Fortinet white logo
Fortinet white logo

CLI Reference

system fortisandbox

system fortisandbox

The FortiSandbox unit is used for automated sample tracking, or sandboxing. You can send suspicious email attachments to FortiSandbox for inspection when you configure antivirus profiles. If the file exhibits risky behavior, or is found to contain a virus, the result will be sent back to FortiMail and a new virus signature is created and added to the FortiGuard antivirus signature database. For more information about FortiSandbox, please visit Fortinet’s web site at https://www.fortinet.com.

Syntax

config system fortisandbox

config file-pattern

edit <table_value>

set pattern <string>

end

config file-types

edit {adobe-flash | archive | html | jar | javascript | pdf | msoffice-document | windows-executable}

set status {enable | disable}

end

set admin-email <email_str>

set host <hostname_or_ip>

set max-file-size <integer_value>

set max-file-size-status {enable | disable}

set max-uri-per-email

set scan-exception-as {clean | malicious | high-risk | medium-risk | low-risk}

set scan-mode {scan-and-wait | scan-only}

set scan-order {antispam-content-sandbox | antispam-sandbox-content | sandbox-antispam-content}

set scan-result-retention

set scan-timeout

set service-type {appliance | cloud | cloud-enhanced}

set statistics-interval <minutes>

set status {enable | disable}

set uri-scan-category

set uri-scan-email-selection

set uri-scan-on-rating-error {enable | disable}

end

Variable

Description

Default

file-pattern

Enter the file patterns to upload to FortiSandbox

<table_value>

Enter the item number to edit.

pattern <string>

Enter the pattern value.

file-types

Enter the file types to upload to FortiSandbox for scanning.

edit <file_types>

Enter the desired attachment type to include in the FortiSandbox unit’s scanning.

status {enable | disable}

Enable or disable the selected file type from the FortiSanbox unit’s scanning.

admin-email <email_str>

Enter the administrator’s email address to receive reports and notifications.

max-file-size <integer_value>

Enter the maximum size in kilobytes for files uploaded to FortiSandbox.

max-file-size-status {enable | disable}

Enable or disable the maximum size for files uploaded to FortiSandbox.

host <hostname_or_ip>

Enter the host name or IP address of the FortiSandbox.

max-uri-per-email

Maximum number of URIs per email to be scanned. Range between 1-12.

3

scan-exception-as {clean | malicious | high-risk | medium-risk | low-risk}

Specify different actions to take when FortiSandbox returns a scan exception. The corresponding actions are listed under the FortiSandbox settings in the antivirus profiles.

clean

scan-mode {scan-and-wait | scan-only}

scan-and-wait means to submit the suspicious email to FortiSandbox and wait for the results.

scan-only means just to submit the suspicious email without waiting for the results.

scan-and-wait

scan-order {antispam-content-sandbox | antispam-sandbox-content | sandbox-antispam-content}

Set the order of scanners. Sending files to FortiSandbox usually takes more bandwidth and thus it is better to use is as the last resort.

antispam-content-sandbox

scan-result-retention

Scan result retention period in minutes (0 means no retention).

60

scan-timeout

Timeout value before discarding unfinished scan tasks.

30

service-type {appliance | cloud | cloud-enhanced}

Use either FortiSandbox appliance, FortiSandbox regular cloud service, or FortiSandbox enhanced cloud service.

The enhanced cloud service provides a dedicated service for faster performance.

appliance

statistics-interval <minutes>

Specify how long in minutes FortiMail should wait to retrieve some high level statistics from FortiSandbox. The statistics include how much malware is detected and how many files are clean among all the files submitted.

Set the value between 1 to 30.

5

status {enable | disable}

Either enable or disable the usage of the unit.

disable

uri-scan-category

Category of the URI to be scanned:

  • Security-Risk
  • all
  • default
  • phishing
  • unrated

unrated

uri-scan-email-selection

Selection of email for URI scan.

uri-scan-on-rating-error {enable | disable}

Sometimes, FortiMail may not be able to get results from the FortiGuard queries (for example, ratings errors due to network connection failures). In this case, you can choose whether to upload the those URIs to FortiSandbox for scanning. Choosing not to upload those URIs may help improving the FortiSandbox performance.

disable

system fortisandbox

system fortisandbox

The FortiSandbox unit is used for automated sample tracking, or sandboxing. You can send suspicious email attachments to FortiSandbox for inspection when you configure antivirus profiles. If the file exhibits risky behavior, or is found to contain a virus, the result will be sent back to FortiMail and a new virus signature is created and added to the FortiGuard antivirus signature database. For more information about FortiSandbox, please visit Fortinet’s web site at https://www.fortinet.com.

Syntax

config system fortisandbox

config file-pattern

edit <table_value>

set pattern <string>

end

config file-types

edit {adobe-flash | archive | html | jar | javascript | pdf | msoffice-document | windows-executable}

set status {enable | disable}

end

set admin-email <email_str>

set host <hostname_or_ip>

set max-file-size <integer_value>

set max-file-size-status {enable | disable}

set max-uri-per-email

set scan-exception-as {clean | malicious | high-risk | medium-risk | low-risk}

set scan-mode {scan-and-wait | scan-only}

set scan-order {antispam-content-sandbox | antispam-sandbox-content | sandbox-antispam-content}

set scan-result-retention

set scan-timeout

set service-type {appliance | cloud | cloud-enhanced}

set statistics-interval <minutes>

set status {enable | disable}

set uri-scan-category

set uri-scan-email-selection

set uri-scan-on-rating-error {enable | disable}

end

Variable

Description

Default

file-pattern

Enter the file patterns to upload to FortiSandbox

<table_value>

Enter the item number to edit.

pattern <string>

Enter the pattern value.

file-types

Enter the file types to upload to FortiSandbox for scanning.

edit <file_types>

Enter the desired attachment type to include in the FortiSandbox unit’s scanning.

status {enable | disable}

Enable or disable the selected file type from the FortiSanbox unit’s scanning.

admin-email <email_str>

Enter the administrator’s email address to receive reports and notifications.

max-file-size <integer_value>

Enter the maximum size in kilobytes for files uploaded to FortiSandbox.

max-file-size-status {enable | disable}

Enable or disable the maximum size for files uploaded to FortiSandbox.

host <hostname_or_ip>

Enter the host name or IP address of the FortiSandbox.

max-uri-per-email

Maximum number of URIs per email to be scanned. Range between 1-12.

3

scan-exception-as {clean | malicious | high-risk | medium-risk | low-risk}

Specify different actions to take when FortiSandbox returns a scan exception. The corresponding actions are listed under the FortiSandbox settings in the antivirus profiles.

clean

scan-mode {scan-and-wait | scan-only}

scan-and-wait means to submit the suspicious email to FortiSandbox and wait for the results.

scan-only means just to submit the suspicious email without waiting for the results.

scan-and-wait

scan-order {antispam-content-sandbox | antispam-sandbox-content | sandbox-antispam-content}

Set the order of scanners. Sending files to FortiSandbox usually takes more bandwidth and thus it is better to use is as the last resort.

antispam-content-sandbox

scan-result-retention

Scan result retention period in minutes (0 means no retention).

60

scan-timeout

Timeout value before discarding unfinished scan tasks.

30

service-type {appliance | cloud | cloud-enhanced}

Use either FortiSandbox appliance, FortiSandbox regular cloud service, or FortiSandbox enhanced cloud service.

The enhanced cloud service provides a dedicated service for faster performance.

appliance

statistics-interval <minutes>

Specify how long in minutes FortiMail should wait to retrieve some high level statistics from FortiSandbox. The statistics include how much malware is detected and how many files are clean among all the files submitted.

Set the value between 1 to 30.

5

status {enable | disable}

Either enable or disable the usage of the unit.

disable

uri-scan-category

Category of the URI to be scanned:

  • Security-Risk
  • all
  • default
  • phishing
  • unrated

unrated

uri-scan-email-selection

Selection of email for URI scan.

uri-scan-on-rating-error {enable | disable}

Sometimes, FortiMail may not be able to get results from the FortiGuard queries (for example, ratings errors due to network connection failures). In this case, you can choose whether to upload the those URIs to FortiSandbox for scanning. Choosing not to upload those URIs may help improving the FortiSandbox performance.

disable