config antivirus profile

Configure AntiVirus profiles.

Description: Configure AntiVirus profiles.

edit <name>

set comment {var-string}

set replacemsg-group {string}

set feature-set [flow|proxy]

set fortisandbox-mode [inline|analytics-suspicious|...]

set fortisandbox-max-upload {integer}

set analytics-ignore-filetype {integer}

set analytics-accept-filetype {integer}

set analytics-db [disable|enable]

set mobile-malware-db [disable|enable]

config http

Description: Configure HTTP AntiVirus options.

set av-scan [disable|block|...]

set outbreak-prevention [disable|block|...]

set external-blocklist [disable|block|...]

set fortindr [disable|block|...]

set fortisandbox [disable|block|...]

set quarantine [disable|enable]

set archive-block {option1}, {option2}, ...

set archive-log {option1}, {option2}, ...

set emulator [enable|disable]

set content-disarm [disable|enable]

end

config ftp

Description: Configure FTP AntiVirus options.

set av-scan [disable|block|...]

set outbreak-prevention [disable|block|...]

set external-blocklist [disable|block|...]

set fortindr [disable|block|...]

set fortisandbox [disable|block|...]

set quarantine [disable|enable]

set archive-block {option1}, {option2}, ...

set archive-log {option1}, {option2}, ...

set emulator [enable|disable]

end

config imap

Description: Configure IMAP AntiVirus options.

set av-scan [disable|block|...]

set outbreak-prevention [disable|block|...]

set external-blocklist [disable|block|...]

set fortindr [disable|block|...]

set fortisandbox [disable|block|...]

set quarantine [disable|enable]

set archive-block {option1}, {option2}, ...

set archive-log {option1}, {option2}, ...

set emulator [enable|disable]

set executables [default|virus]

set content-disarm [disable|enable]

end

config pop3

Description: Configure POP3 AntiVirus options.

set av-scan [disable|block|...]

set outbreak-prevention [disable|block|...]

set external-blocklist [disable|block|...]

set fortindr [disable|block|...]

set fortisandbox [disable|block|...]

set quarantine [disable|enable]

set archive-block {option1}, {option2}, ...

set archive-log {option1}, {option2}, ...

set emulator [enable|disable]

set executables [default|virus]

set content-disarm [disable|enable]

end

config smtp

Description: Configure SMTP AntiVirus options.

set av-scan [disable|block|...]

set outbreak-prevention [disable|block|...]

set external-blocklist [disable|block|...]

set fortindr [disable|block|...]

set fortisandbox [disable|block|...]

set quarantine [disable|enable]

set archive-block {option1}, {option2}, ...

set archive-log {option1}, {option2}, ...

set emulator [enable|disable]

set executables [default|virus]

set content-disarm [disable|enable]

end

config mapi

Description: Configure MAPI AntiVirus options.

set av-scan [disable|block|...]

set outbreak-prevention [disable|block|...]

set external-blocklist [disable|block|...]

set fortindr [disable|block|...]

set fortisandbox [disable|block|...]

set quarantine [disable|enable]

set archive-block {option1}, {option2}, ...

set archive-log {option1}, {option2}, ...

set emulator [enable|disable]

set executables [default|virus]

end

config nntp

Description: Configure NNTP AntiVirus options.

set av-scan [disable|block|...]

set outbreak-prevention [disable|block|...]

set external-blocklist [disable|block|...]

set fortindr [disable|block|...]

set fortisandbox [disable|block|...]

set quarantine [disable|enable]

set archive-block {option1}, {option2}, ...

set archive-log {option1}, {option2}, ...

set emulator [enable|disable]

end

config cifs

Description: Configure CIFS AntiVirus options.

set av-scan [disable|block|...]

set outbreak-prevention [disable|block|...]

set external-blocklist [disable|block|...]

set fortindr [disable|block|...]

set fortisandbox [disable|block|...]

set quarantine [disable|enable]

set archive-block {option1}, {option2}, ...

set archive-log {option1}, {option2}, ...

set emulator [enable|disable]

end

config ssh

Description: Configure SFTP and SCP AntiVirus options.

set av-scan [disable|block|...]

set outbreak-prevention [disable|block|...]

set external-blocklist [disable|block|...]

set fortindr [disable|block|...]

set fortisandbox [disable|block|...]

set quarantine [disable|enable]

set archive-block {option1}, {option2}, ...

set archive-log {option1}, {option2}, ...

set emulator [enable|disable]

end

config nac-quar

Description: Configure AntiVirus quarantine settings.

set infected [none|quar-src-ip]

set expiry {user}

set log [enable|disable]

end

config content-disarm

Description: AV Content Disarm and Reconstruction settings.

set original-file-destination [fortisandbox|quarantine|...]

set error-action [block|log-only|...]

set office-macro [disable|enable]

set office-hylink [disable|enable]

set office-linked [disable|enable]

set office-embed [disable|enable]

set office-dde [disable|enable]

set office-action [disable|enable]

set pdf-javacode [disable|enable]

set pdf-embedfile [disable|enable]

set pdf-hyperlink [disable|enable]

set pdf-act-gotor [disable|enable]

set pdf-act-launch [disable|enable]

set pdf-act-sound [disable|enable]

set pdf-act-movie [disable|enable]

set pdf-act-java [disable|enable]

set pdf-act-form [disable|enable]

set cover-page [disable|enable]

set detect-only [disable|enable]

end

set outbreak-prevention-archive-scan [disable|enable]

set external-blocklist-enable-all [disable|enable]

set external-blocklist <name1>, <name2>, ...

set ems-threat-feed [disable|enable]

set fortindr-error-action [log-only|block|...]

set fortindr-timeout-action [log-only|block|...]

set fortisandbox-error-action [log-only|block|...]

set fortisandbox-timeout-action [log-only|block|...]

set av-virus-log [enable|disable]

set av-block-log [enable|disable]

set extended-log [enable|disable]

set scan-mode [default|legacy]

end

config antivirus profile

Parameter

Description

Type

Size

Default

comment

Comment.

var-string

Maximum length: 255

replacemsg-group

Replacement message group customized for this profile.

string

Maximum length: 35

feature-set

Flow/proxy feature set.

option

flow

Option	Description
flow	Flow feature set.
proxy	Proxy feature set.

fortisandbox-mode

FortiSandbox scan modes.

option

analytics-everything

Option	Description
inline	FortiSandbox inline scan.
analytics-suspicious	FortiSandbox post-transfer scan: submit supported files if heuristics or other methods determine they are suspicious.
analytics-everything	FortiSandbox post-transfer scan: submit supported files and known infected files.

fortisandbox-max-upload

Maximum size of files that can be uploaded to FortiSandbox.

integer

Minimum value: 1 Maximum value: 383 **

analytics-ignore-filetype

Do not submit files matching this DLP file-pattern to FortiSandbox (post-transfer scan only).

integer

Minimum value: 0 Maximum value: 4294967295

analytics-accept-filetype

Only submit files matching this DLP file-pattern to FortiSandbox (post-transfer scan only).

integer

Minimum value: 0 Maximum value: 4294967295

analytics-db

Enable/disable using the FortiSandbox signature database to supplement the AV signature databases.

option

disable

Option	Description
disable	Use only the standard AV signature databases.
enable	Also use the FortiSandbox signature database.

mobile-malware-db

Enable/disable using the mobile malware signature database.

option

enable

Option	Description
disable	Do not use the mobile malware signature database.
enable	Also use the mobile malware signature database.

outbreak-prevention-archive-scan

Enable/disable outbreak-prevention archive scanning.

option

enable

Option	Description
disable	Analyze files as sent, not the content of archives.
enable	Analyze files including the content of archives.

external-blocklist-enable-all

Enable/disable all external blocklists.

option

disable

Option	Description
disable	Use configured external blocklists.
enable	Enable all external blocklists.

external-blocklist <name>

One or more external malware block lists.

External blocklist.

string

Maximum length: 79

ems-threat-feed

Enable/disable use of EMS threat feed when performing AntiVirus scan. Analyzes files including the content of archives.

option

disable

Option	Description
disable	Disable use of EMS threat feed when performing AntiVirus scan.
enable	Enable use of EMS threat feed when performing AntiVirus scan.

fortindr-error-action

Action to take if FortiNDR encounters an error.

option

log-only

Option	Description
log-only	Log FortiNDR error, but allow the file.
block	Block the file on FortiNDR error.
ignore	Do nothing on FortiNDR error.

fortindr-timeout-action

Action to take if FortiNDR encounters a scan timeout.

option

log-only

Option	Description
log-only	Log FortiNDR scan timeout, but allow the file.
block	Block the file on FortiNDR scan timeout.
ignore	Do nothing on FortiNDR scan timeout.

fortisandbox-error-action

Action to take if FortiSandbox inline scan encounters an error.

option

log-only

Option	Description
log-only	Log FortiSandbox inline scan error, but allow the file.
block	Block the file on FortiSandbox inline scan error.
ignore	Do nothing on FortiSandbox inline scan error.

fortisandbox-timeout-action

Action to take if FortiSandbox inline scan encounters a scan timeout.

option

log-only

Option	Description
log-only	Log FortiSandbox inline scan timeout, but allow the file.
block	Block the file on FortiSandbox inline scan timeout.
ignore	Do nothing on FortiSandbox inline scan timeout.

av-virus-log

Enable/disable AntiVirus logging.

option

enable

Option	Description
enable	Enable setting.
disable	Disable setting.

av-block-log

Enable/disable logging for AntiVirus file blocking.

option

enable

Option	Description
enable	Enable setting.
disable	Disable setting.

extended-log

Enable/disable extended logging for antivirus.

option

disable

Option	Description
enable	Enable setting.
disable	Disable setting.

scan-mode

Configure scan mode .

option

default

Option	Description
default	On the fly decompression and scanning of certain archive files.
legacy	Scan archive files only after the entire file is received.

** Values may differ between models.

config http

Parameter

Description

Type

Size

Default

av-scan

Enable AntiVirus scan service.

option

disable

Option	Description
disable	Disable.
block	Block the virus infected files.
monitor	Log the virus infected files.

outbreak-prevention

Enable virus outbreak prevention service.

option

disable

Option	Description
disable	Disable.
block	Block the matched files.
monitor	Log the matched files.

external-blocklist

Enable external-blocklist. Analyzes files including the content of archives.

option

disable

Option	Description
disable	Disable.
block	Block the matched files.
monitor	Log the matched files.

fortindr

Enable scanning of files by FortiNDR.

option

disable

Option	Description
disable	Disable.
block	Block the FortiNDR detected infections.
monitor	Log the FortiNDR detected infections.

fortisandbox

Enable scanning of files by FortiSandbox.

option

disable

Option	Description
disable	Disable.
block	Block the FortiSandbox detected infections.
monitor	Log the FortiSandbox detected infections.

quarantine

Enable/disable quarantine for infected files.

option

disable

Option	Description
disable	Disable quarantine for infected files.
enable	Enable quarantine for infected files.

archive-block

Select the archive types to block.

option

Option	Description
encrypted	Block encrypted archives.
corrupted	Block corrupted archives.
partiallycorrupted	Block partially corrupted archives.
multipart	Block multipart archives.
nested	Block nested archives that exceed uncompressed nest limit.
mailbomb	Block mail bomb archives.
timeout	Block scan timeout.
unhandled	Block archives that FortiOS cannot open.

archive-log

Select the archive types to log.

option

Option	Description
encrypted	Log encrypted archives.
corrupted	Log corrupted archives.
partiallycorrupted	Log partially corrupted archives.
multipart	Log multipart archives.
nested	Log nested archives that exceed uncompressed nest limit.
mailbomb	Log mail bomb archives.
timeout	Log scan timeout.
unhandled	Log archives that FortiOS cannot open.

emulator

Enable/disable the virus emulator.

option

enable

Option	Description
enable	Enable the virus emulator.
disable	Disable the virus emulator.

content-disarm

Enable/disable Content Disarm and Reconstruction when performing AntiVirus scan.

option

disable

Option	Description
disable	Disable Content Disarm and Reconstruction when performing AntiVirus scan.
enable	Enable Content Disarm and Reconstruction when performing AntiVirus scan.

config ftp

Parameter

Description

Type

Size

Default

av-scan

Enable AntiVirus scan service.

option

disable

Option	Description
disable	Disable.
block	Block the virus infected files.
monitor	Log the virus infected files.

outbreak-prevention

Enable virus outbreak prevention service.

option

disable

Option	Description
disable	Disable.
block	Block the matched files.
monitor	Log the matched files.

external-blocklist

Enable external-blocklist. Analyzes files including the content of archives.

option

disable

Option	Description
disable	Disable.
block	Block the matched files.
monitor	Log the matched files.

fortindr

Enable scanning of files by FortiNDR.

option

disable

Option	Description
disable	Disable.
block	Block the FortiNDR detected infections.
monitor	Log the FortiNDR detected infections.

fortisandbox

Enable scanning of files by FortiSandbox.

option

disable

Option	Description

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Table of Contents

CLI Reference

config antivirus profile

config antivirus profile

config http

config ftp