FortiOS offers the unique ability to implement both flow-based and proxy-based antivirus concurrently, depending on the traffic type, users, and locations. Flow-based antivirus offers higher throughput performance, while proxy-based solutions are useful to mitigate stealthy malicious codes.
FortiOS includes two preloaded antivirus profiles:
You can customize these profiles, or you can create your own to inspect certain protocols, remove viruses, analyze suspicious files with FortiSandbox, and apply botnet protection to network traffic. Once configured, you can add the antivirus profile to a firewall policy.
This functionality requires a subscription to FortiGuard Antivirus.
Starting from 6.2, for oversized files, the UTM scan strategy used in proxy mode for the HTTP, HTTPS, FTP, FTPS, and SSH protocols is best effort in both default and legacy scan modes. In the FortiGate memory allocation based on the oversize limit and uncompressed oversize limit defined in the protocol options, the FortiGate scans buffered files as much as it can. This strategy improves the effectiveness of the malware detection, and provides better security by scanning whole or partial files that would be bypassed if oversized files were bypassed.
The following topics provide information about antivirus profiles:
- Content disarm and reconstruction for antivirus
- FortiGuard outbreak prevention for antivirus
- External malware block list for antivirus
- Checking flow antivirus statistics
- CIFS support
The following topics provide information about sandbox inspection with antivirus: