Fortinet black logo

Handbook

Creating an AV profile

Creating an AV profile

You must configure AV profiles to use the anti-virus service module, which can be done either from the GUI or the Console. Once created, you can include your AV profiles when creating advanced virtual server profiles that use the HTTP or HTTPS protocol. For more information, refer to Configuring virtual servers.

Configure AV profiles from the GUI

To configure an AV profile from the GUI:

  1. Click Network Security>Anti Virus.
  2. Select the Profile tab.
  3. Click the Create New button.
  4. Make the entries or selections as described in AV profile configuration.
  5. Click Save when done.

AV profile configuration

Settings Description
Name

A unique name for the AV profile.

Note: An AV profile name can contain up to 63 alphanumeric characters.

Comments

A brief description of the profile.

Note: A description can be up to 1024 alphanumeric characters long.

Uncomp Size Limit

The maximum size in MB of the memory buffer used to temporarily decompress files.

Note: The default is 1 MB. Valid values range from 1 to 10 MB.

Uncomp Nest Limit

The maximum number of levels of nesting (compression) allowed for the system to decompress.

Note: The default is 2. Valid values range from 2 to 100.

Scan Bzip2

Scan archives using the bzip2 algorithm.

Note: Disabled by default.

Streaming Content Bypass

Enable or disable bypass streaming content (rather than buffering it).

Note: Enabled by default.

Oversize Limit

The maximum in-memory file size in KB to be scanned.

Note: The default is 1024 KB. Valid values range from 1 to 1024 KB.

Oversize

Select one of the options for the system to handle over-sized files:

  • Bypass—Ignore oversized files.
  • Log—Log and block oversized files.
  • Block—Block oversized files.

Note: The default option is Bypass.

Options

Select an option for the system to handle infected files:

  • AV Monitor—Monitor and log infected files.
  • Quarantine—Monitor, log, and quarantine infected files.

Note: The default is AV Monitor.

Emulator

Enable or disable the Win32 Emulator.

Note: Disabled by default to improve throughput.

FSA Analytics

Select an option to submit files to to FortiSandbox.

  • Disable—No file is submitted.
  • Suspicious—Only suspicious files are submitted.
  • All—All files are submitted.

Note: The default is Disable.

Analytics Max Upload

The maximum file size in KB allowed to upload to FortiSandbox.

Note: The default is 1024 KB. Valid values range from 1 to 2048 KB.

Analytics DB

Enable or disable supplementing the AV signature databases with the FortiSandbox signature database.

Note: Disabled by default.

AV Virus Log

Enable or disable logging for anti-virus scanning.

Note: Enabled by default.

Note that FortiADC currently imposes no restriction on the types of files that can be uploaded for AV analysis or evaluation. When scanning files for viruses, it makes no distinction between viruses and Trojans, and submits all suspicious files to FortiSandbox for evaluation. A log is generated whenever a file is uploaded to FortiSandbox.

Configure AV profiles from the Console

To configure an AV profile from the Console, execute the following commands:

config security antivirus profile

edit <name_str>

set comment <var-string>

set uncomp-size-limit <limit_int>

set uncomp-nest-limit <limit_int>

set scan-bzip2 {enable | disable}

set streaming-content-bypass {enable | disable}

set oversize-limit <size_int>

set oversize {bypass | log | block}

set options {avmonitor | quarantine}

set emulator {enable | disable}

set fsa-analytics {disable | suspicious | everything}

set analytics-max-upload <integer>

set analytics-db {disable | enable}

set av-virus-log {enable | disable}

end

Creating an AV profile

You must configure AV profiles to use the anti-virus service module, which can be done either from the GUI or the Console. Once created, you can include your AV profiles when creating advanced virtual server profiles that use the HTTP or HTTPS protocol. For more information, refer to Configuring virtual servers.

Configure AV profiles from the GUI

To configure an AV profile from the GUI:

  1. Click Network Security>Anti Virus.
  2. Select the Profile tab.
  3. Click the Create New button.
  4. Make the entries or selections as described in AV profile configuration.
  5. Click Save when done.

AV profile configuration

Settings Description
Name

A unique name for the AV profile.

Note: An AV profile name can contain up to 63 alphanumeric characters.

Comments

A brief description of the profile.

Note: A description can be up to 1024 alphanumeric characters long.

Uncomp Size Limit

The maximum size in MB of the memory buffer used to temporarily decompress files.

Note: The default is 1 MB. Valid values range from 1 to 10 MB.

Uncomp Nest Limit

The maximum number of levels of nesting (compression) allowed for the system to decompress.

Note: The default is 2. Valid values range from 2 to 100.

Scan Bzip2

Scan archives using the bzip2 algorithm.

Note: Disabled by default.

Streaming Content Bypass

Enable or disable bypass streaming content (rather than buffering it).

Note: Enabled by default.

Oversize Limit

The maximum in-memory file size in KB to be scanned.

Note: The default is 1024 KB. Valid values range from 1 to 1024 KB.

Oversize

Select one of the options for the system to handle over-sized files:

  • Bypass—Ignore oversized files.
  • Log—Log and block oversized files.
  • Block—Block oversized files.

Note: The default option is Bypass.

Options

Select an option for the system to handle infected files:

  • AV Monitor—Monitor and log infected files.
  • Quarantine—Monitor, log, and quarantine infected files.

Note: The default is AV Monitor.

Emulator

Enable or disable the Win32 Emulator.

Note: Disabled by default to improve throughput.

FSA Analytics

Select an option to submit files to to FortiSandbox.

  • Disable—No file is submitted.
  • Suspicious—Only suspicious files are submitted.
  • All—All files are submitted.

Note: The default is Disable.

Analytics Max Upload

The maximum file size in KB allowed to upload to FortiSandbox.

Note: The default is 1024 KB. Valid values range from 1 to 2048 KB.

Analytics DB

Enable or disable supplementing the AV signature databases with the FortiSandbox signature database.

Note: Disabled by default.

AV Virus Log

Enable or disable logging for anti-virus scanning.

Note: Enabled by default.

Note that FortiADC currently imposes no restriction on the types of files that can be uploaded for AV analysis or evaluation. When scanning files for viruses, it makes no distinction between viruses and Trojans, and submits all suspicious files to FortiSandbox for evaluation. A log is generated whenever a file is uploaded to FortiSandbox.

Configure AV profiles from the Console

To configure an AV profile from the Console, execute the following commands:

config security antivirus profile

edit <name_str>

set comment <var-string>

set uncomp-size-limit <limit_int>

set uncomp-nest-limit <limit_int>

set scan-bzip2 {enable | disable}

set streaming-content-bypass {enable | disable}

set oversize-limit <size_int>

set oversize {bypass | log | block}

set options {avmonitor | quarantine}

set emulator {enable | disable}

set fsa-analytics {disable | suspicious | everything}

set analytics-max-upload <integer>

set analytics-db {disable | enable}

set av-virus-log {enable | disable}

end