config antivirus profile

Configure AntiVirus profiles.

config antivirus profile

Description: Configure AntiVirus profiles.

edit <name>

set comment {var-string}

set replacemsg-group {string}

set feature-set [flow|proxy]

set ftgd-analytics [disable|suspicious|...]

set analytics-max-upload {integer}

set analytics-wl-filetype {integer}

set analytics-bl-filetype {integer}

set analytics-db [disable|enable]

set mobile-malware-db [disable|enable]

config http

Description: Configure HTTP AntiVirus options.

set options {option1}, {option2}, ...

set archive-block {option1}, {option2}, ...

set archive-log {option1}, {option2}, ...

set emulator [enable|disable]

set outbreak-prevention [disabled|files|...]

set content-disarm [disable|enable]

end

config ftp

Description: Configure FTP AntiVirus options.

set options {option1}, {option2}, ...

set archive-block {option1}, {option2}, ...

set archive-log {option1}, {option2}, ...

set emulator [enable|disable]

set outbreak-prevention [disabled|files|...]

end

config imap

Description: Configure IMAP AntiVirus options.

set options {option1}, {option2}, ...

set archive-block {option1}, {option2}, ...

set archive-log {option1}, {option2}, ...

set emulator [enable|disable]

set executables [default|virus]

set outbreak-prevention [disabled|files|...]

set content-disarm [disable|enable]

end

config pop3

Description: Configure POP3 AntiVirus options.

set options {option1}, {option2}, ...

set archive-block {option1}, {option2}, ...

set archive-log {option1}, {option2}, ...

set emulator [enable|disable]

set executables [default|virus]

set outbreak-prevention [disabled|files|...]

set content-disarm [disable|enable]

end

config smtp

Description: Configure SMTP AntiVirus options.

set options {option1}, {option2}, ...

set archive-block {option1}, {option2}, ...

set archive-log {option1}, {option2}, ...

set emulator [enable|disable]

set executables [default|virus]

set outbreak-prevention [disabled|files|...]

set content-disarm [disable|enable]

end

config mapi

Description: Configure MAPI AntiVirus options.

set options {option1}, {option2}, ...

set archive-block {option1}, {option2}, ...

set archive-log {option1}, {option2}, ...

set emulator [enable|disable]

set executables [default|virus]

set outbreak-prevention [disabled|files|...]

end

config nntp

Description: Configure NNTP AntiVirus options.

set options {option1}, {option2}, ...

set archive-block {option1}, {option2}, ...

set archive-log {option1}, {option2}, ...

set emulator [enable|disable]

set outbreak-prevention [disabled|files|...]

end

config cifs

Description: Configure CIFS AntiVirus options.

set options {option1}, {option2}, ...

set archive-block {option1}, {option2}, ...

set archive-log {option1}, {option2}, ...

set emulator [enable|disable]

set outbreak-prevention [disabled|files|...]

end

config ssh

Description: Configure SFTP and SCP AntiVirus options.

set options {option1}, {option2}, ...

set archive-block {option1}, {option2}, ...

set archive-log {option1}, {option2}, ...

set emulator [enable|disable]

set outbreak-prevention [disabled|files|...]

end

config nac-quar

Description: Configure AntiVirus quarantine settings.

set infected [none|quar-src-ip]

set expiry {user}

set log [enable|disable]

end

config outbreak-prevention

Description: Configure Virus Outbreak Prevention settings.

set ftgd-service [disable|enable]

set external-blocklist [disable|enable]

end

config content-disarm

Description: AV Content Disarm and Reconstruction settings.

set original-file-destination [fortisandbox|quarantine|...]

set error-action [block|log-only|...]

set office-macro [disable|enable]

set office-hylink [disable|enable]

set office-linked [disable|enable]

set office-embed [disable|enable]

set office-dde [disable|enable]

set office-action [disable|enable]

set pdf-javacode [disable|enable]

set pdf-embedfile [disable|enable]

set pdf-hyperlink [disable|enable]

set pdf-act-gotor [disable|enable]

set pdf-act-launch [disable|enable]

set pdf-act-sound [disable|enable]

set pdf-act-movie [disable|enable]

set pdf-act-java [disable|enable]

set pdf-act-form [disable|enable]

set cover-page [disable|enable]

set detect-only [disable|enable]

end

set av-virus-log [enable|disable]

set av-block-log [enable|disable]

set extended-log [enable|disable]

set scan-mode [default|legacy]

next

end

config antivirus profile

Parameter

Description

Type

Size

Default

comment

Comment.

var-string

Maximum length: 255

replacemsg-group

Replacement message group customized for this profile.

string

Maximum length: 35

feature-set

Flow/proxy feature set.

option

-

flow

 

Option

Description

flow

Flow feature set.

proxy

Proxy feature set.

ftgd-analytics

Settings to control which files are uploaded to FortiSandbox.

option

-

disable

 

Option

Description

disable

Do not upload files to FortiSandbox.

suspicious

Submit files supported by FortiSandbox if heuristics or other methods determine they are suspicious.

everything

Submit all files scanned by AntiVirus to FortiSandbox. AntiVirus may not scan all files.

analytics-max-upload

Maximum size of files that can be uploaded to FortiSandbox .

integer

Minimum value: 1 Maximum value: 186 **

10

analytics-wl-filetype

Do not submit files matching this DLP file-pattern to FortiSandbox.

integer

Minimum value: 0 Maximum value: 4294967295

0

analytics-bl-filetype

Only submit files matching this DLP file-pattern to FortiSandbox.

integer

Minimum value: 0 Maximum value: 4294967295

0

analytics-db

Enable/disable using the FortiSandbox signature database to supplement the AV signature databases.

option

-

disable

 

Option

Description

disable

Use only the standard AV signature databases.

enable

Also use the FortiSandbox signature database.

mobile-malware-db

Enable/disable using the mobile malware signature database.

option

-

enable

 

Option

Description

disable

Do not use the mobile malware signature database.

enable

Also use the mobile malware signature database.

av-virus-log

Enable/disable AntiVirus logging.

option

-

enable

 

Option

Description

enable

Enable setting.

disable

Disable setting.

av-block-log

Enable/disable logging for AntiVirus file blocking.

option

-

enable

 

Option

Description

enable

Enable setting.

disable

Disable setting.

extended-log

Enable/disable extended logging for antivirus.

option

-

disable

 

Option

Description

enable

Enable setting.

disable

Disable setting.

scan-mode

Choose between default scan mode and legacy scan mode.

option

-

default

 

Option

Description

default

On the fly decompression and scanning of certain archive files.

legacy

Scan archive files only after the entire file is received.

** Values may differ between models.

config http

Parameter

Description

Type

Size

Default

options

Enable/disable HTTP AntiVirus scanning, monitoring, and quarantine.

option

-

 

Option

Description

scan

Enable HTTP antivirus scanning.

avmonitor

Enable HTTP antivirus logging.

quarantine

Enable HTTP antivirus quarantine. Files are quarantined depending on quarantine settings.

archive-block

Select the archive types to block.

option

-

 

Option

Description

encrypted

Block encrypted archives.

corrupted

Block corrupted archives.

partiallycorrupted

Block partially corrupted archives.

multipart

Block multipart archives.

nested

Block nested archives.

mailbomb

Block mail bomb archives.

fileslimit

Block exceeded archive files limit.

timeout

Block scan timeout.

unhandled

Block archives that FortiOS cannot open.

archive-log

Select the archive types to log.

option

-

 

Option

Description

encrypted

Log encrypted archives.

corrupted

Log corrupted archives.

partiallycorrupted

Log partially corrupted archives.

multipart

Log multipart archives.

nested

Log nested archives.

mailbomb

Log mail bomb archives.

fileslimit

Log exceeded archive files limit.

timeout

Log scan timeout.

unhandled

Log archives that FortiOS cannot open.

emulator

Enable/disable the virus emulator.

option

-

enable

 

Option

Description

enable

Enable the virus emulator.

disable

Disable the virus emulator.

outbreak-prevention

Enable Virus Outbreak Prevention service.

option

-

disabled

 

Option

Description

disabled

Disabled.

files

Analyze files as sent, not the content of archives.

full-archive

Analyze files including the content of archives.

content-disarm

Enable Content Disarm and Reconstruction for this protocol.

option

-

disable

 

Option

Description

disable

Disable Content Disarm and Reconstruction for this protocol.

enable

Enable Content Disarm and Reconstruction for this protocol.

config ftp

Parameter

Description

Type

Size

Default

options

Enable/disable FTP AntiVirus scanning, monitoring, and quarantine.

option

-

 

Option

Description

scan

Enable FTP antivirus scanning.

avmonitor

Enable FTP antivirus logging.

quarantine

Enable FTP antivirus quarantine. Files are quarantined depending on quarantine settings.

archive-block

Select the archive types to block.

option

-

 

Option

Description

encrypted

Block encrypted archives.

corrupted

Block corrupted archives.

partiallycorrupted

Block partially corrupted archives.

multipart

Block multipart archives.

nested

Block nested archives.

mailbomb

Block mail bomb archives.

fileslimit

Block exceeded archive files limit.

timeout

Block scan timeout.

unhandled

Block archives that FortiOS cannot open.

archive-log

Select the archive types to log.

option

-

 

Option

Description

encrypted

Log encrypted archives.

corrupted

Log corrupted archives.

partiallycorrupted

Log partially corrupted archives.

multipart

Log multipart archives.

nested

Log nested archives.

mailbomb

Log mail bomb archives.

fileslimit

Log exceeded archive files limit.

timeout

Log scan timeout.

unhandled

Log archives that FortiOS cannot open.

emulator

Enable/disable the virus emulator.

option

-

enable

 

Option

Description

enable

Enable the virus emulator.

disable

Disable the virus emulator.

outbreak-prevention

Enable Virus Outbreak Prevention service.

option

-

disabled

 

Option

Description

disabled

Disabled.

files

Analyze files as sent, not the content of archives.

full-archive

Analyze files including the content of archives.

config imap

Parameter

Description

Type

Size

Default

options

Enable/disable IMAP AntiVirus scanning, monitoring, and quarantine.

option

-

 

Option

Description

scan

Enable IMAP antivirus scanning.

avmonitor

Enable IMAP antivirus logging.

quarantine

Enable IMAP antivirus quarantine. Files are quarantined depending on quarantine settings.

archive-block

Select the archive types to block.

option

-

 

Option

Description

encrypted

Block encrypted archives.

corrupted

Block corrupted archives.

partiallycorrupted

Block partially corrupted archives.

multipart

Block multipart archives.

nested

Block nested archives.

mailbomb

Block mail bomb archives.

fileslimit

Block exceeded archive files limit.

timeout

Block scan timeout.

unhandled

Block archives that FortiOS cannot open.

archive-log

Select the archive types to log.

option

-

 

Option

Description

encrypted

Log encrypted archives.

corrupted

Log corrupted archives.

partiallycorrupted

Log partially corrupted archives.

multipart

Log multipart archives.

nested

Log nested archives.

mailbomb

Log mail bomb archives.

fileslimit

Log exceeded archive files limit.

timeout

Log scan timeout.

unhandled

Log archives that FortiOS cannot open.

emulator

Enable/disable the virus emulator.

option

-

enable

 

Option

Description

enable

Enable the virus emulator.

disable

Disable the virus emulator.

executables

Treat Windows executable files as viruses for the purpose of blocking or monitoring.

option

-

default

 

Option

Description

default

Perform standard AntiVirus scanning of Windows executable files.

virus

Treat Windows executables as viruses.

outbreak-prevention

Enable Virus Outbreak Prevention service.

option

-

disabled

 

Option

Description

disabled

Disabled.

files

Analyze files as sent, not the content of archives.

full-archive

Analyze files including the content of archives.

content-disarm

Enable Content Disarm and Reconstruction for this protocol.

option

-

disable

 

Option

Description

disable

Disable Content Disarm and Reconstruction for this protocol.

enable

Enable Content Disarm and Reconstruction for this protocol.

config pop3

Parameter

Description

Type

Size

Default

options

Enable/disable POP3 AntiVirus scanning, monitoring, and quarantine.

option

-

 

Option

Description

scan

Enable POP3 antivirus scanning.

avmonitor

Enable POP3 antivirus logging.

quarantine

Enable POP3 antivirus quarantine. Files are quarantined depending on quarantine settings.

archive-block

Select the archive types to block.

option

-

 

Option

Description

encrypted

Block encrypted archives.

corrupted

Block corrupted archives.

partiallycorrupted

Block partially corrupted archives.

multipart

Block multipart archives.

nested

Block nested archives.

mailbomb

Block mail bomb archives.

fileslimit

Block exceeded archive files limit.

timeout

Block scan timeout.

unhandled

Block archives that FortiOS cannot open.

archive-log

Select the archive types to log.

option

-

 

Option

Description

encrypted

Log encrypted archives.

corrupted

Log corrupted archives.

partiallycorrupted

Log partially corrupted archives.

multipart

Log multipart archives.

nested

Log nested archives.

mailbomb

Log mail bomb archives.

fileslimit

Log exceeded archive files limit.

timeout

Log scan timeout.

unhandled

Log archives that FortiOS cannot open.

emulator

Enable/disable the virus emulator.

option

-

enable

 

Option

Description

enable

Enable the virus emulator.

disable

Disable the virus emulator.

executables

Treat Windows executable files as viruses for the purpose of blocking or monitoring.

option

-

default

 

Option

Description

default

Perform standard AntiVirus scanning of Windows executable files.

virus

Treat Windows executables as viruses.

outbreak-prevention

Enable Virus Outbreak Prevention service.

option

-

disabled

 

Option

Description

disabled

Disabled.

files

Analyze files as sent, not the content of archives.

full-archive

Analyze files including the content of archives.

content-disarm

Enable Content Disarm and Reconstruction for this protocol.

option

-

disable

 

Option

Description

disable

Disable Content Disarm and Reconstruction for this protocol.

enable

Enable Content Disarm and Reconstruction for this protocol.

config smtp

Parameter

Description

Type

Size

Default

options

Enable/disable SMTP AntiVirus scanning, monitoring, and quarantine.

option

-

 

Option

Description

scan

Enable SMTP antivirus scanning.

avmonitor

Enable SMTP antivirus logging.

quarantine

Enable SMTP antivirus quarantine. Files are quarantined depending on quarantine settings.

archive-block

Select the archive types to block.

option

-

 

Option

Description

encrypted

Block encrypted archives.

corrupted

Block corrupted archives.

partiallycorrupted

Block partially corrupted archives.

multipart

Block multipart archives.

nested

Block nested archives.

mailbomb

Block mail bomb archives.

fileslimit

Block exceeded archive files limit.

timeout

Block scan timeout.

unhandled

Block archives that FortiOS cannot open.

archive-log

Select the archive types to log.

option

-

 

Option

Description

encrypted

Log encrypted archives.

corrupted

Log corrupted archives.

partiallycorrupted

Log partially corrupted archives.

multipart

Log multipart archives.

nested

Log nested archives.

mailbomb

Log mail bomb archives.

fileslimit

Log exceeded archive files limit.

timeout

Log scan timeout.

unhandled

Log archives that FortiOS cannot open.

emulator

Enable/disable the virus emulator.

option

-

enable

 

Option

Description

enable

Enable the virus emulator.

disable

Disable the virus emulator.

executables

Treat Windows executable files as viruses for the purpose of blocking or monitoring.

option

-

default

 

Option

Description

default

Perform standard AntiVirus scanning of Windows executable files.

virus

Treat Windows executables as viruses.

outbreak-prevention

Enable Virus Outbreak Prevention service.

option

-

disabled

 

Option

Description

disabled

Disabled.

files

Analyze files as sent, not the content of archives.

full-archive

Analyze files including the content of archives.

content-disarm

Enable Content Disarm and Reconstruction for this protocol.

option

-

disable

 

Option

Description

disable

Disable Content Disarm and Reconstruction for this protocol.

enable

Enable Content Disarm and Reconstruction for this protocol.

config mapi

Parameter

Description

Type

Size

Default

options

Enable/disable MAPI AntiVirus scanning, monitoring, and quarantine.

option

-

 

Option

Description

scan

Enable MAPI antivirus scanning.

avmonitor

Enable MAPI antivirus logging.

quarantine

Enable MAPI antivirus quarantine. Files are quarantined depending on quarantine settings.

archive-block

Select the archive types to block.

option

-

 

Option

Description

encrypted

Block encrypted archives.

corrupted

Block corrupted archives.

partiallycorrupted

Block partially corrupted archives.

multipart

Block multipart archives.

nested

Block nested archives.