Fortinet black logo

Administration Guide

Adding file signatures

Adding file signatures

If you already have the SHA-1/SHA-256 (Secure Hash Algorithm) hash values of some known virus-infected files, you can add these values as file signatures and then, in the antivirus profile, enable the actions against these files. See Configuring antivirus profiles and antivirus action profiles.

You can manually add the SHA-1/256 checksums one by one. You can also import such a checksum list in csv or txt format. The signatures can be exported as a csv file.

Because not all attachment files are virus carriers, FortiMail file signature check only supports the following file types: .7z, .bat, .cab, .dll, .doc, .docm, .dotm, exe, .gz, .hta, .inf, .jar, .js, .jse, .msi, .msp, pdf, .pif, .potm, .ppam, .ppsm, .ppt, .pptm, .pptx, .reg, .scr, .sldm, .swf, .tar, .vbe, .ws, .wsc, .wsf, .wsh, .xlam, .xls, .xlsm, .xlsx, .xltm, .Z, and .zip files.

To add a new file signature
  1. Go to Security > Other > File Signature and click New.
  2. Enter a name fo the signature group.
  3. Select either SHA-1 or SHA-256.
  4. Under File Signature List, click New and then enter the checksum value.
  5. Click OK and then Create.
To import a signature list in cvs format
  1. Go to Security > Other > File Signature and select a signature profile and click Import.
  2. Browse to the cvs file and click OK. The cvs file must contain the hash values, and the type must be SHA1 or SHA256. The list will be imported into the profile.
To export the file signatures
  1. Go to Security > Other > File Signature. Select a signature profile and click Export.
  2. Click Save File to save the file in cvs format to your local machine.

Adding file signatures

If you already have the SHA-1/SHA-256 (Secure Hash Algorithm) hash values of some known virus-infected files, you can add these values as file signatures and then, in the antivirus profile, enable the actions against these files. See Configuring antivirus profiles and antivirus action profiles.

You can manually add the SHA-1/256 checksums one by one. You can also import such a checksum list in csv or txt format. The signatures can be exported as a csv file.

Because not all attachment files are virus carriers, FortiMail file signature check only supports the following file types: .7z, .bat, .cab, .dll, .doc, .docm, .dotm, exe, .gz, .hta, .inf, .jar, .js, .jse, .msi, .msp, pdf, .pif, .potm, .ppam, .ppsm, .ppt, .pptm, .pptx, .reg, .scr, .sldm, .swf, .tar, .vbe, .ws, .wsc, .wsf, .wsh, .xlam, .xls, .xlsm, .xlsx, .xltm, .Z, and .zip files.

To add a new file signature
  1. Go to Security > Other > File Signature and click New.
  2. Enter a name fo the signature group.
  3. Select either SHA-1 or SHA-256.
  4. Under File Signature List, click New and then enter the checksum value.
  5. Click OK and then Create.
To import a signature list in cvs format
  1. Go to Security > Other > File Signature and select a signature profile and click Import.
  2. Browse to the cvs file and click OK. The cvs file must contain the hash values, and the type must be SHA1 or SHA256. The list will be imported into the profile.
To export the file signatures
  1. Go to Security > Other > File Signature. Select a signature profile and click Export.
  2. Click Save File to save the file in cvs format to your local machine.