Fortinet black logo

CLI Reference

system fortiguard antivirus

system fortiguard antivirus

Use this command to configure how the FortiMail unit will retrieve the most recent updates to FortiGuard Antivirus engines, antivirus definitions, and antispam definitions (the heuristic antispam rules only). FortiMail can get antivirus updates either directly from a Fortinet Distribution Network (FDN) server or via a web proxy.

Syntax

config system fortiguard antivirus

set override-server-address <virtual‑ip_ipv4>

set override-server-status {enable | disable}

set push-update-override-address <virtual-ip_ipv4>

set push-update-override-port <port_int>

set push-update-override-status {enable | disable}

set push-update-status {enable | disable}

set scheduled-update-day <day_int>

set scheduled-update-frequency {daily | every | weekly}

set scheduled-update-status {enable | disable}

set scheduled-update-time <time_str>

set tunneling-address <host_ipv4>

set tunneling-password <password_str>

set <document id>

set tunneling-status {enable | disable}

set tunneling-username <username_str>

set virus-db {default | extended | extreme}

set virus-outbreak {diable | enable | enable-with-defer}

set virus-outbreak-protection-period <minutes>

end

Variable

Description

Default

override-server-address <virtual‑ip_ipv4>

If override-server-status is enable, enter the IP address of the public or private FortiGuard Distribution Server (FDS) that overrides the default FDS to which the FortiMail unit connects for updates.

override-server-status {enable | disable}

Enable to override the default FDS to which the FortiMail unit connects for updates.

disable

push-update-override-address <virtual-ip_ipv4>

If push-update-override-status is enable, enter the public IP address that will forward push updates to the FortiMail unit. Usually, this is a virtual IP address on the external interface of a NAT device such as a firewall or router.

push-update-override-port <port_int>

If push-update-override-status is enable, enter the port number that will forward push updates to UDP port 9443 the FortiMail unit. Usually, this is a port forward on the external interface of a NAT device such as a firewall or router.

push-update-override-status {enable | disable}

Enable to override the default IP.

disable

push-update-status {enable | disable}

Enable to allow the FortiMail unit to receive notifications of available updates, which trigger it to download FortiGuard Antivirus packages from the FDN.

disable

scheduled-update-day <day_int>

Enter the day of the week at which the FortiMail unit will request updates where the range is from 0-6 and 0 means Sunday and 6 means Saturday.

scheduled-update-frequency {daily | every | weekly}

Enter the frequency at which the FortiMail unit will request updates. Also configure scheduled-update-day <day_int> and scheduled-update-time <time_str>.

weekly

scheduled-update-status {enable | disable}

Enable to perform updates according to a schedule.

enable

scheduled-update-time <time_str>

Enter the time of the day at which the FortiMail unit will request updates, in the format hh:mm, where hh is the number of hours and mm is the number of minutes after the hour in 15 minute intervals.

01:00

tunneling-address <host_ipv4>

If tunneling-status is enable, enter the IP address of the web proxy.

tunneling-password <password_str>

If tunneling-status is enable, enter the password of the account on the web proxy.

tunneling-port <port_int>

If tunneling-status is enable, enter the TCP port number on which the web proxy listens.

tunneling-status {enable | disable}

Enable to tunnel update requests through a web proxy.

disable

tunneling-username <username_str>

If tunneling-status is enable, enter the user name of the FortiMail unit’s account on the web proxy.

virus-db {default | extended | extreme}

Depending on your models, FortiMail supports three types of antivirus databases:

  • Default: The default FortiMail virus database contains most commonly seen viruses and should be sufficient enough for regular antivirus protection.
  • Extended: Some high-end FortiMail models support the usage of an extended virus database, which contains viruses that are not active any more.
  • Extreme: Some high-end models also support the usage of an extreme virus database, which contains more virus signatures than the default and extended databases.

default

virus-outbreak {diable | enable | enable-with-defer}

When a virus outbreak occurs, the FortiGuard antivirus database may need some time to get updated. Therefore, you can choose to defer the delivery of the suspicious email messages and scan them for the second time:

  • Disable: Do not query FortiGuard antivirus service.
  • Enable: Query FortiGuard antivirus service.
  • Enable with Defer: If the first query returns no results, defer the email for the specified time and do the second query.

enable-
with-defer

virus-outbreak-protection-period <minutes>

If you specify Enable with Defer in the above field, specify how many minutes later a second query will be done.

20

Related topics

system fortiguard antispam

update

system fortiguard antivirus

Use this command to configure how the FortiMail unit will retrieve the most recent updates to FortiGuard Antivirus engines, antivirus definitions, and antispam definitions (the heuristic antispam rules only). FortiMail can get antivirus updates either directly from a Fortinet Distribution Network (FDN) server or via a web proxy.

Syntax

config system fortiguard antivirus

set override-server-address <virtual‑ip_ipv4>

set override-server-status {enable | disable}

set push-update-override-address <virtual-ip_ipv4>

set push-update-override-port <port_int>

set push-update-override-status {enable | disable}

set push-update-status {enable | disable}

set scheduled-update-day <day_int>

set scheduled-update-frequency {daily | every | weekly}

set scheduled-update-status {enable | disable}

set scheduled-update-time <time_str>

set tunneling-address <host_ipv4>

set tunneling-password <password_str>

set <document id>

set tunneling-status {enable | disable}

set tunneling-username <username_str>

set virus-db {default | extended | extreme}

set virus-outbreak {diable | enable | enable-with-defer}

set virus-outbreak-protection-period <minutes>

end

Variable

Description

Default

override-server-address <virtual‑ip_ipv4>

If override-server-status is enable, enter the IP address of the public or private FortiGuard Distribution Server (FDS) that overrides the default FDS to which the FortiMail unit connects for updates.

override-server-status {enable | disable}

Enable to override the default FDS to which the FortiMail unit connects for updates.

disable

push-update-override-address <virtual-ip_ipv4>

If push-update-override-status is enable, enter the public IP address that will forward push updates to the FortiMail unit. Usually, this is a virtual IP address on the external interface of a NAT device such as a firewall or router.

push-update-override-port <port_int>

If push-update-override-status is enable, enter the port number that will forward push updates to UDP port 9443 the FortiMail unit. Usually, this is a port forward on the external interface of a NAT device such as a firewall or router.

push-update-override-status {enable | disable}

Enable to override the default IP.

disable

push-update-status {enable | disable}

Enable to allow the FortiMail unit to receive notifications of available updates, which trigger it to download FortiGuard Antivirus packages from the FDN.

disable

scheduled-update-day <day_int>

Enter the day of the week at which the FortiMail unit will request updates where the range is from 0-6 and 0 means Sunday and 6 means Saturday.

scheduled-update-frequency {daily | every | weekly}

Enter the frequency at which the FortiMail unit will request updates. Also configure scheduled-update-day <day_int> and scheduled-update-time <time_str>.

weekly

scheduled-update-status {enable | disable}

Enable to perform updates according to a schedule.

enable

scheduled-update-time <time_str>

Enter the time of the day at which the FortiMail unit will request updates, in the format hh:mm, where hh is the number of hours and mm is the number of minutes after the hour in 15 minute intervals.

01:00

tunneling-address <host_ipv4>

If tunneling-status is enable, enter the IP address of the web proxy.

tunneling-password <password_str>

If tunneling-status is enable, enter the password of the account on the web proxy.

tunneling-port <port_int>

If tunneling-status is enable, enter the TCP port number on which the web proxy listens.

tunneling-status {enable | disable}

Enable to tunnel update requests through a web proxy.

disable

tunneling-username <username_str>

If tunneling-status is enable, enter the user name of the FortiMail unit’s account on the web proxy.

virus-db {default | extended | extreme}

Depending on your models, FortiMail supports three types of antivirus databases:

  • Default: The default FortiMail virus database contains most commonly seen viruses and should be sufficient enough for regular antivirus protection.
  • Extended: Some high-end FortiMail models support the usage of an extended virus database, which contains viruses that are not active any more.
  • Extreme: Some high-end models also support the usage of an extreme virus database, which contains more virus signatures than the default and extended databases.

default

virus-outbreak {diable | enable | enable-with-defer}

When a virus outbreak occurs, the FortiGuard antivirus database may need some time to get updated. Therefore, you can choose to defer the delivery of the suspicious email messages and scan them for the second time:

  • Disable: Do not query FortiGuard antivirus service.
  • Enable: Query FortiGuard antivirus service.
  • Enable with Defer: If the first query returns no results, defer the email for the specified time and do the second query.

enable-
with-defer

virus-outbreak-protection-period <minutes>

If you specify Enable with Defer in the above field, specify how many minutes later a second query will be done.

20

Related topics

system fortiguard antispam

update