Fortinet black logo

CLI Reference

profile dictionary

profile dictionary

Use this command to configure dictionary profiles.

Unlike banned words, dictionary terms are UTF-8 encoded, and may include characters other than US-ASCII characters, such as é or ñ.

Dictionary profiles can be grouped or used individually by antispam or content profiles to detect spam, banned content, or content that requires encryption to be applied.

Syntax

config profile dictionary

edit <profile_name>

config item

edit <item_int>

set pattern <pattern_str>

set pattern-comments <comment_str>

set pattern-type {ABAROUTING | CANSIN | CUSIP | CreditCard | ISIN | USSSN | regex | wildcard}

set pattern-weight <weight_int>

set pattern-scan-area {header | body}

set pattern-status {enable | disable}

set pattern-max-weight <weight_int>

set pattern-max-limit {enable | disable}

end

Variable

Description

Default

<profile_name>

Enter the name of the profile.

<item_int>

Enter the index number for the pattern entry where you can add a word or phrase to the dictionary.

pattern <pattern_str>

For a predefined pattern, enter a value to change the predefined pattern name.

For a use-defined pattern, enter a word or phrase that you want the dictionary to match, expressed either verbatim, with wild cards, or as a regular expression.

Regular expressions do not require slash (/) boundaries. For example, enter:

v[i1]agr?a

Matches are case insensitive and can occur over multiple lines as if the word were on a single line (that is, Perl-style match modifier options i and s are in effect).

The FortiMail unit will convert the encoding and character set into UTF‑8, the same encoding in which dictionary patterns are stored, before evaluating an email for a match with the pattern. Because of this, your pattern must match the UTF‑8 string, not the originally encoded string. For example, if the original encoded string is:

=?iso-8859-1?B?U2UgdHJhdGEgZGVsIHNwYW0uCg==?=

the pattern must match:

Se trata del spam.

Entering the pattern *iso-8859-1* would not match.

pattern-comments <comment_str>

Enter any description for the pattern.

pattern-type {ABAROUTING | CANSIN | CUSIP | CreditCard | ISIN | USSSN | regex | wildcard}

Enter ABAROUTING, CANSIN, CUSIP, CreditCard, ISIN, or USSSN for predefined patterns.

ABAROUTING: A routing transit number (RTN) is a nine digit bank code, used in the United States, which appears on the bottom of negotiable instruments such as checks identifying the financial institution on which it was drawn.

CANSIN: Canadian Social Insurance Number. The format is three groups of three digits, such as 649 242 666.

CUSIP: CUSIP typically refers to both the Committee on Uniform Security Identification Procedures and the 9-character alphanumeric security identifiers that they distribute for all North American securities for the purposes of facilitating clearing and settlement of trades.

CreditCard: Major credit card number formats.

ISIN: An International Securities Identification Number (ISIN) uniquely identifies a security. Securities for which ISINs are issued include bonds, commercial paper, equities and warrants. The ISIN code is a 12-character alpha-numerical code that does not contain information characterizing financial instruments but serves for uniform identification of a security at trading and settlement.

USSSN: United States Social Security number. The format is a nine digit number, such as 078051111.

For user-defined patterns, enter either:

wildcard: Pattern is verbatim or uses only simple wild cards (? or *).

regex: Pattern is a Perl-style regular expression.

regex

pattern-weight <weight_int>

Enter a number by which an email’s dictionary match score will be incremented for each word or phrase it contains that matches this pattern.

The dictionary match score may be used by content monitor profiles to determine whether or not to apply the content action.

1

pattern-scan-area {header | body}

Enter header to match occurrences of the pattern when it is located in an email’s message headers, including the subject line, or body to match occurrences of the pattern when it is located in an email’s message body.

pattern-status {enable | disable}

Enable or disable a pattern in a profile.

disable

pattern-max-weight <weight_int>

Enter the maximum by which matches of this pattern can contribute to an email’s dictionary match score.

1

pattern-max-limit {enable | disable}

Enable if the pattern must not be able to increase an email’s dictionary match score more than the amount configured in pattern-max-weight <weight_int>.

disable

Related topics

profile dictionary-group

profile dictionary

Use this command to configure dictionary profiles.

Unlike banned words, dictionary terms are UTF-8 encoded, and may include characters other than US-ASCII characters, such as é or ñ.

Dictionary profiles can be grouped or used individually by antispam or content profiles to detect spam, banned content, or content that requires encryption to be applied.

Syntax

config profile dictionary

edit <profile_name>

config item

edit <item_int>

set pattern <pattern_str>

set pattern-comments <comment_str>

set pattern-type {ABAROUTING | CANSIN | CUSIP | CreditCard | ISIN | USSSN | regex | wildcard}

set pattern-weight <weight_int>

set pattern-scan-area {header | body}

set pattern-status {enable | disable}

set pattern-max-weight <weight_int>

set pattern-max-limit {enable | disable}

end

Variable

Description

Default

<profile_name>

Enter the name of the profile.

<item_int>

Enter the index number for the pattern entry where you can add a word or phrase to the dictionary.

pattern <pattern_str>

For a predefined pattern, enter a value to change the predefined pattern name.

For a use-defined pattern, enter a word or phrase that you want the dictionary to match, expressed either verbatim, with wild cards, or as a regular expression.

Regular expressions do not require slash (/) boundaries. For example, enter:

v[i1]agr?a

Matches are case insensitive and can occur over multiple lines as if the word were on a single line (that is, Perl-style match modifier options i and s are in effect).

The FortiMail unit will convert the encoding and character set into UTF‑8, the same encoding in which dictionary patterns are stored, before evaluating an email for a match with the pattern. Because of this, your pattern must match the UTF‑8 string, not the originally encoded string. For example, if the original encoded string is:

=?iso-8859-1?B?U2UgdHJhdGEgZGVsIHNwYW0uCg==?=

the pattern must match:

Se trata del spam.

Entering the pattern *iso-8859-1* would not match.

pattern-comments <comment_str>

Enter any description for the pattern.

pattern-type {ABAROUTING | CANSIN | CUSIP | CreditCard | ISIN | USSSN | regex | wildcard}

Enter ABAROUTING, CANSIN, CUSIP, CreditCard, ISIN, or USSSN for predefined patterns.

ABAROUTING: A routing transit number (RTN) is a nine digit bank code, used in the United States, which appears on the bottom of negotiable instruments such as checks identifying the financial institution on which it was drawn.

CANSIN: Canadian Social Insurance Number. The format is three groups of three digits, such as 649 242 666.

CUSIP: CUSIP typically refers to both the Committee on Uniform Security Identification Procedures and the 9-character alphanumeric security identifiers that they distribute for all North American securities for the purposes of facilitating clearing and settlement of trades.

CreditCard: Major credit card number formats.

ISIN: An International Securities Identification Number (ISIN) uniquely identifies a security. Securities for which ISINs are issued include bonds, commercial paper, equities and warrants. The ISIN code is a 12-character alpha-numerical code that does not contain information characterizing financial instruments but serves for uniform identification of a security at trading and settlement.

USSSN: United States Social Security number. The format is a nine digit number, such as 078051111.

For user-defined patterns, enter either:

wildcard: Pattern is verbatim or uses only simple wild cards (? or *).

regex: Pattern is a Perl-style regular expression.

regex

pattern-weight <weight_int>

Enter a number by which an email’s dictionary match score will be incremented for each word or phrase it contains that matches this pattern.

The dictionary match score may be used by content monitor profiles to determine whether or not to apply the content action.

1

pattern-scan-area {header | body}

Enter header to match occurrences of the pattern when it is located in an email’s message headers, including the subject line, or body to match occurrences of the pattern when it is located in an email’s message body.

pattern-status {enable | disable}

Enable or disable a pattern in a profile.

disable

pattern-max-weight <weight_int>

Enter the maximum by which matches of this pattern can contribute to an email’s dictionary match score.

1

pattern-max-limit {enable | disable}

Enable if the pattern must not be able to increase an email’s dictionary match score more than the amount configured in pattern-max-weight <weight_int>.

disable

Related topics

profile dictionary-group