Fortinet black logo

CLI Reference

system antivirus

system antivirus

Use this command to configure system-wide FortiGuard Antivirus scan settings.

To use this command, your administrator account’s access control profile must have either w or rw permission to the sysgrp area. For details, see Permissions.

Syntax

config system antivirus

set default-db {basic | extended}

set scan-bzip2 {enable | disable}

set uncomp-size-limit <limit_int>

set uncomp-nest-limit <limit_int>

set use-fsa {enable | disable}

end


Variable Description Default

default-db {basic | extended}

Select which of the antivirus signature databases to use when scanning HTTP POST requests for viruses, either:

  • basic—Select to use only the signatures of viruses and greyware that have been detected by FortiGuard’s networks to be recently spreading in the wild.
  • extended—Select to use all signatures, regardless of whether the viruses or greyware are currently spreading.
basic

scan-bzip2 {enable | disable}

Enable to scan archives that are compressed using the BZIP2 algorithm.

Tip: Scanning BZIP2 archives can be very CPU-intensive. To improve performance, block the BZIP2 file type, then disable this option.

enable

uncomp-size-limit <limit_int>

Type the maximum size in kilobytes (KB) of the memory buffer that FortiWeb will use to temporarily undo the compression that a client or web server has applied to traffic, in order to inspect and/or modify it. For details, see waf file-uncompress-rule.

Caution: Unless you configure otherwise, compressed requests that are too large for this buffer will pass through FortiWeb without scanning or rewriting. This could allow malware to reach your web servers, and cause HTTP body rewriting to fail. If you prefer to block requests greater than this buffer size, configure waf http-protocol-parameter-restriction. To be sure that it will not disrupt normal traffic, first configure action to be alert. If no problems occur, switch it to alert_deny.

The maximum acceptable values are:

102400 KB: FortiWeb 100D, 400C, 400D, 600D, 1000C, 3000CFsx, 3000DFsx, 4000C

204800 KB: FortiWeb 1000D, 2000D, 3000D, 4000D, 1000E, 2000E, 3010E

358400 KB: FortiWeb 3000E, 4000E

5000

uncomp-nest-limit <limit_int>

Type the maximum number of allowed levels of compression (“nesting”) that FortiWeb will attempt to decompress. 12

use-fsa {enable | disable}

Enable to use the Signature Database from FortiSandbox to supplement the AV Signature Database. If enabled, FortiWeb will download the malware package from FortiSandbox's Signature Database every minute. disable

system antivirus

Use this command to configure system-wide FortiGuard Antivirus scan settings.

To use this command, your administrator account’s access control profile must have either w or rw permission to the sysgrp area. For details, see Permissions.

Syntax

config system antivirus

set default-db {basic | extended}

set scan-bzip2 {enable | disable}

set uncomp-size-limit <limit_int>

set uncomp-nest-limit <limit_int>

set use-fsa {enable | disable}

end


Variable Description Default

default-db {basic | extended}

Select which of the antivirus signature databases to use when scanning HTTP POST requests for viruses, either:

  • basic—Select to use only the signatures of viruses and greyware that have been detected by FortiGuard’s networks to be recently spreading in the wild.
  • extended—Select to use all signatures, regardless of whether the viruses or greyware are currently spreading.
basic

scan-bzip2 {enable | disable}

Enable to scan archives that are compressed using the BZIP2 algorithm.

Tip: Scanning BZIP2 archives can be very CPU-intensive. To improve performance, block the BZIP2 file type, then disable this option.

enable

uncomp-size-limit <limit_int>

Type the maximum size in kilobytes (KB) of the memory buffer that FortiWeb will use to temporarily undo the compression that a client or web server has applied to traffic, in order to inspect and/or modify it. For details, see waf file-uncompress-rule.

Caution: Unless you configure otherwise, compressed requests that are too large for this buffer will pass through FortiWeb without scanning or rewriting. This could allow malware to reach your web servers, and cause HTTP body rewriting to fail. If you prefer to block requests greater than this buffer size, configure waf http-protocol-parameter-restriction. To be sure that it will not disrupt normal traffic, first configure action to be alert. If no problems occur, switch it to alert_deny.

The maximum acceptable values are:

102400 KB: FortiWeb 100D, 400C, 400D, 600D, 1000C, 3000CFsx, 3000DFsx, 4000C

204800 KB: FortiWeb 1000D, 2000D, 3000D, 4000D, 1000E, 2000E, 3010E

358400 KB: FortiWeb 3000E, 4000E

5000

uncomp-nest-limit <limit_int>

Type the maximum number of allowed levels of compression (“nesting”) that FortiWeb will attempt to decompress. 12

use-fsa {enable | disable}

Enable to use the Signature Database from FortiSandbox to supplement the AV Signature Database. If enabled, FortiWeb will download the malware package from FortiSandbox's Signature Database every minute. disable