Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
All Products
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Web Application Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • Web Application / API Protection
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions
    • All Products

    CLI Reference

    Home FortiWeb 8.0.3 CLI Reference
    8.0.3
    8.0.3
    8.0.2
    8.0.1
    8.0.0
    7.6.7
    7.6.6
    7.6.5
    7.6.4
    7.6.3
    7.6.1
    7.6.0
    7.4.12
    7.4.11
    7.4.10
    7.4.9
    7.4.8
    7.4.7
    7.4.6
    7.4.5
    7.4.4
    7.4.3
    7.4.2
    7.4.1
    7.4.0
    7.2.12
    7.2.11
    7.2.10
    7.2.9
    7.2.8
    7.2.7
    7.2.6
    7.2.5
    7.2.4
    7.2.3
    7.2.2
    7.2.1
    7.2.0
    7.0.12
    7.0.11
    7.0.10
    7.0.9
    7.0.8
    7.0.7
    7.0.7
    7.0.6
    7.0.5
    7.0.4
    7.0.3
    7.0.2
    7.0.1
    7.0.0
    6.4.3
    6.3.23
    6.2.8
    6.1.4
    5.7.0
    5.6.1
    5.6.0

    scand av

    scand av

    Use this command to monitor and troubleshoot the antivirus (AV) scanning framework. In this architecture, AV scanning is offloaded from the Proxyd process to a dedicated Dlpd daemon, which manages multiple child processes (avscan) for asynchronous, non-blocking payload inspection.

    This design ensures that if a scanning child process crashes or hangs, it is automatically terminated and restarted by Dlpd without impacting the main WAF traffic flow. Administrators can also manually verify file scanning behavior using the standalone tool # /bin/avscan <file | dir>.

    Syntax

    execute scand av {clear-cache | clear-stats | show-cache-summary | show-stats}

    Variable Description Default

    clear-cache

    Clears all entries currently stored in the AV verdict hash table.

    Note: The AV cache is not automatically cleared when configurations change; you must manually execute this command to apply new settings to files already stored in the cache.

    No default.

    clear-stats

    Resets all AV scanning performance and error counters to zero.

    No default.

    show-cache-summary

    Displays a summary of the AV verdict cache, which reduces redundant processing by storing scan results.

    • max — The maximum capacity of the hash table (50K, 100K, or 200K depending on the platform).

    • cur_cnt — Number of entries currently in the cache.

    • pending_cnt — Number of requests currently awaiting a verdict.

    • clean_cnt — Count of files identified as clean.

    • virus_cnt — Count of files identified as malicious.

    • stuck_cnt — Number of entries that reached a timeout state during scanning.

    • peak_time — The longest scan duration processed.

    • peak_size — The largest file size processed.

    No default.

    show-stats

    Displays detailed operational statistics for backend workers and request queues.

    • scan_worker_number — The number of configured backend scan processes.

    • scan_worker_timeout — The timeout value for backend scans.

    • verdict_req_cnt — Total verdict requests received from WAF modules.

    • verdict_req_found_cnt — Count of requests satisfied by the verdict cache.

    • scan_req_cnt — Total unique scan requests sent to backend workers.

    • scan_req_input_err_cnt — Count of scan request input errors.

    • scan_req_enq_err_cnt — Count of scan request enqueue errors.

    • scan_enq_cnt — Count of items added to the scan input queue.

    • scan_deq_cnt — Count of items removed from the scan input queue.

    • pending_verdict_hash_insert_cnt — Count of pending entries inserted into the verdict hash table.

    • pending_verdict_hash_insert_err_cnt — Count of errors when inserting pending entries into the hash table.

    • verdict_enq_cnt — Count of results received from avscan child processes added to the result queue.

    • verdict_hash_found_cnt — Count of verdict entries successfully found and updated in the hash table.

    • verdict_hash_insert_cnt — Count of verdict entries successfully added to the hash table.

    • verdict_hash_insert_err_cnt — Count of errors when adding verdict entries to the hash table.

    • wkr_timeout_cnt — Total number of backend scan timeouts.

    • child_restart_tx_error_cnt — Count of child process restarts due to transmission errors.

    • child_restart_rx_error_cnt — Count of child process restarts due to reception errors.

    • child_restart_rx_timeout_cnt — Count of child process restarts due to reception timeouts.

    • child_start_but_not_ready_cnt — Count of child process restarts when a newly started child becomes stuck.

    • child_restart_but_not_ready_cnt — Count of child process restarts when a restarted child becomes stuck.

    • wkr_current_busy_cnt — Number of worker threads currently waiting for results from a child process.

    • cfg_update_enq_cnt — Count of antivirus configuration updates added to the queue.

    • cfg_update_deq_cnt — Count of antivirus configuration updates removed from the queue.

    • pkg_update_enq_cnt — Count of AV package updates added to the queue.

    • pkg_update_deq_cnt — Count of AV package updates removed from the queue.

    • update_timeout_cnt — Count of configuration or package update timeouts.

    • clear_stats_cnt — Number of times the execute scand av clear-stats command has been used.

    No default.
    Previous
    Next

    scand av

    scand av

    Use this command to monitor and troubleshoot the antivirus (AV) scanning framework. In this architecture, AV scanning is offloaded from the Proxyd process to a dedicated Dlpd daemon, which manages multiple child processes (avscan) for asynchronous, non-blocking payload inspection.

    This design ensures that if a scanning child process crashes or hangs, it is automatically terminated and restarted by Dlpd without impacting the main WAF traffic flow. Administrators can also manually verify file scanning behavior using the standalone tool # /bin/avscan <file | dir>.

    Syntax

    execute scand av {clear-cache | clear-stats | show-cache-summary | show-stats}

    Variable Description Default

    clear-cache

    Clears all entries currently stored in the AV verdict hash table.

    Note: The AV cache is not automatically cleared when configurations change; you must manually execute this command to apply new settings to files already stored in the cache.

    No default.

    clear-stats

    Resets all AV scanning performance and error counters to zero.

    No default.

    show-cache-summary

    Displays a summary of the AV verdict cache, which reduces redundant processing by storing scan results.

    • max — The maximum capacity of the hash table (50K, 100K, or 200K depending on the platform).

    • cur_cnt — Number of entries currently in the cache.

    • pending_cnt — Number of requests currently awaiting a verdict.

    • clean_cnt — Count of files identified as clean.

    • virus_cnt — Count of files identified as malicious.

    • stuck_cnt — Number of entries that reached a timeout state during scanning.

    • peak_time — The longest scan duration processed.

    • peak_size — The largest file size processed.

    No default.

    show-stats

    Displays detailed operational statistics for backend workers and request queues.

    • scan_worker_number — The number of configured backend scan processes.

    • scan_worker_timeout — The timeout value for backend scans.

    • verdict_req_cnt — Total verdict requests received from WAF modules.

    • verdict_req_found_cnt — Count of requests satisfied by the verdict cache.

    • scan_req_cnt — Total unique scan requests sent to backend workers.

    • scan_req_input_err_cnt — Count of scan request input errors.

    • scan_req_enq_err_cnt — Count of scan request enqueue errors.

    • scan_enq_cnt — Count of items added to the scan input queue.

    • scan_deq_cnt — Count of items removed from the scan input queue.

    • pending_verdict_hash_insert_cnt — Count of pending entries inserted into the verdict hash table.

    • pending_verdict_hash_insert_err_cnt — Count of errors when inserting pending entries into the hash table.

    • verdict_enq_cnt — Count of results received from avscan child processes added to the result queue.

    • verdict_hash_found_cnt — Count of verdict entries successfully found and updated in the hash table.

    • verdict_hash_insert_cnt — Count of verdict entries successfully added to the hash table.

    • verdict_hash_insert_err_cnt — Count of errors when adding verdict entries to the hash table.

    • wkr_timeout_cnt — Total number of backend scan timeouts.

    • child_restart_tx_error_cnt — Count of child process restarts due to transmission errors.

    • child_restart_rx_error_cnt — Count of child process restarts due to reception errors.

    • child_restart_rx_timeout_cnt — Count of child process restarts due to reception timeouts.

    • child_start_but_not_ready_cnt — Count of child process restarts when a newly started child becomes stuck.

    • child_restart_but_not_ready_cnt — Count of child process restarts when a restarted child becomes stuck.

    • wkr_current_busy_cnt — Number of worker threads currently waiting for results from a child process.

    • cfg_update_enq_cnt — Count of antivirus configuration updates added to the queue.

    • cfg_update_deq_cnt — Count of antivirus configuration updates removed from the queue.

    • pkg_update_enq_cnt — Count of AV package updates added to the queue.

    • pkg_update_deq_cnt — Count of AV package updates removed from the queue.

    • update_timeout_cnt — Count of configuration or package update timeouts.

    • clear_stats_cnt — Number of times the execute scand av clear-stats command has been used.

    No default.
    Previous
    Next