Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions

    • Administration Guide

    Home FortiMail 7.6.1 Administration Guide
    7.6.1
    7.6.1
    7.6.0
    7.4.3
    7.4.2
    7.4.1
    7.4.0
    7.2.7
    7.2.6
    7.2.5
    7.2.4
    7.2.3
    7.2.2
    7.2.1
    7.2.0
    7.0.8
    7.0.7
    7.0.6
    7.0.5
    7.0.4
    7.0.3
    7.0.2
    7.0.1
    7.0.0
    6.4.8
    6.4.7
    6.4.6
    6.4.5
    6.4.4
    6.4.3
    6.4.2
    6.4.1
    6.4.0
    6.2.7
    6.2.0
    6.0.6
    6.0.4
    6.0.3
    6.0.1
    6.0.0

    Configuring file signatures

    Configuring file signatures

    If you have the SHA-1or SHA-256 (Secure Hash Algorithm) hash values of some known virus-infected files, then you can add these values as file signatures and select the action to apply in the antivirus profile (see Configuring antivirus profiles).

    Some file types do not contain viruses, so FortiMail file signature check only supports these attachment file types:

    • .7z

    • .bat

    • .cab

    • .dll

    • .doc

    • .docm

    • .docx

    • .dotm

    • .exe

    • .gz

    • .hta

    • .inf

    • .jar

    • .js

    • .jse

    • .msi

    • .msp

    • .pdf

    • .pif

    • .potm

    • .ppam

    • .ppsm

    • .ppt

    • .pptm

    • .pptx

    • .reg

    • .scr

    • .sldm

    • .swf

    • .tar

    • .vbe

    • .ws

    • .wsc

    • .wsf

    • .wsh

    • .xlam

    • .xls

    • .xlsm

    • .xlsx

    • .xltm

    • .z

    • .zip

    File signatures can be added either individually, or batch imported via a threat feed, a list of checksums in CSV (comma-separated values), or a plain text file. File signatures also can be exported as a CSV file.

    To add a new file signature manually or via threat feed

    1. Go to Profile > AntiVirus > File Signature.

    2. Click New.

    3. Configure the following:

      GUI item

      Description

      Status

      Enable or disable the profile.

      Name

      Enter a unique name for the profile.

      Comment

      Enter a comment or description.

      Source

      Select where the file signatures are stored, either:

      • Local — On the FortiMail unit.
      • Remote — A threat feed on an external server.

    4. If Source is Local, then configure the following:

      GUI item

      Description

      Type

      Select either:

      • SHA-1

      • SHA-256

      File Signature List

      Click New. Enter the checksum value for a file, and then click OK. Repeat this step until you have entered all of the checksums.

      Else if Source is Remote, then configure the following:

      GUI item

      Description

      Threat feed

      Select a threat feed that contains file signatures. (Its Resource type is Malware Hash.) See also Configuring a threat feed.

    5. Click Create.

    To import a signature list in CSV format

    1. Go to Profile > AntiVirus > File Signature.

    2. Click to select a profile.

    3. Click Import.

    4. Browse to the CSV file and click OK.

      The CSV file must contain SHA-1 or SHA-256 hash values, one per line.

    To export file signatures in CSV format

    1. Go to Profile > AntiVirus > File Signature.

    2. Click to select a profile.

    3. Click Export.

      Depending on your browser settings, your browser may prompt you for a file name and location before downloading the CSV file.

    Previous
    Next

    Configuring file signatures

    Configuring file signatures

    If you have the SHA-1or SHA-256 (Secure Hash Algorithm) hash values of some known virus-infected files, then you can add these values as file signatures and select the action to apply in the antivirus profile (see Configuring antivirus profiles).

    Some file types do not contain viruses, so FortiMail file signature check only supports these attachment file types:

    • .7z

    • .bat

    • .cab

    • .dll

    • .doc

    • .docm

    • .docx

    • .dotm

    • .exe

    • .gz

    • .hta

    • .inf

    • .jar

    • .js

    • .jse

    • .msi

    • .msp

    • .pdf

    • .pif

    • .potm

    • .ppam

    • .ppsm

    • .ppt

    • .pptm

    • .pptx

    • .reg

    • .scr

    • .sldm

    • .swf

    • .tar

    • .vbe

    • .ws

    • .wsc

    • .wsf

    • .wsh

    • .xlam

    • .xls

    • .xlsm

    • .xlsx

    • .xltm

    • .z

    • .zip

    File signatures can be added either individually, or batch imported via a threat feed, a list of checksums in CSV (comma-separated values), or a plain text file. File signatures also can be exported as a CSV file.

    To add a new file signature manually or via threat feed

    1. Go to Profile > AntiVirus > File Signature.

    2. Click New.

    3. Configure the following:

      GUI item

      Description

      Status

      Enable or disable the profile.

      Name

      Enter a unique name for the profile.

      Comment

      Enter a comment or description.

      Source

      Select where the file signatures are stored, either:

      • Local — On the FortiMail unit.
      • Remote — A threat feed on an external server.

    4. If Source is Local, then configure the following:

      GUI item

      Description

      Type

      Select either:

      • SHA-1

      • SHA-256

      File Signature List

      Click New. Enter the checksum value for a file, and then click OK. Repeat this step until you have entered all of the checksums.

      Else if Source is Remote, then configure the following:

      GUI item

      Description

      Threat feed

      Select a threat feed that contains file signatures. (Its Resource type is Malware Hash.) See also Configuring a threat feed.

    5. Click Create.

    To import a signature list in CSV format

    1. Go to Profile > AntiVirus > File Signature.

    2. Click to select a profile.

    3. Click Import.

    4. Browse to the CSV file and click OK.

      The CSV file must contain SHA-1 or SHA-256 hash values, one per line.

    To export file signatures in CSV format

    1. Go to Profile > AntiVirus > File Signature.

    2. Click to select a profile.

    3. Click Export.

      Depending on your browser settings, your browser may prompt you for a file name and location before downloading the CSV file.

    Previous
    Next