Fortinet black logo

CLI Reference

file content-disarm-reconstruct

file content-disarm-reconstruct

Attachments may contain potentially hazardous tags and attributes, such as hyperlinks and scripts. FortiMail provides the ability to remove or neutralize these hazardous contents and reconstruct the attachment files.

Syntax

config file content-disarm-reconstruct

set component-type-options {...}

set continue-sandbox-on-cdr {enable | disable}

set deferred-scan-notification-option {disarm | remove}

set deferred-scan-notification-status {enable | disable}

set deferred-scan-verdict-option {clean | high | low | malicious | medium}

set deferred-scan-verdict-status {enable | disable}

set modification-notice-option {enable | disable}

end

Variable

Description

Default

component-type-options {...}

Enter the potentially hazardous content you wish to remove or neutralize from attachment files:

  • office-action

  • office-dde

  • office-embedded-object

  • office-hyperlink

  • office-linked-object

  • office-macro

  • pdf-action-form

  • pdf-action-gotor

  • pdf-action-javascript

  • pdf-action-launch

  • pdf-action-movie

  • pdf-action-sound

  • pdf-action-uri

  • pdf-embedded-file

  • pdf-hyperlink

  • pdf-javascript

continue-sandbox-on-cdr {enable | disable}

Enable or disable continuing the FortiSandbox scan on successful content disarm and reconstruct (CDR).

Note that when FortiMail is running firmware 6.4, even on successful CDR, FortiSandbox scanning for this attachment will not be bypassed.

When FortiMail is running firmware 7.0, the FortiSandbox scan on successful content disarm is bypassed by default. Enable continue-sandbox-on-cdr if you want to allow FortiSandbox to scan the attachment upon successful CDR.

disable

deferred-scan-notification-option {disarm | remove}

Either send notification email with disarmed attachment or with the attachment removed.

disarm

deferred-scan-notification-status {enable | disable}

Enable or disable sending the notification email on deferred scan.

disable

deferred-scan-verdict-option {clean | high | low | malicious | medium}

Determine the verdict threshold option to disarm on delivery.

clean

deferred-scan-verdict-status {enable | disable}

Enable or disable disarming the attachment of deferred email by verdict threshold.

enable

modification-notice-option {enable | disable}

Enable or disable appending the CDR disclaimer "Attachment has been reconstructed" for cleaned attachments.

disable

file content-disarm-reconstruct

Attachments may contain potentially hazardous tags and attributes, such as hyperlinks and scripts. FortiMail provides the ability to remove or neutralize these hazardous contents and reconstruct the attachment files.

Syntax

config file content-disarm-reconstruct

set component-type-options {...}

set continue-sandbox-on-cdr {enable | disable}

set deferred-scan-notification-option {disarm | remove}

set deferred-scan-notification-status {enable | disable}

set deferred-scan-verdict-option {clean | high | low | malicious | medium}

set deferred-scan-verdict-status {enable | disable}

set modification-notice-option {enable | disable}

end

Variable

Description

Default

component-type-options {...}

Enter the potentially hazardous content you wish to remove or neutralize from attachment files:

  • office-action

  • office-dde

  • office-embedded-object

  • office-hyperlink

  • office-linked-object

  • office-macro

  • pdf-action-form

  • pdf-action-gotor

  • pdf-action-javascript

  • pdf-action-launch

  • pdf-action-movie

  • pdf-action-sound

  • pdf-action-uri

  • pdf-embedded-file

  • pdf-hyperlink

  • pdf-javascript

continue-sandbox-on-cdr {enable | disable}

Enable or disable continuing the FortiSandbox scan on successful content disarm and reconstruct (CDR).

Note that when FortiMail is running firmware 6.4, even on successful CDR, FortiSandbox scanning for this attachment will not be bypassed.

When FortiMail is running firmware 7.0, the FortiSandbox scan on successful content disarm is bypassed by default. Enable continue-sandbox-on-cdr if you want to allow FortiSandbox to scan the attachment upon successful CDR.

disable

deferred-scan-notification-option {disarm | remove}

Either send notification email with disarmed attachment or with the attachment removed.

disarm

deferred-scan-notification-status {enable | disable}

Enable or disable sending the notification email on deferred scan.

disable

deferred-scan-verdict-option {clean | high | low | malicious | medium}

Determine the verdict threshold option to disarm on delivery.

clean

deferred-scan-verdict-status {enable | disable}

Enable or disable disarming the attachment of deferred email by verdict threshold.

enable

modification-notice-option {enable | disable}

Enable or disable appending the CDR disclaimer "Attachment has been reconstructed" for cleaned attachments.

disable