor: Enable IMAP antivirus logging.
quarantine: Enable IMAP antivirus quarantine. Files are quarantined depending on quarantine settings.
option -
archive-block Select the archive types to block.
encrypted: Block encrypted archives.
corrupted: Block corrupted archives.
partiallycorrupted: Block partially corrupted archives.
multipart: Block multipart archives.
nested: Block nested archives.
mailbomb: Block mail bomb archives.
fileslimit: Block exceeded archive files limit.
timeout: Block scan timeout.
unhandled: Block archives that FortiOS cannot open.
option -
archive-log Select the archive types to log.
encrypted: Log encrypted archives.
corrupted: Log corrupted archives.
partiallycorrupted: Log partially corrupted archives.
multipart: Log multipart archives.
nested: Log nested archives.
mailbomb: Log mail bomb archives.
fileslimit: Log exceeded archive files limit.
timeout: Log scan timeout.
unhandled: Log archives that FortiOS cannot open.
option -
emulator Enable/disable the virus emulator.
enable: Enable the virus emulator.
disable: Disable the virus emulator.
option -
executables Treat Windows executable files as viruses for the purpose of blocking or monitoring.
default: Perform standard AntiVirus scanning of Windows executable files.
virus: Treat Windows executables as viruses.
option -
outbreak-prevention Enable Virus Outbreak Prevention service.
disabled: Disabled.
files: Analyze files as sent, not the content of archives.
full-archive: Analyze files including the content of archives.
option -
content-disarm Enable Content Disarm and Reconstruction for this protocol.
disable: Disable Content Disarm and Reconstruction for this protocol.
enable: Enable Content Disarm and Reconstruction for this protocol.
option -

config pop3

Parameter Name Description Type Size
options Enable/disable POP3 AntiVirus scanning, monitoring, and quarantine.
scan: Enable POP3 antivirus scanning.
avmonitor: Enable POP3 antivirus logging.
quarantine: Enable POP3 antivirus quarantine. Files are quarantined depending on quarantine settings.
option -
archive-block Select the archive types to block.
encrypted: Block encrypted archives.
corrupted: Block corrupted archives.
partiallycorrupted: Block partially corrupted archives.
multipart: Block multipart archives.
nested: Block nested archives.
mailbomb: Block mail bomb archives.
fileslimit: Block exceeded archive files limit.
timeout: Block scan timeout.
unhandled: Block archives that FortiOS cannot open.
option -
archive-log Select the archive types to log.
encrypted: Log encrypted archives.
corrupted: Log corrupted archives.
partiallycorrupted: Log partially corrupted archives.
multipart: Log multipart archives.
nested: Log nested archives.
mailbomb: Log mail bomb archives.
fileslimit: Log exceeded archive files limit.
timeout: Log scan timeout.
unhandled: Log archives that FortiOS cannot open.
option -
emulator Enable/disable the virus emulator.
enable: Enable the virus emulator.
disable: Disable the virus emulator.
option -
executables Treat Windows executable files as viruses for the purpose of blocking or monitoring.
default: Perform standard AntiVirus scanning of Windows executable files.
virus: Treat Windows executables as viruses.
option -
outbreak-prevention Enable Virus Outbreak Prevention service.
disabled: Disabled.
files: Analyze files as sent, not the content of archives.
full-archive: Analyze files including the content of archives.
option -
content-disarm Enable Content Disarm and Reconstruction for this protocol.
disable: Disable Content Disarm and Reconstruction for this protocol.
enable: Enable Content Disarm and Reconstruction for this protocol.
option -

config smtp

Parameter Name Description Type Size
options Enable/disable SMTP AntiVirus scanning, monitoring, and quarantine.
scan: Enable SMTP antivirus scanning.
avmonitor: Enable SMTP antivirus logging.
quarantine: Enable SMTP antivirus quarantine. Files are quarantined depending on quarantine settings.
option -
archive-block Select the archive types to block.
encrypted: Block encrypted archives.
corrupted: Block corrupted archives.
partiallycorrupted: Block partially corrupted archives.
multipart: Block multipart archives.
nested: Block nested archives.
mailbomb: Block mail bomb archives.
fileslimit: Block exceeded archive files limit.
timeout: Block scan timeout.
unhandled: Block archives that FortiOS cannot open.
option -
archive-log Select the archive types to log.
encrypted: Log encrypted archives.
corrupted: Log corrupted archives.
partiallycorrupted: Log partially corrupted archives.
multipart: Log multipart archives.
nested: Log nested archives.
mailbomb: Log mail bomb archives.
fileslimit: Log exceeded archive files limit.
timeout: Log scan timeout.
unhandled: Log archives that FortiOS cannot open.
option -
emulator Enable/disable the virus emulator.
enable: Enable the virus emulator.
disable: Disable the virus emulator.
option -
executables Treat Windows executable files as viruses for the purpose of blocking or monitoring.
default: Perform standard AntiVirus scanning of Windows executable files.
virus: Treat Windows executables as viruses.
option -
outbreak-prevention Enable Virus Outbreak Prevention service.
disabled: Disabled.
files: Analyze files as sent, not the content of archives.
full-archive: Analyze files including the content of archives.
option -
content-disarm Enable Content Disarm and Reconstruction for this protocol.
disable: Disable Content Disarm and Reconstruction for this protocol.
enable: Enable Content Disarm and Reconstruction for this protocol.
option -

config mapi

Parameter Name Description Type Size
options Enable/disable MAPI AntiVirus scanning, monitoring, and quarantine.
scan: Enable MAPI antivirus scanning.
avmonitor: Enable MAPI antivirus logging.
quarantine: Enable MAPI antivirus quarantine. Files are quarantined depending on quarantine settings.
option -
archive-block Select the archive types to block.
encrypted: Block encrypted archives.
corrupted: Block corrupted archives.
partiallycorrupted: Block partially corrupted archives.
multipart: Block multipart archives.
nested: Block nested archives.
mailbomb: Block mail bomb archives.
fileslimit: Block exceeded archive files limit.
timeout: Block scan timeout.
unhandled: Block archives that FortiOS cannot open.
option -
archive-log Select the archive types to log.
encrypted: Log encrypted archives.
corrupted: Log corrupted archives.
partiallycorrupted: Log partially corrupted archives.
multipart: Log multipart archives.
nested: Log nested archives.
mailbomb: Log mail bomb archives.
fileslimit: Log exceeded archive files limit.
timeout: Log scan timeout.
unhandled: Log archives that FortiOS cannot open.
option -
emulator Enable/disable the virus emulator.
enable: Enable the virus emulator.
disable: Disable the virus emulator.
option -
executables Treat Windows executable files as viruses for the purpose of blocking or monitoring.
default: Perform standard AntiVirus scanning of Windows executable files.
virus: Treat Windows executables as viruses.
option -
outbreak-prevention Enable Virus Outbreak Prevention service.
disabled: Disabled.
files: Analyze files as sent, not the content of archives.
full-archive: Analyze files including the content of archives.
option -

config nntp

Parameter Name Description Type Size
options Enable/disable NNTP AntiVirus scanning, monitoring, and quarantine.
scan: Enable NNTP antivirus scanning.
avmonitor: Enable NNTP antivirus logging.
quarantine: Enable NNTP antivirus quarantine. Files are quarantined depending on quarantine settings.
option -
archive-block Select the archive types to block.
encrypted: Block encrypted archives.
corrupted: Block corrupted archives.
partiallycorrupted: Block partially corrupted archives.
multipart: Block multipart archives.
nested: Block nested archives.
mailbomb: Block mail bomb archives.
fileslimit: Block exceeded archive files limit.
timeout: Block scan timeout.
unhandled: Block archives that FortiOS cannot open.
option -
archive-log Select the archive types to log.
encrypted: Log encrypted archives.
corrupted: Log corrupted archives.
partiallycorrupted: Log partially corrupted archives.
multipart: Log multipart archives.
nested: Log nested archives.
mailbomb: Log mail bomb archives.
fileslimit: Log exceeded archive files limit.
timeout: Log scan timeout.
unhandled: Log archives that FortiOS cannot open.
option -
emulator Enable/disable the virus emulator.
enable: Enable the virus emulator.
disable: Disable the virus emulator.
option -
outbreak-prevention Enable Virus Outbreak Prevention service.
disabled: Disabled.
files: Analyze files as sent, not the content of archives.
full-archive: Analyze files including the content of archives.
option -

config cifs

Parameter Name Description Type Size
options Enable/disable CIFS AntiVirus scanning, monitoring, and quarantine.
scan: Enable CIFS antivirus scanning.
avmonitor: Enable CIFS antivirus logging.
quarantine: Enable CIFS antivirus quarantine. Files are quarantined depending on quarantine settings.
option -
archive-block Select the archive types to block.
encrypted: Block encrypted archives.
corrupted: Block corrupted archives.
partiallycorrupted: Block partially corrupted archives.
multipart: Block multipart archives.
nested: Block nested archives.
mailbomb: Block mail bomb archives.
fileslimit: Block exceeded archive files limit.
timeout: Block scan timeout.
unhandled: Block archives that FortiOS cannot open.
option -
archive-log Select the archive types to log.
encrypted: Log encrypted archives.
corrupted: Log corrupted archives.
partiallycorrupted: Log partially corrupted archives.
multipart: Log multipart archives.
nested: Log nested archives.
mailbomb: Log mail bomb archives.
fileslimit: Log exceeded archive files limit.
timeout: Log scan timeout.
unhandled: Log archives that FortiOS cannot open.
option -
emulator Enable/disable the virus emulator.
enable: Enable the virus emulator.
disable: Disable the virus emulator.
option -
outbreak-prevention Enable Virus Outbreak Prevention service.
disabled: Disabled.
files: Analyze files as sent, not the content of archives.
full-archive: Analyze files including the content of archives.
option -

config nac-quar

Parameter Name Description Type Size
infected Enable/Disable quarantining infected hosts to the banned user list.
none: Do not quarantine infected hosts.
quar-src-ip: Quarantine all traffic from the infected hosts source IP.
option -
expiry Duration of quarantine. user Not Specified
log Enable/disable AntiVirus quarantine logging.
enable: Enable AntiVirus quarantine logging.
disable: Disable AntiVirus quarantine logging.
option -

config outbreak-prevention

Parameter Name Description Type Size
ftgd-service Enable/disable FortiGuard Virus outbreak prevention service.
disable: Disable FortiGuard Virus Outbreak Prevention service.
enable: Enable FortiGuard Virus Outbreak Prevention service.
option -
external-blocklist Enable/disable external malware blocklist.
disable: Disable external malware blocklist.
enable: Enable external malware blocklist.
option -

config content-disarm

Parameter Name Description Type Size
original-file-destination Destination to send original file if active content is removed.
fortisandbox: Send original file to configured FortiSandbox.
quarantine: Send original file to quarantine.
discard: Original file will be discarded after content disarm.
option -
office-macro Enable/disable stripping of macros in Microsoft Office documents.
disable: Disable this Content Disarm and Reconstruction feature.
enable: Enable this Content Disarm and Reconstruction feature.
option -
office-hylink Enable/disable stripping of hyperlinks in Microsoft Office documents.
disable: Disable this Content Disarm and Reconstruction feature.
enable: Enable this Content Disarm and Reconstruction feature.
option -
office-linked Enable/disable stripping of linked objects in Microsoft Office documents.
disable: Disable this Content Disarm and Reconstruction feature.
enable: Enable this Content Disarm and Reconstruction feature.
option -
office-embed Enable/disable stripping of embedded objects in Microsoft Office documents.
disable: Disable this Content Disarm and Reconstruction feature.
enable: Enable this Content Disarm and Reconstruction feature.
option -
office-dde Enable/disable stripping of Dynamic Data Exchange events in Microsoft Office documents.
disable: Disable this Content Disarm and Reconstruction feature.
enable: Enable this Content Disarm and Reconstruction feature.
option -
office-action Enable/disable stripping of PowerPoint action events in Microsoft Office documents.
disable: Disable this Content Disarm and Reconstruction feature.
enable: Enable this Content Disarm and Reconstruction feature.
option -
pdf-javacode Enable/disable stripping of JavaScript code in PDF documents.
disable: Disable this Content Disarm and Reconstruction feature.
enable: Enable this Content Disarm and Reconstruction feature.
option -
pdf-embedfile Enable/disable stripping of embedded files in PDF documents.
disable: Disable this Content Disarm and Reconstruction feature.
enable: Enable this Content Disarm and Reconstruction feature.
option -
pdf-hyperlink Enable/disable stripping of hyperlinks from PDF documents.
disable: Disable this Content Disarm and Reconstruction feature.
enable: Enable this Content Disarm and Reconstruction feature.
option -
pdf-act-gotor Enable/disable stripping of PDF document actions that access other PDF documents.
disable: Disable this Content Disarm and Reconstruction feature.
enable: Enable this Content Disarm and Reconstruction feature.
option -
pdf-act-launch Enable/disable stripping of PDF document actions that launch other applications.
disable: Disable this Content Disarm and Reconstruction feature.
enable: Enable this Content Disarm and Reconstruction feature.
option -
pdf-act-sound Enable/disable stripping of PDF document actions that play a sound.
disable: Disable this Content Disarm and Reconstruction feature.
enable: Enable this Content Disarm and Reconstruction feature.
option -
pdf-act-movie Enable/disable stripping of PDF document actions that play a movie.
disable: Disable this Content Disarm and Reconstruction feature.
enable: Enable this Content Disarm and Reconstruction feature.
option -
pdf-act-java Enable/disable stripping of PDF document actions that execute JavaScript code.
disable: Disable this Content Disarm and Reconstruction feature.
enable: Enable this Content Disarm and Reconstruction feature.
option -
pdf-act-form Enable/disable stripping of PDF document actions that submit data to other targets.
disable: Disable this Content Disarm and Reconstruction feature.
enable: Enable this Content Disarm and Reconstruction feature.
option -
cover-page Enable/disable inserting a cover page into the disarmed document.
disable: Disable this Content Disarm and Reconstruction feature.
enable: Enable this Content Disarm and Reconstruction feature.
option -
detect-only Enable/disable only detect disarmable files, do not alter content.
disable: Disable this Content Disarm and Reconstruction feature.
enable: Enable this Content Disarm and Reconstruction feature.
option -