Databases
The antivirus scanning engine uses a virus signatures database to record the unique attributes of each infection. The antivirus scan searches for these signatures and when one is discovered, the FortiGate unit determines if the file is infected and takes action.
All FortiGate units have the normal antivirus signature database. The FortiGate 300D is the lowest model that supports the extreme database. All VMs support the extreme database. Some models have additional databases that you can use. The database that you use depends on your network and security needs.
Normal |
Includes currently spreading viruses, as determined by the FortiGuard Global Security Research Team. These viruses are the greatest threat. |
Extended |
Includes the normal database, as well as recent viruses that are no longer active. This is the default setting. These viruses may have been spreading within the last year but have since nearly or completely disappeared. |
Extreme |
Includes the extended database, as well as a large collection of zoo viruses. These are viruses that have not spread in a long time and are largely dormant. Some zoo viruses might rely on operating systems and hardware that are no longer widely used. |
The extended virus definitions database is the default setting and provides comprehensive antivirus protection. This coverage comes at a cost because more processing requires additional resources.
To change the antivirus database:
config antivirus settings set default-db {normal | extended | extreme} end