Administration Guide

Email concepts and process workflow
- Email protocols
- Client-server connections in SMTP
- DNS role in email delivery
- How FortiMail processes email
- FortiMail operation modes
- FortiMail high availability
- FortiMail management methods
Setting up the FortiMail system
- Connecting to the GUI or CLI
- Choosing the operation mode
- Running the Quick Start Wizard
- Connecting to FortiGuard services
- Gateway mode deployment
- Transparent mode deployment
- Server mode deployment
- Testing the installation
- Backing up the configuration
Using the dashboard
- Viewing the dashboard
- Using the CLI Console
Using FortiView
- Viewing mail statistics
- View threat statistics
- View outbreak statistics
- Viewing top user statistics
- Viewing current IP sessions
Monitoring the system
- Viewing log messages
- Managing the quarantines
- Managing the mail queue
- Viewing DMARC report statistics
  - Viewing the DMARC and SPF report summary
  - Viewing details about DMARC and SPF report statistics
- Viewing the greylist statuses
- Viewing sender, authentication and endpoint reputation
- Managing archived email
- Viewing reports
Centrally monitoring the HA cluster
- Viewing the cluster status
- Viewing HA cluster mail statistics
- Viewing HA cluster threat statistics
- Searching the HA cluster logs
Configuring system settings
- Configuring network settings
- Configuring administrator accounts and access profiles
- Configuring system time, options, and other system options
- Configuring mail settings
- Customizing GUI, custom messages, email templates, and Security Fabric
- Configuring single sign-on (SSO)
- Configuring RAID
- Using high availability (HA)
- Managing certificates
- Using FortiNDR malware inspection
- Using FortiSandbox antivirus inspection
- Configuring FortiGuard services and licensed features
  - Configuring licensed features
    - Configuring image analysis
- System maintenance
- System utility
Configuring domains and users
- Configuring protected domains
- Managing users
- Configuring user aliases
- Configuring address mappings
- Configuring IBE users
- Configuring the address book
- Sharing calendars and address books (server mode only)
- Migrating email from other mail servers (server mode only)
Configuring policies
- What is a policy?
- How to use policies
- Controlling SMTP access and delivery
- Controlling email based on IP addresses
- Controlling email based on sender and recipient addresses
Configuring profiles
- Configuring session profiles
- Configuring antispam profiles and actions
- Configuring antivirus profiles, file signatures, and actions
- Configuring content profiles and content action profiles
- Configuring replacement message profiles and variables
- Configuring resource profiles
- Workflow to enable and configure authentication of email users
- Configuring authentication profiles
- Configuring LDAP profiles
- Configuring dictionary profiles
- Configuring security profiles
- Configuring IP pools
- Configuring email, IP and GeoIP groups
- Configuring notification profiles
Configuring security settings
- Configuring URL filter profiles
- Configuring a threat feed
  - Types and file formats of threat feeds
- Configuring content disarming and reconstruction
- Configuring authentication reputation
- Configuring email quarantines and quarantine reports
- Configuring the block lists and safe lists
- Configuring greylisting
- Configuring bounce verification and tagging
- Configuring sender rewriting scheme
- Configuring endpoint reputation
- Configuring preferences
- Training and maintaining the Bayesian databases
Configuring encryption settings
- Configuring IBE encryption
- Configuring certificate bindings
Configuring data loss prevention
- DLP configuration workflow
- Defining the sensitive data
- Configuring DLP rules
- Configuring DLP profiles
Archiving email
- Email archiving workflow
- Configuring email archiving accounts
- Configuring email archiving policies
- Configuring email archiving exemptions
Logs, reports, and alerts
- About FortiMail logging
- Configuring logging
- Configuring report profiles and generating reports
- Configuring alert email
Microsoft 365, Exchange and Google Workspace threat remediation
- Microsoft 365, Exchange, and Google Workspace protection workflow
- To create a Microsoft Exchange account
- Configuring scanning policies
- Configuring profiles
- Monitoring log messages
Managing firmware and configuration
- Testing firmware before installing it
- Installing firmware
- Clean installing firmware
- Upgrading firmware on HA units
Best practices and fine tuning
- General security tuning
- System security tuning
- Network topology tuning
- High availability (HA) tuning
- SMTP connectivity tuning
- Antispam tuning
- Policy tuning
- System maintenance tips
- Performance tuning
Troubleshooting
- Establish a system baseline
- Define the problem
- Search for a known solution
- Create a troubleshooting plan
- Gather system information
- Troubleshoot hardware issues
- Troubleshoot GUI and CLI connection issues
- Troubleshoot FortiGuard connection issues
- Troubleshoot MTA issues
- Troubleshoot antispam issues
- Troubleshoot HA issues
- Troubleshoot resource issues
- Troubleshoot bootup issues
- Troubleshoot installation issues
- Contact Fortinet customer support for assistance
Setup for email users
- Training Bayesian databases
- Managing tagged spam
- Accessing the personal quarantine and webmail
- Sending email from an email client (gateway and transparent mode)
Appendix A: Supported RFCs
Appendix B: Maximum Values
Appendix C: Port Numbers
Appendix D: Wildcards and regular expressions
- Special characters with regular expressions and wildcards
- Case sensitivity
- Modifiers
- Word boundary
- Syntax
- Example regular expressions
Appendix E: Working with TLS/SSL
- About TLS/SSL
- How TLS/SSL works
- FortiMail support of TLS/SSL
- Troubleshooting FortiMail TLS issues
Appendix F: PKI Authentication
- Introduction to PKI authentication
- FortiMail PKI architecture
- Configuring PKI authentication on FortiMail
Change log

Home FortiMail 7.6.1 Administration Guide

7.6.1

Configuring antivirus profiles

Go to Profile > AntiVirus > AntiVirus to create antivirus profiles that you can select in a policy in order to scan email for viruses.

The FortiMail unit scans email header, body, and attachments (including compressed files, such as ZIP, PKZIP, LHA, ARJ, and RAR files) for virus infections. If the FortiMail unit detects a virus, it will take actions as you define in the antivirus action profiles. For details, see Configuring antivirus action profiles.

FortiMail keeps its antivirus scan engine and virus signature database up-to-date by connecting to Fortinet FortiGuard Distribution Network (FDN) antivirus services.

To configure an antivirus profile

Go to Profile > AntiVirus > AntiVirus.
Either click New to add a profile or double-click a profile to modify it.

Configure the following:

GUI item	Description
Domain	Select which protected domain this profile belongs to, or System (all protected domains can use this profile). You can only see the domains that are permitted by your administrator profile. See About administrator account permissions and domains.
Name	Enter a unique name for the profile.
Comment	Enter a comment or description.
Default action	Select the action profile to apply when the profile detects a virus. For each scan in the profile, you can use its Action setting to override this default and select a more specific behavior. See also Configuring antivirus action profiles.

Click the arrows to expand each section and configure the following:

GUI item			Description
AntiVirus			Enable to perform antivirus scanning.
	Malware/virus Outbreak		Instead of using virus signatures, malware outbreak protection uses data analytic from the FortiGuard Service. For example, if a threshold volume of previously unknown attachments are being sent from known malicious sources, they are treated as suspicious viruses. This feature can help quickly identify new threats. Because the infected email is treated as virus, the virus replacement message will be used, if the replacement action is triggered.
	Heuristic		Enable to use real-time malware analysis, or heuristic antivirus scan, when performing antivirus scanning.
	File signature check		Enable to scan for file signatures. For details, see Configuring file signatures.
	Grayware		Enable to scan for grayware, such as mail bomb detection.
FortiNDR			Enable this option to send potentially harmful attachments, such as executables, PDF, and OCX files, to FortiNDR for further malware analysis. For details about FortiNDR configuration, see Using FortiNDR malware inspection.
	Malicious/Virus High risk Medium risk Low risk		Specify the action to take if the FortiNDR analysis determines that the email messages have malware or other threat qualities. You can specify different actions according to the threat levels.
FortiSandbox			Enable this option to send potentially harmful attachments, such as executables, PDF, and OCX files, to FortiSandbox for further analysis. For details about FortiSandbox configuration, see Using FortiSandbox antivirus inspection.
	Scan mode		Submit and wait for result means to wait for scan results before delivering the email. Submit only means to submit the email to FortiSandbox but still deliver the mail without waiting for scan results.
	Attachment analysis		Enable to send email attachments to FortiSandbox. If desired, configure different actions for different scan results.
		Malicious/Virus High risk Medium risk Low risk No Result	Specify the action to take if the FortiSandbox analysis determines that the email messages have virus or other threat qualities. You can specify different actions according to the threat levels.
	URL analysis		Enable to send the URLs to FortiSandbox. If desired, configure different actions for different scan results.
		Email selection	Specify to scan URLs in all email or the suspicious email only.
		Malicious/Virus High risk Medium risk Low risk No Result	Specify the action to take if the FortiSandbox analysis determines that the email messages have virus or other threat qualities. You can specify different actions according to the threat levels.