Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions

    • CLI Reference

    Home FortiMail 7.2.7 CLI Reference
    7.2.7
    7.6.1
    7.6.0
    7.4.3
    7.4.2
    7.4.1
    7.4.0
    7.2.7
    7.2.6
    7.2.5
    7.2.4
    7.2.3
    7.2.2
    7.2.1
    7.2.0
    7.0.8
    7.0.7
    7.0.6
    7.0.5
    7.0.5
    7.0.4
    7.0.3
    7.0.2
    7.0.1
    7.0.0
    6.4.8
    6.4.7
    6.4.6
    6.4.5
    6.4.4
    6.4.3
    6.4.2
    6.4.1
    6.4.0
    6.2.0
    6.0.4
    6.0.3
    6.0.1
    6.0.0

    system fortiguard antivirus

    system fortiguard antivirus

    Use this command to configure how the FortiMail unit will retrieve the most recent updates to FortiGuard Antivirus engines, antivirus definitions, and antispam definitions (the heuristic antispam rules only). FortiMail can get antivirus updates either directly from a Fortinet Distribution Network (FDN) server or via a web proxy.

    Syntax

    config system fortiguard antivirus

    set override-server-address <virtual‑ip_ipv4>

    set override-server-status {enable | disable}

    set push-update-override-address <virtual-ip_ipv4>

    set push-update-override-port <port_int>

    set push-update-override-status {enable | disable}

    set push-update-status {enable | disable}

    set scheduled-update-day <day_int>

    set scheduled-update-frequency {daily | every | weekly}

    set scheduled-update-status {enable | disable}

    set scheduled-update-time <time_str>

    set tunneling-address <host_ipv4>

    set tunneling-password <password_str>

    set <document id>

    set tunneling-status {enable | disable}

    set tunneling-username <username_str>

    set virus-db {default | extended | extreme}

    set virus-outbreak {diable | enable | enable-with-defer}

    set virus-outbreak-protection-period <minutes>

    end

    Variable

    Description

    Default

    override-server-address <virtual‑ip_ipv4>

    If override-server-status is enable, enter the IP address of the public or private FortiGuard Distribution Server (FDS) that overrides the default FDS to which the FortiMail unit connects for updates.

    override-server-status {enable | disable}

    Enable to override the default FDS to which the FortiMail unit connects for updates.

    disable

    push-update-override-address <virtual-ip_ipv4>

    If push-update-override-status is enable, enter the public IP address that will forward push updates to the FortiMail unit. Usually, this is a virtual IP address on the external interface of a NAT device such as a firewall or router.

    push-update-override-port <port_int>

    If push-update-override-status is enable, enter the port number that will forward push updates to UDP port 9443 the FortiMail unit. Usually, this is a port forward on the external interface of a NAT device such as a firewall or router.

    push-update-override-status {enable | disable}

    Enable to override the default IP.

    disable

    push-update-status {enable | disable}

    Enable to allow the FortiMail unit to receive notifications of available updates, which trigger it to download FortiGuard Antivirus packages from the FDN.

    disable

    scheduled-update-day <day_int>

    Enter the day of the week at which the FortiMail unit will request updates where the range is from 0-6 and 0 means Sunday and 6 means Saturday.

    scheduled-update-frequency {daily | every | weekly}

    Enter the frequency at which the FortiMail unit will request updates. Also configure scheduled-update-day <day_int> and scheduled-update-time <time_str>.

    weekly

    scheduled-update-status {enable | disable}

    Enable to perform updates according to a schedule.

    enable

    scheduled-update-time <time_str>

    Enter the time of the day at which the FortiMail unit will request updates, in the format hh:mm, where hh is the number of hours and mm is the number of minutes after the hour in 15 minute intervals.

    01:00

    tunneling-address <host_ipv4>

    If tunneling-status is enable, enter the IP address of the web proxy.

    tunneling-password <password_str>

    If tunneling-status is enable, enter the password of the account on the web proxy.

    tunneling-port <port_int>

    If tunneling-status is enable, enter the TCP port number on which the web proxy listens.

    tunneling-status {enable | disable}

    Enable to tunnel update requests through a web proxy.

    disable

    tunneling-username <username_str>

    If tunneling-status is enable, enter the user name of the FortiMail unit’s account on the web proxy.

    virus-db {default | extended | extreme}

    Depending on your models, FortiMail supports three types of antivirus databases:

    • Default: The default FortiMail virus database contains most commonly seen viruses and should be sufficient enough for regular antivirus protection.
      For the current release, FortiMail VM00 model supports the default virus database only.
    • Extended: Some high-end FortiMail models support the usage of an extended virus database, which contains viruses that are not active any more.
      For the current release, FortiMail VM01/VM02/200F/400F models support both the default and extended virus databases.
    • Extreme: Some high-end models also support the usage of an extreme virus database, which contains more virus signatures than the default and extended databases.
      For the current release, FortiMail VM04/900F and above models support all three types of virus databases.

    default

    virus-outbreak {diable | enable | enable-with-defer}

    When a virus outbreak occurs, the FortiGuard antivirus database may need some time to get updated. Therefore, you can choose to defer the delivery of the suspicious email messages and scan them for the second time:

    • Disable: Do not query FortiGuard antivirus service.
    • Enable: Query FortiGuard antivirus service.
    • Enable with Defer: If the first query returns no results, defer the email for the specified time and do the second query.

    enable-
    with-defer

    virus-outbreak-protection-period <minutes>

    If you specify Enable with Defer in the above field, specify how many minutes later a second query will be done.

    20

    Related topics

    system fortiguard antispam

    update

    Previous
    Next

    system fortiguard antivirus

    system fortiguard antivirus

    Use this command to configure how the FortiMail unit will retrieve the most recent updates to FortiGuard Antivirus engines, antivirus definitions, and antispam definitions (the heuristic antispam rules only). FortiMail can get antivirus updates either directly from a Fortinet Distribution Network (FDN) server or via a web proxy.

    Syntax

    config system fortiguard antivirus

    set override-server-address <virtual‑ip_ipv4>

    set override-server-status {enable | disable}

    set push-update-override-address <virtual-ip_ipv4>

    set push-update-override-port <port_int>

    set push-update-override-status {enable | disable}

    set push-update-status {enable | disable}

    set scheduled-update-day <day_int>

    set scheduled-update-frequency {daily | every | weekly}

    set scheduled-update-status {enable | disable}

    set scheduled-update-time <time_str>

    set tunneling-address <host_ipv4>

    set tunneling-password <password_str>

    set <document id>

    set tunneling-status {enable | disable}

    set tunneling-username <username_str>

    set virus-db {default | extended | extreme}

    set virus-outbreak {diable | enable | enable-with-defer}

    set virus-outbreak-protection-period <minutes>

    end

    Variable

    Description

    Default

    override-server-address <virtual‑ip_ipv4>

    If override-server-status is enable, enter the IP address of the public or private FortiGuard Distribution Server (FDS) that overrides the default FDS to which the FortiMail unit connects for updates.

    override-server-status {enable | disable}

    Enable to override the default FDS to which the FortiMail unit connects for updates.

    disable

    push-update-override-address <virtual-ip_ipv4>

    If push-update-override-status is enable, enter the public IP address that will forward push updates to the FortiMail unit. Usually, this is a virtual IP address on the external interface of a NAT device such as a firewall or router.

    push-update-override-port <port_int>

    If push-update-override-status is enable, enter the port number that will forward push updates to UDP port 9443 the FortiMail unit. Usually, this is a port forward on the external interface of a NAT device such as a firewall or router.

    push-update-override-status {enable | disable}

    Enable to override the default IP.

    disable

    push-update-status {enable | disable}

    Enable to allow the FortiMail unit to receive notifications of available updates, which trigger it to download FortiGuard Antivirus packages from the FDN.

    disable

    scheduled-update-day <day_int>

    Enter the day of the week at which the FortiMail unit will request updates where the range is from 0-6 and 0 means Sunday and 6 means Saturday.

    scheduled-update-frequency {daily | every | weekly}

    Enter the frequency at which the FortiMail unit will request updates. Also configure scheduled-update-day <day_int> and scheduled-update-time <time_str>.

    weekly

    scheduled-update-status {enable | disable}

    Enable to perform updates according to a schedule.

    enable

    scheduled-update-time <time_str>

    Enter the time of the day at which the FortiMail unit will request updates, in the format hh:mm, where hh is the number of hours and mm is the number of minutes after the hour in 15 minute intervals.

    01:00

    tunneling-address <host_ipv4>

    If tunneling-status is enable, enter the IP address of the web proxy.

    tunneling-password <password_str>

    If tunneling-status is enable, enter the password of the account on the web proxy.

    tunneling-port <port_int>

    If tunneling-status is enable, enter the TCP port number on which the web proxy listens.

    tunneling-status {enable | disable}

    Enable to tunnel update requests through a web proxy.

    disable

    tunneling-username <username_str>

    If tunneling-status is enable, enter the user name of the FortiMail unit’s account on the web proxy.

    virus-db {default | extended | extreme}

    Depending on your models, FortiMail supports three types of antivirus databases:

    • Default: The default FortiMail virus database contains most commonly seen viruses and should be sufficient enough for regular antivirus protection.
      For the current release, FortiMail VM00 model supports the default virus database only.
    • Extended: Some high-end FortiMail models support the usage of an extended virus database, which contains viruses that are not active any more.
      For the current release, FortiMail VM01/VM02/200F/400F models support both the default and extended virus databases.
    • Extreme: Some high-end models also support the usage of an extreme virus database, which contains more virus signatures than the default and extended databases.
      For the current release, FortiMail VM04/900F and above models support all three types of virus databases.

    default

    virus-outbreak {diable | enable | enable-with-defer}

    When a virus outbreak occurs, the FortiGuard antivirus database may need some time to get updated. Therefore, you can choose to defer the delivery of the suspicious email messages and scan them for the second time:

    • Disable: Do not query FortiGuard antivirus service.
    • Enable: Query FortiGuard antivirus service.
    • Enable with Defer: If the first query returns no results, defer the email for the specified time and do the second query.

    enable-
    with-defer

    virus-outbreak-protection-period <minutes>

    If you specify Enable with Defer in the above field, specify how many minutes later a second query will be done.

    20

    Related topics

    system fortiguard antispam

    update

    Previous
    Next