Fortinet black logo

CLI Reference

profile antivirus-action

profile antivirus-action

Use this command to configure antivirus action profiles.

Syntax

config profile antivirus-action

edit <profile_name>

config header-insertion-list

edit <header-name>

set header-insertion-value <string>

next

end

set action {discard | domain-quarantine | none | reject | repackage | repackage-with-cmsg | rewrite-rcpt | system-quarantine}

set alternate-host {<relay_fqdn> | <relay_ipv4>}

set alternate-host-status {enable | disable}

set archive-account

set archive-status

set bcc-addr <recipient_email>

set bcc-env-from-addr <message_str>

set bcc-env-from-status {enable | disable}

set bcc-status {enable | disable}

set deliver-to-original-host {enable | disable}

set disclaimer-insertion {enable | disable}

set disclaimer-insertion-content <message_name>

set disclaimer-insertion-location {beginning | end}

set header-insertion-name <name_str>

set header-insertion-status {enable | disable}

set header-insertion-value <header_str>

set notification-profile <profile_name>

set notification-status {enable | disable}

set remove-url-status {enable | disable}

set replace-infected-status {enable | disable}

set rewrite-rcpt-local-type {none | prefix | replace | suffix}

set rewrite-rcpt-local-value <value_str>

set rewrite-rcpt-domain-type {none-prefix | replace | suffix}

set rewrite-rcpt-domain-value <value_str>

set subject-tagging-status {enable | disable}

set subject-tagging-text <tag_str>

end

Variable

Description

Default

<profile_name>

Enter the name of an antivirus action profile.

action {discard | domain-quarantine | none | reject | repackage | repackage-with-cmsg | rewrite-rcpt | system-quarantine}

Enter an action for the profile.

  • discard: Enter to accept the email, but then delete it instead of delivering the email, without notifying the SMTP client.

  • domain-quarantine: Enter to redirect virus to the per-domain quarantine. For more information, see the FortiMail Administration Guide. Note that this option is only available with a valid advanced management license.

  • none: Apply any configured header or subject line tags, if any.

  • reject: Enter to reject the email and reply to the SMTP client with SMTP reply code 550.

  • repackage: Forward the infected email as an attachment but the original email body will still be used without modification.

  • repackage-with-cmsg: Forward the infected email as an attachment with the customized email body that you define in the custom email template. For example, in the template, you may want to say “The attached email is infected by a virus”.

  • rewrite-rcpt: Enter to change the recipient address of any email message detecting a virus. Configure rewrites separately for the local-part (the portion of the email address before the "@" symbol, typically a user name) and the domain part (the portion of the email address after the "@" symbol).
    If you enter this option, also configure rewrite-rcpt-local-type {none | prefix | replace | suffix}, rewrite-rcpt-local-value <value_str>, rewrite-rcpt-domain-type {none-prefix | replace | suffix}, and rewrite-rcpt-domain-value <value_str>.

  • system-quarantine: Enter to redirect virus to the system quarantine. For more information, see the FortiMail Administration Guide.

none

alternate-host {<relay_fqdn> | <relay_ipv4>}

Type the fully qualified domain name (FQDN) or IP address of the alternate relay or SMTP server.

This field applies only if alternate-host-status is enable.

alternate-host-status {enable | disable}

Enable to route the email to a specific SMTP server or relay. Also configure alternate-host {<relay_fqdn> | <relay_ipv4>}.

Note: If you enable this setting, for all email that matches the profile, the FortiMail unit will use this destination and ignore mailsetting relay-host-list and the protected domain’s tp-use-domain-mta {yes | no}.

disable

archive-account

Enter the archive account.

archive-status

Enable or disable message archiving.

disable

bcc-addr <recipient_email>

Type the blind carbon copy (BCC) recipient email address.

This field applies only if bcc-status is enable.

bcc-env-from-addr <message_str>

Specify an envelope from BCC address. In the case that email is not deliverable and bounced back, the email is returned to the specified envelope from address instead of the original sender. This is helpful when you want to use a specific email to collect bounce notifications.

This field applies only if bcc-env-from-status is enable.

bcc-env-from-status {enable | disable}

Enable to specify an envelope from address.

disable

bcc-status {enable | disable}

Enable to send a BCC of the email. Also configure bcc-addr <recipient_email>.

disable

deliver-to-original-host {enable | disable}

Enable to deliver the message to the original host.

disable

disclaimer-insertion {enable | disable}

Enable to insert disclaimer.

disable

disclaimer-insertion-content <message_name>

Specify the content name to be inserted.

default

disclaimer-insertion-location {beginning | end}

Insert the disclaimer at the beginning or end.

beginning

header-insertion-name <name_str>

Enter the message header key. The FortiMail unit will add this text to the message header of the email before forwarding it to the recipient.

Many email clients can sort incoming email messages into separate mailboxes based on text appearing in various parts of email messages, including the message header. For details, see the documentation for your email client.

Message header lines are composed of two parts: a key and a value, which are separated by a colon. For example, you might enter:

X-Custom-Header: Detected as virus by profile 22.

If you enter a header line that does not include a colon, the FortiMail unit will automatically append a colon, causing the entire text that you enter to be the key.

Note: Do not enter spaces in the key portion of the header line, as these are forbidden by RFC 2822.

See header-insertion-value <header_str>.

header-insertion-status {enable | disable}

Enable to add a message header to detected virus.

See header-insertion-value <header_str>.

disable

header-insertion-value <header_str>

Enter the message header value.

Message header lines are composed of two parts: a key and a value, which are separated by a colon. For example, you might enter:

X-Custom-Header: Detected as virus by profile 22.

If you enter a header line that does not include a colon, the FortiMail unit will automatically append a colon, causing the entire text that you enter to be the key.

Note: Do not enter spaces in the key portion of the header line, as these are forbidden by RFC 2822.

See header-insertion-name <name_str>.

notification-profile <profile_name>

Type the name of the notification profile used for sending notifications.

notification-status {enable | disable}

Enable sending notifications using a notification profile.

disable

remove-url-status {enable | disable}

Enable to remove URL detected by FortiSandbox.

enable

replace-infected-status {enable | disable}

Enable or disable the option to replace infected body or attachment.

disable

rewrite-rcpt-local-type {none | prefix | replace | suffix}

Change the local part (the portion of the email address before the '@' symbol, typically a user name) of the recipient address of any email message detecting a virus.

none: No change.

prefix: Enter to prepend the part with new text. Also configure rewrite-rcpt-local-value <value_str>.

suffix: Enter to append the part with new text. Also configure rewrite-rcpt-local-value <value_str>.

replace: Enter to substitute the part with new text. Also configure rewrite-rcpt-local-value <value_str>.

none

rewrite-rcpt-local-value <value_str>

Enter the text for the option (except none) you choose in rewrite-rcpt-local-type {none | prefix | replace | suffix}.

rewrite-rcpt-domain-type {none-prefix | replace | suffix}

Change the domain part (the portion of the email address after the '@' symbol) of the recipient address of any email message detecting a virus.

none: No change.

prefix: Enter to prepend the part with new text. Also configure rewrite-rcpt-domain-value <value_str>.

suffix: Enter to append the part with new text. Also configure rewrite-rcpt-domain-value <value_str>.

replace: Enter to substitute the part with new text. Also configure rewrite-rcpt-domain-value <value_str>.

none

rewrite-rcpt-domain-value <value_str>

Enter the text for the option (except none) you choose in rewrite-rcpt-domain-type {none-prefix | replace | suffix}.

subject-tagging-status {enable | disable}

Enable to prepend text defined using subject-tagging-text <tag_str> (“tag") to the subject line on detected virus.

disable

subject-tagging-text <tag_str>

Enter the text that will appear in the subject line of the email, such as “[VIRUS] ". The FortiMail unit will prepend this text to the subject line of virus before forwarding it to the recipient.

Related topics

profile antivirus

profile antivirus-action

Use this command to configure antivirus action profiles.

Syntax

config profile antivirus-action

edit <profile_name>

config header-insertion-list

edit <header-name>

set header-insertion-value <string>

next

end

set action {discard | domain-quarantine | none | reject | repackage | repackage-with-cmsg | rewrite-rcpt | system-quarantine}

set alternate-host {<relay_fqdn> | <relay_ipv4>}

set alternate-host-status {enable | disable}

set archive-account

set archive-status

set bcc-addr <recipient_email>

set bcc-env-from-addr <message_str>

set bcc-env-from-status {enable | disable}

set bcc-status {enable | disable}

set deliver-to-original-host {enable | disable}

set disclaimer-insertion {enable | disable}

set disclaimer-insertion-content <message_name>

set disclaimer-insertion-location {beginning | end}

set header-insertion-name <name_str>

set header-insertion-status {enable | disable}

set header-insertion-value <header_str>

set notification-profile <profile_name>

set notification-status {enable | disable}

set remove-url-status {enable | disable}

set replace-infected-status {enable | disable}

set rewrite-rcpt-local-type {none | prefix | replace | suffix}

set rewrite-rcpt-local-value <value_str>

set rewrite-rcpt-domain-type {none-prefix | replace | suffix}

set rewrite-rcpt-domain-value <value_str>

set subject-tagging-status {enable | disable}

set subject-tagging-text <tag_str>

end

Variable

Description

Default

<profile_name>

Enter the name of an antivirus action profile.

action {discard | domain-quarantine | none | reject | repackage | repackage-with-cmsg | rewrite-rcpt | system-quarantine}

Enter an action for the profile.

  • discard: Enter to accept the email, but then delete it instead of delivering the email, without notifying the SMTP client.

  • domain-quarantine: Enter to redirect virus to the per-domain quarantine. For more information, see the FortiMail Administration Guide. Note that this option is only available with a valid advanced management license.

  • none: Apply any configured header or subject line tags, if any.

  • reject: Enter to reject the email and reply to the SMTP client with SMTP reply code 550.

  • repackage: Forward the infected email as an attachment but the original email body will still be used without modification.

  • repackage-with-cmsg: Forward the infected email as an attachment with the customized email body that you define in the custom email template. For example, in the template, you may want to say “The attached email is infected by a virus”.

  • rewrite-rcpt: Enter to change the recipient address of any email message detecting a virus. Configure rewrites separately for the local-part (the portion of the email address before the "@" symbol, typically a user name) and the domain part (the portion of the email address after the "@" symbol).
    If you enter this option, also configure rewrite-rcpt-local-type {none | prefix | replace | suffix}, rewrite-rcpt-local-value <value_str>, rewrite-rcpt-domain-type {none-prefix | replace | suffix}, and rewrite-rcpt-domain-value <value_str>.

  • system-quarantine: Enter to redirect virus to the system quarantine. For more information, see the FortiMail Administration Guide.

none

alternate-host {<relay_fqdn> | <relay_ipv4>}

Type the fully qualified domain name (FQDN) or IP address of the alternate relay or SMTP server.

This field applies only if alternate-host-status is enable.

alternate-host-status {enable | disable}

Enable to route the email to a specific SMTP server or relay. Also configure alternate-host {<relay_fqdn> | <relay_ipv4>}.

Note: If you enable this setting, for all email that matches the profile, the FortiMail unit will use this destination and ignore mailsetting relay-host-list and the protected domain’s tp-use-domain-mta {yes | no}.

disable

archive-account

Enter the archive account.

archive-status

Enable or disable message archiving.

disable

bcc-addr <recipient_email>

Type the blind carbon copy (BCC) recipient email address.

This field applies only if bcc-status is enable.

bcc-env-from-addr <message_str>

Specify an envelope from BCC address. In the case that email is not deliverable and bounced back, the email is returned to the specified envelope from address instead of the original sender. This is helpful when you want to use a specific email to collect bounce notifications.

This field applies only if bcc-env-from-status is enable.

bcc-env-from-status {enable | disable}

Enable to specify an envelope from address.

disable

bcc-status {enable | disable}

Enable to send a BCC of the email. Also configure bcc-addr <recipient_email>.

disable

deliver-to-original-host {enable | disable}

Enable to deliver the message to the original host.

disable

disclaimer-insertion {enable | disable}

Enable to insert disclaimer.

disable

disclaimer-insertion-content <message_name>

Specify the content name to be inserted.

default

disclaimer-insertion-location {beginning | end}

Insert the disclaimer at the beginning or end.

beginning

header-insertion-name <name_str>

Enter the message header key. The FortiMail unit will add this text to the message header of the email before forwarding it to the recipient.

Many email clients can sort incoming email messages into separate mailboxes based on text appearing in various parts of email messages, including the message header. For details, see the documentation for your email client.

Message header lines are composed of two parts: a key and a value, which are separated by a colon. For example, you might enter:

X-Custom-Header: Detected as virus by profile 22.

If you enter a header line that does not include a colon, the FortiMail unit will automatically append a colon, causing the entire text that you enter to be the key.

Note: Do not enter spaces in the key portion of the header line, as these are forbidden by RFC 2822.

See header-insertion-value <header_str>.

header-insertion-status {enable | disable}

Enable to add a message header to detected virus.

See header-insertion-value <header_str>.

disable

header-insertion-value <header_str>

Enter the message header value.

Message header lines are composed of two parts: a key and a value, which are separated by a colon. For example, you might enter:

X-Custom-Header: Detected as virus by profile 22.

If you enter a header line that does not include a colon, the FortiMail unit will automatically append a colon, causing the entire text that you enter to be the key.

Note: Do not enter spaces in the key portion of the header line, as these are forbidden by RFC 2822.

See header-insertion-name <name_str>.

notification-profile <profile_name>

Type the name of the notification profile used for sending notifications.

notification-status {enable | disable}

Enable sending notifications using a notification profile.

disable

remove-url-status {enable | disable}

Enable to remove URL detected by FortiSandbox.

enable

replace-infected-status {enable | disable}

Enable or disable the option to replace infected body or attachment.

disable

rewrite-rcpt-local-type {none | prefix | replace | suffix}

Change the local part (the portion of the email address before the '@' symbol, typically a user name) of the recipient address of any email message detecting a virus.

none: No change.

prefix: Enter to prepend the part with new text. Also configure rewrite-rcpt-local-value <value_str>.

suffix: Enter to append the part with new text. Also configure rewrite-rcpt-local-value <value_str>.

replace: Enter to substitute the part with new text. Also configure rewrite-rcpt-local-value <value_str>.

none

rewrite-rcpt-local-value <value_str>

Enter the text for the option (except none) you choose in rewrite-rcpt-local-type {none | prefix | replace | suffix}.

rewrite-rcpt-domain-type {none-prefix | replace | suffix}

Change the domain part (the portion of the email address after the '@' symbol) of the recipient address of any email message detecting a virus.

none: No change.

prefix: Enter to prepend the part with new text. Also configure rewrite-rcpt-domain-value <value_str>.

suffix: Enter to append the part with new text. Also configure rewrite-rcpt-domain-value <value_str>.

replace: Enter to substitute the part with new text. Also configure rewrite-rcpt-domain-value <value_str>.

none

rewrite-rcpt-domain-value <value_str>

Enter the text for the option (except none) you choose in rewrite-rcpt-domain-type {none-prefix | replace | suffix}.

subject-tagging-status {enable | disable}

Enable to prepend text defined using subject-tagging-text <tag_str> (“tag") to the subject line on detected virus.

disable

subject-tagging-text <tag_str>

Enter the text that will appear in the subject line of the email, such as “[VIRUS] ". The FortiMail unit will prepend this text to the subject line of virus before forwarding it to the recipient.

Related topics

profile antivirus