profile antivirus
Use this command to create antivirus profiles that you can select in a policy in order to scan email for viruses.
The FortiMail unit scans email header, body, and attachments (including compressed files, such as ZIP, PKZIP, LHA, ARJ, and RAR files) for virus infections. If the FortiMail unit detects a virus, it will take actions as you define in the antivirus action profiles.
Syntax
config profile antivirus
edit <profile_name>
set action-default { predefined_av_discard | predefined_av_reject}
set action-heuristic {predefined_av_discard | predefined_av_reject}
set action-sandbox-high <action>
set action-sandbox-low <action>
set action-sandbox-medium <action>
set action-sandbox-noresult <action>
set action-sandbox-uri-high <action>
set action-sandbox-uri-low <action>
set action-sandbox-uri-medium <action>
set action-sandbox-uri-noresult <action>
set action-sandbox-uri-virus <action>
set action-sandbox-virus <action>
set file-signature-check {enable | disable}
set grayware-scan {enable | disable}
set heuristic {enable | disable}
set malware-outbreak-protection {enable | disable}
set sandbox-analysis {enable | disable}
set sandbox-analysis-uri{enable | disable}
set sandbox-scan-mode {submit-and-wait | submit-only}
set scanner {enable | disable}
end
Variable |
Description |
Default |
Enter the name of the profile. To view a list of existing entries, enter a question mark ( |
|
|
action-default |
Type a predefined antivirus action. predefined_av_discard: Accept infected email, but then delete it instead of delivering the email, without notifying the SMTP client. predefined_av_reject: Reject infected email and reply to the SMTP client with SMTP reply code 550. |
|
Type a predefined scan for file signature action. predefined_av_discard: predefined_av_reject: |
|
|
action-heuristic {predefined_av_discard | predefined_av_reject} |
Type a predefined heuristic scanning action on infected email. predefined_av_discard: Accept email suspected to be infected, but then delete it instead of delivering the email, without notifying the SMTP client. predefined_av_reject: Reject email suspected to be infected, and reply to the SMTP client with SMTP reply code 550. |
|
Type to determine the action to take if the FortiSandbox analysis determines that the email message has an outbreak. |
|
|
Type to determine the action to take if the FortiSandbox attachment analysis determines that the email messages have high probability of viruses or other threat qualities. |
default |
|
Type to determine the action to take if the FortiSandbox attachment analysis determines that the email messages have low probability of viruses or other threat qualities. |
default |
|
Type to determine the action to take if the FortiSandbox attachment analysis determines that the email messages have medium probability of viruses or other threat qualities. |
default |
|
Type to determine the action to take if the FortiSandbox attachment analysis determines that the email messages definitely have viruses or other threat qualities. |
default |
|
action-sandbox-noresult <action> |
Type to determine the action to take if the FortiSandbox attachment analysis returns no results. |
None |
Type to determine the action to take if the FortiSandbox URI analysis determines that the email messages have high probability of viruses or other threat qualities. |
default |
|
Type to determine the action to take if the FortiSandbox URI analysis determines that the email messages have low probability of viruses or other threat qualities. |
default |
|
Type to determine the action to take if the FortiSandbox URI determines that the email messages have medium probability of viruses or other threat qualities. |
default |
|
Type to determine the action to take if the FortiSandbox URI analysis determines that the email messages definitely have viruses or other threat qualities. |
default |
|
action-sandbox-uri-noresult <action> |
Type to determine the action to take if the FortiSandbox URI analysis returns no results. |
None |
Enable to scan for file signatures. |
disable |
|
Enable to scan for grayware as well when performing antivirus scanning. |
enable |
|
Enable to use heuristics when performing antivirus scanning. |
enable |
|
Instead of using virus signatures, malware outbreak protection uses data analytics from the FortiGuard Service. For example, if a threshold volume of previously unknown attachments are being sent from known malicious sources, they are treated as suspicious viruses. This feature can help quickly identify new threats. Because the infected email is treated as virus, the virus replacement message will be used, if the replacement action is triggered. |
|
|
Enable to send suspicious email attachments to FortiSandbox for inspection. For details about FortiSandbox, see system fortisandbox. |
disable |
|
Enable or disable sending suspicious attachment content to FortiSandbox for analysis. |
disable |
|
Edits how the email is handled by the FortiSandbox |
submit-and-wait |
|
disable |