profile antivirus

profile antivirus

Use this command to create antivirus profiles that you can select in a policy in order to scan email for viruses.

The FortiMail unit scans email header, body, and attachments (including compressed files, such as ZIP, PKZIP, LHA, ARJ, and RAR files) for virus infections. If the FortiMail unit detects a virus, it will take actions as you define in the antivirus action profiles.

Syntax

config profile antivirus

edit <profile_name>

set action-default { predefined_av_discard | predefined_av_reject}

set action-file-signature

set action-heuristic {predefined_av_discard | predefined_av_reject}

set action-outbreak <action>

set action-sandbox-high <action>

set action-sandbox-low <action>

set action-sandbox-medium <action>

set action-sandbox-noresult <action>

set action-sandbox-url-high <action>

set action-sandbox-url-low <action>

set action-sandbox-url-medium <action>

set action-sandbox-url-noresult <action>

set action-sandbox-url-virus <action>

set action-sandbox-virus <action>

set file-signature-check {enable | disable}

set grayware-scan {enable | disable}

set heuristic {enable | disable}

set malware-outbreak-protection {enable | disable}

set sandbox-analysis {enable | disable}

set sandbox-analysis-url{enable | disable}

set sandbox-scan-mode {submit-and-wait | submit-only}

set scanner {enable | disable}

end

Variable	Description	Default
<profile_name>	Enter the name of the profile. To view a list of existing entries, enter a question mark ( `?` ).
action-default { predefined_av_discard \| predefined_av_reject}	Type a predefined antivirus action. predefined_av_discard: Accept infected email, but then delete it instead of delivering the email, without notifying the SMTP client. predefined_av_reject: Reject infected email and reply to the SMTP client with SMTP reply code 550.
action-file-signature	Type a predefined scan for file signature action. predefined_av_discard: predefined_av_reject:
action-heuristic {predefined_av_discard \| predefined_av_reject}	Type a predefined heuristic scanning action on infected email. predefined_av_discard: Accept email suspected to be infected, but then delete it instead of delivering the email, without notifying the SMTP client. predefined_av_reject: Reject email suspected to be infected, and reply to the SMTP client with SMTP reply code 550.
action-outbreak <action>	Type to determine the action to take if the FortiSandbox analysis determines that the email message has an outbreak.
action-sandbox-high <action>	Type to determine the action to take if the FortiSandbox attachment analysis determines that the email messages have high probability of viruses or other threat qualities.	default
action-sandbox-low <action>	Type to determine the action to take if the FortiSandbox attachment analysis determines that the email messages have low probability of viruses or other threat qualities.	default
action-sandbox-medium <action>	Type to determine the action to take if the FortiSandbox attachment analysis determines that the email messages have medium probability of viruses or other threat qualities.	default
action-sandbox-virus <action>	Type to determine the action to take if the FortiSandbox attachment analysis determines that the email messages definitely have viruses or other threat qualities.	default
action-sandbox-noresult <action>	Type to determine the action to take if the FortiSandbox attachment analysis returns no results.	None
action-sandbox-url-high <action>	Type to determine the action to take if the FortiSandbox URL analysis determines that the email messages have high probability of viruses or other threat qualities.	default
action-sandbox-url-low <action>	Type to determine the action to take if the FortiSandbox URL analysis determines that the email messages have low probability of viruses or other threat qualities.	default
action-sandbox-url-medium <action>	Type to determine the action to take if the FortiSandbox URL determines that the email messages have medium probability of viruses or other threat qualities.	default
action-sandbox-url-virus <action>	Type to determine the action to take if the FortiSandbox URL analysis determines that the email messages definitely have viruses or other threat qualities.	default
action-sandbox-url-noresult <action>	Type to determine the action to take if the FortiSandbox URL analysis returns no results.	None
file-signature-check {enable \| disable}	Enable to scan for file signatures.	disable
grayware-scan {enable \| disable}	Enable to scan for grayware as well when performing antivirus scanning.	enable
heuristic {enable \| disable}	Enable to use heuristics when performing antivirus scanning.	enable
malware-outbreak-protection {enable \| disable}	Instead of using virus signatures, malware outbreak protection uses data analytics from the FortiGuard Service. For example, if a threshold volume of previously unknown attachments are being sent from known malicious sources, they are treated as suspicious viruses. This feature can help quickly identify new threats. Because the infected email is treated as virus, the virus replacement message will be used, if the replacement action is triggered.
sandbox-analysis {enable \| disable}	Enable to send suspicious email attachments to FortiSandbox for inspection. For details about FortiSandbox, see system fortisandbox.	disable
sandbox-analysis-url{enable \| disable}	Enable or disable sending suspicious attachment content to FortiSandbox for analysis.	disable
sandbox-scan-mode {submit-and-wait \| submit-only}	Edits how the email is handled by the FortiSandbox	submit-and-wait
scanner {enable \| disable}	Enable to perform antivirus scanning for this profile.	disable

Syntax

config profile antivirus

edit <profile_name>

set action-default { predefined_av_discard | predefined_av_reject}

set action-file-signature

set action-heuristic {predefined_av_discard | predefined_av_reject}

set action-outbreak <action>

set action-sandbox-high <action>

set action-sandbox-low <action>

set action-sandbox-medium <action>

set action-sandbox-noresult <action>

set action-sandbox-url-high <action>

set action-sandbox-url-low <action>

set action-sandbox-url-medium <action>

set action-sandbox-url-noresult <action>

set action-sandbox-url-virus <action>

set action-sandbox-virus <action>

set file-signature-check {enable | disable}

set grayware-scan {enable | disable}

set heuristic {enable | disable}

set malware-outbreak-protection {enable | disable}

set sandbox-analysis {enable | disable}

set sandbox-analysis-url{enable | disable}

set sandbox-scan-mode {submit-and-wait | submit-only}

set scanner {enable | disable}

end

Variable	Description	Default
<profile_name>	Enter the name of the profile. To view a list of existing entries, enter a question mark ( `?` ).
action-default { predefined_av_discard \| predefined_av_reject}	Type a predefined antivirus action. predefined_av_discard: Accept infected email, but then delete it instead of delivering the email, without notifying the SMTP client. predefined_av_reject: Reject infected email and reply to the SMTP client with SMTP reply code 550.
action-file-signature	Type a predefined scan for file signature action. predefined_av_discard: predefined_av_reject:
action-heuristic {predefined_av_discard \| predefined_av_reject}	Type a predefined heuristic scanning action on infected email. predefined_av_discard: Accept email suspected to be infected, but then delete it instead of delivering the email, without notifying the SMTP client. predefined_av_reject: Reject email suspected to be infected, and reply to the SMTP client with SMTP reply code 550.
action-outbreak <action>	Type to determine the action to take if the FortiSandbox analysis determines that the email message has an outbreak.
action-sandbox-high <action>	Type to determine the action to take if the FortiSandbox attachment analysis determines that the email messages have high probability of viruses or other threat qualities.	default
action-sandbox-low <action>	Type to determine the action to take if the FortiSandbox attachment analysis determines that the email messages have low probability of viruses or other threat qualities.	default
action-sandbox-medium <action>	Type to determine the action to take if the FortiSandbox attachment analysis determines that the email messages have medium probability of viruses or other threat qualities.	default
action-sandbox-virus <action>	Type to determine the action to take if the FortiSandbox attachment analysis determines that the email messages definitely have viruses or other threat qualities.	default
action-sandbox-noresult <action>	Type to determine the action to take if the FortiSandbox attachment analysis returns no results.	None
action-sandbox-url-high <action>	Type to determine the action to take if the FortiSandbox URL analysis determines that the email messages have high probability of viruses or other threat qualities.	default
action-sandbox-url-low <action>	Type to determine the action to take if the FortiSandbox URL analysis determines that the email messages have low probability of viruses or other threat qualities.	default
action-sandbox-url-medium <action>	Type to determine the action to take if the FortiSandbox URL determines that the email messages have medium probability of viruses or other threat qualities.	default
action-sandbox-url-virus <action>	Type to determine the action to take if the FortiSandbox URL analysis determines that the email messages definitely have viruses or other threat qualities.	default
action-sandbox-url-noresult <action>	Type to determine the action to take if the FortiSandbox URL analysis returns no results.	None
file-signature-check {enable \| disable}	Enable to scan for file signatures.	disable
grayware-scan {enable \| disable}	Enable to scan for grayware as well when performing antivirus scanning.	enable
heuristic {enable \| disable}	Enable to use heuristics when performing antivirus scanning.	enable
malware-outbreak-protection {enable \| disable}	Instead of using virus signatures, malware outbreak protection uses data analytics from the FortiGuard Service. For example, if a threshold volume of previously unknown attachments are being sent from known malicious sources, they are treated as suspicious viruses. This feature can help quickly identify new threats. Because the infected email is treated as virus, the virus replacement message will be used, if the replacement action is triggered.
sandbox-analysis {enable \| disable}	Enable to send suspicious email attachments to FortiSandbox for inspection. For details about FortiSandbox, see system fortisandbox.	disable
sandbox-analysis-url{enable \| disable}	Enable or disable sending suspicious attachment content to FortiSandbox for analysis.	disable
sandbox-scan-mode {submit-and-wait \| submit-only}	Edits how the email is handled by the FortiSandbox	submit-and-wait
scanner {enable \| disable}	Enable to perform antivirus scanning for this profile.	disable

Secure Networking

Hybrid Mesh Firewall

NOC Management

LAN

WAN

Unified SASE

Single Vendor SASE

Cloud Network Security

Secure Endpoint Connectivity

Web Application / API Protection

Security Operations

Security Operations Automation

Identity

Early Detection & Prevention

Secure Networking

Hybrid Mesh Firewall

NOC Management

LAN

WAN

Communication & Surveillance

Unified SASE

Single Vendor SASE

Secure Endpoint Connectivity

Cloud Network Security

Cloud-Native Security

Web Application / API Protection

Security Operations

Security Operations Automation

Endpoint

Data Protection

Identity

Email

Early Detection & Prevention

Expert Services

Edge Firewall

Orchestration & management

SD Branch

Application Delivery

Single Vendor SASE

Secure Endpoint Connectivity

Secure Private Access

Thin Edge

Identity

Application Gateway

Enterprise Asset Management

Endpoint Agent

Agentless Security Posture

Identity

Wireless

Switching

Identity

Privilege Acccess Management

Next Generation Firewall

Orchestration & management

Expert Services

All

All

Account Management

SAAS Management

SAAS Application Security

Managed Services

Platform as a service (PAAS)

Other SAAS Services

4D Pillars

Cloud

Popular Solutions

CLI Reference