Creating an AV profile
You must configure AV profiles to use the anti-virus service module, which can be done either from the GUI or the Console. Once created, you can include your AV profiles when creating advanced virtual server profiles that use the HTTP or HTTPS protocol. For more information, refer to Configuring virtual servers.
Configure AV profiles from the GUI
To configure an AV profile from the GUI:
- Click Network Security>Anti Virus.
- Select the Profile tab.
- Click the Create New button.
- Make the entries or selections as described in AV profile configuration.
- Click Save when done.
Settings | Description |
Name |
A unique name for the AV profile. Note: An AV profile name can contain up to 63 alphanumeric characters. |
Comments |
A brief description of the profile. Note: A description can be up to 1024 alphanumeric characters long. |
Uncomp Size Limit |
The maximum size in MB of the memory buffer used to temporarily decompress files. Note: The default is 1 MB. Valid values range from 1 to 10 MB. |
Uncomp Nest Limit |
The maximum number of levels of nesting (compression) allowed for the system to decompress. Note: The default is 2. Valid values range from 2 to 100. |
Scan Bzip2 |
Scan archives using the bzip2 algorithm. Note: Disabled by default. |
Streaming Content Bypass |
Enable or disable bypass streaming content (rather than buffering it). Note: Enabled by default. |
Oversize Limit |
The maximum in-memory file size in KB to be scanned. Note: The default is 1024 KB. Valid values range from 1 to 1024 KB. |
Oversize |
Select one of the options for the system to handle over-sized files:
Note: The default option is Bypass. |
Options |
Select an option for the system to handle infected files:
Note: The default is AV Monitor. |
Emulator |
Enable or disable the Win32 Emulator. Note: Disabled by default to improve throughput. |
FSA Analytics |
Select an option to submit files to to FortiSandbox.
Note: The default is Disable. |
Analytics Max Upload |
The maximum file size in KB allowed to upload to FortiSandbox. Note: The default is 1024 KB. Valid values range from 1 to 2048 KB. |
Analytics DB |
Enable or disable supplementing the AV signature databases with the FortiSandbox signature database. Note: Disabled by default. |
AV Virus Log |
Enable or disable logging for anti-virus scanning. Note: Enabled by default. |
Note that FortiADC currently imposes no restriction on the types of files that can be uploaded for AV analysis or evaluation. When scanning files for viruses, it makes no distinction between viruses and Trojans, and submits all suspicious files to FortiSandbox for evaluation. A log is generated whenever a file is uploaded to FortiSandbox.
Configure AV profiles from the Console
To configure an AV profile from the Console, execute the following commands:
config security antivirus profile
edit <name_str>
set comment <var-string>
set uncomp-size-limit <limit_int>
set uncomp-nest-limit <limit_int>
set scan-bzip2 {enable | disable}
set streaming-content-bypass {enable | disable}
set oversize-limit <size_int>
set oversize {bypass | log | block}
set options {avmonitor | quarantine}
set emulator {enable | disable}
set fsa-analytics {disable | suspicious | everything}
set analytics-max-upload <integer>
set analytics-db {disable | enable}
set av-virus-log {enable | disable}
end