Fortinet black logo

Handbook

MMS scanning options

6.0.0
Copy Link
Copy Doc ID 4afb0436-a998-11e9-81a4-00505692583a:615343
Download PDF

MMS scanning options

You can configure MMS scanning protection profile options to apply virus scanning, file filtering, content filtering, carrier endpoint blocking, and other scanning to MMS messages transmitted using the MM1, MM3, MM4 and MM7 protocols.

The following are the MMS Scanning options that are available within an MMS profile. You can create an MMS profile in Security Profiles > MMS Profile or edit an existing one. You must expand MMS Scanning to access the following options.

MMS Scanning section of the New MMS Profile page
Monitor Only Select to cause the unit to record log messages when MMS scanning options find a virus, match a file name, or match content using any of the other MMS scanning options. Select this option to be able to report on viruses and other problems in MMS traffic without affecting users.

Tip: Select Remove Blocked if you want the unit to actually remove content intercepted by MMS scanning options.
Virus Scan Select to scan attachments in MMS traffic for viruses.

Since MM1 and MM7 use HTTP, the oversize limits for HTTP and the HTTP antivirus port configuration also applies to MM1 and MM7 scanning.

MM3 and MM4 use SMTP and the oversize limits for SMTP and the SMTP antivirus port configuration also applies to MM3 and MM4 scanning.
Scan MM1 message retrieval Select to scan message retrievals that use MM1. If you enable Virus Scan for all MMS interfaces, messages are also scanned while being sent. In this case, you can disable MM1 message retrieval scanning to improve performance.
Remove Blocked Select to remove blocked content from each protocol and replace it with the replacement message.

Select Constant if the unit is to preserve the length of the message when removing blocked content, as may occur when billing is affected by the length of the message.

Tip: If you only want to monitor blocked content, select Monitor Only.
Content Filter Select to filter messages based on matching the content of the message with the words or patterns in the selected web content filter list.
Carrier Endpoint Block Select to add Carrier Endpoint Filtering in this MMS profile. Select the carrier endpoint filter list to apply it to the profile.
MMS Content Checksum Select to add MMS Content Checksum in this MMS profile. Select the MMS content checksum list to apply it to the profile.
Pass Fragmented Messages Select to pass fragmented MM3 and MM4 messages. Fragmented MMS messages cannot be scanned for viruses. If you do not select these options, fragmented MM3 and MM4 message are blocked.
Comfort Clients Select client comforting for MM1 and MM7 sessions.

Since MM1 and MM7 messages use HTTP, MM1 and MM7 client comforting operates like HTTP client comforting.
Comfort Servers Select server comforting for each protocol.

Similar to client comforting, you can use server comforting to prevent server connection timeouts that can occur while waiting for the unit to buffer and scan large POST requests from slow clients.
Interval (1-900 seconds) Enter the time in seconds before client and server comforting starts after the download has begun, and the time between sending subsequent data.
Amount (1-10240 bytes) The number of bytes sent by client or server comforting at each interval.
Oversized MMS Message Select Block or Pass for files and email messages exceeding configured thresholds for each protocol.

The oversize threshold refers to the final size of the message, including attachments, after encoding by the client. Clients can use a variety of encoding types; some result in larger file sizes than the original attachment. As a result, a file may be blocked or logged as oversized even if the attachment is several megabytes smaller than the oversize threshold.
Threshold (1KB - 800 MB) Enter the oversized file threshold and select KB or MB. If a file is larger than the threshold the file is passed or blocked depending on the Oversized MMS Message setting. The GUI displays the allowed threshold range. The threshold maximum is 10% of the unit’s RAM.

MMS scanning options

You can configure MMS scanning protection profile options to apply virus scanning, file filtering, content filtering, carrier endpoint blocking, and other scanning to MMS messages transmitted using the MM1, MM3, MM4 and MM7 protocols.

The following are the MMS Scanning options that are available within an MMS profile. You can create an MMS profile in Security Profiles > MMS Profile or edit an existing one. You must expand MMS Scanning to access the following options.

MMS Scanning section of the New MMS Profile page
Monitor Only Select to cause the unit to record log messages when MMS scanning options find a virus, match a file name, or match content using any of the other MMS scanning options. Select this option to be able to report on viruses and other problems in MMS traffic without affecting users.

Tip: Select Remove Blocked if you want the unit to actually remove content intercepted by MMS scanning options.
Virus Scan Select to scan attachments in MMS traffic for viruses.

Since MM1 and MM7 use HTTP, the oversize limits for HTTP and the HTTP antivirus port configuration also applies to MM1 and MM7 scanning.

MM3 and MM4 use SMTP and the oversize limits for SMTP and the SMTP antivirus port configuration also applies to MM3 and MM4 scanning.
Scan MM1 message retrieval Select to scan message retrievals that use MM1. If you enable Virus Scan for all MMS interfaces, messages are also scanned while being sent. In this case, you can disable MM1 message retrieval scanning to improve performance.
Remove Blocked Select to remove blocked content from each protocol and replace it with the replacement message.

Select Constant if the unit is to preserve the length of the message when removing blocked content, as may occur when billing is affected by the length of the message.

Tip: If you only want to monitor blocked content, select Monitor Only.
Content Filter Select to filter messages based on matching the content of the message with the words or patterns in the selected web content filter list.
Carrier Endpoint Block Select to add Carrier Endpoint Filtering in this MMS profile. Select the carrier endpoint filter list to apply it to the profile.
MMS Content Checksum Select to add MMS Content Checksum in this MMS profile. Select the MMS content checksum list to apply it to the profile.
Pass Fragmented Messages Select to pass fragmented MM3 and MM4 messages. Fragmented MMS messages cannot be scanned for viruses. If you do not select these options, fragmented MM3 and MM4 message are blocked.
Comfort Clients Select client comforting for MM1 and MM7 sessions.

Since MM1 and MM7 messages use HTTP, MM1 and MM7 client comforting operates like HTTP client comforting.
Comfort Servers Select server comforting for each protocol.

Similar to client comforting, you can use server comforting to prevent server connection timeouts that can occur while waiting for the unit to buffer and scan large POST requests from slow clients.
Interval (1-900 seconds) Enter the time in seconds before client and server comforting starts after the download has begun, and the time between sending subsequent data.
Amount (1-10240 bytes) The number of bytes sent by client or server comforting at each interval.
Oversized MMS Message Select Block or Pass for files and email messages exceeding configured thresholds for each protocol.

The oversize threshold refers to the final size of the message, including attachments, after encoding by the client. Clients can use a variety of encoding types; some result in larger file sizes than the original attachment. As a result, a file may be blocked or logged as oversized even if the attachment is several megabytes smaller than the oversize threshold.
Threshold (1KB - 800 MB) Enter the oversized file threshold and select KB or MB. If a file is larger than the threshold the file is passed or blocked depending on the Oversized MMS Message setting. The GUI displays the allowed threshold range. The threshold maximum is 10% of the unit’s RAM.