<profile_name>

Enter the name of an antivirus action profile.

action {discard | domain-quarantine | none | reject | repackage | repackage-with-cmsg | rewrite-rcpt | system-quarantine}

Enter an action for the profile.

• discard: Accept the email, but then delete it instead of delivering the email, without notifying the SMTP client.

• domain-quarantine: Redirect the email to the per-domain quarantine. This option is only available with a valid advanced management feature license.

• none: Apply any configured header or subject line tags, if any.

• reject: Reject the email and reply to the SMTP client with SMTP reply code 550.

• repackage: Forward the infected email as an attachment but the original email body will still be used without modification.

• repackage-with-cmsg: Forward the infected email as an attachment with the customized email body that you define in the custom email template. For example, in the template, you may want to say “The attached email is infected by a virus”.

• rewrite-rcpt: Change the recipient address. Configure rewrites separately for the local-part (the portion of the email address before the "@" symbol, typically a user name) and the domain part (the portion of the email address after the "@" symbol).

  If you select this option, also configure rewrite-rcpt-local-type {none | prefix | replace | suffix}, rewrite-rcpt-local-value <value_str>, rewrite-rcpt-domain-type {none-prefix | replace | suffix}, and rewrite-rcpt-domain-value <value_str>.

• system-quarantine: Redirect the email to the system quarantine.

See also information about final vs. non-final actions and quarantines.

alternate-host {<relay_fqdn> | <relay_ipv4>}

Type the fully qualified domain name (FQDN) or IP address of the alternate relay or SMTP server.

This field applies only if alternate-host-status {enable | disable} is enable.

alternate-host-status {enable | disable}

Enable to route the email to a specific SMTP server or relay. Also configure alternate-host {<relay_fqdn> | <relay_ipv4>}.

Note: If you enable this setting, for all email that matches the profile, the FortiMail unit will use this destination and ignore mailsetting relay-host-list and the protected domain’s tp-use-domain-mta {yes | no} setting.

archive-account <account_name>

Enter the archive account.

archive-status {enable | disable}

Enable or disable message archiving.

bcc-addr <recipient_email>

Type the blind carbon copy (BCC) recipient email address.

This setting applies only if bcc-status {enable | disable} is enable.

bcc-env-from-addr <bcc_email>

Enter an envelope from BCC address. In the case that email is not deliverable and bounced back, the email is returned to this email address instead of the original sender. This is helpful when you want to use a specific email to collect bounce notifications.

This field applies only if bcc-env-from-status {enable | disable} is enable.

bcc-env-from-status {enable | disable}

Enable to specify an envelope from address.

bcc-status {enable | disable}

Enable to send a BCC of the email. Also configure bcc-env-from-addr <bcc_email>.

comment "<comment_str>"

Enter a description or comment.

deliver-to-original-host {enable | disable}

Enable to deliver the message to the original host.

disclaimer-insertion {enable | disable}

Enable to insert a disclaimer.

disclaimer-insertion-content <message_name>

Select which message content to insert.

disclaimer-insertion-location {beginning | end}

Select whether to insert the disclaimer at the start or end.

header-insertion-name <name_str>

Enter the message header key, such as X-Custom-Header. Do not enter the colon ( : ) after the key.

Note: Do not enter spaces in the header key. These are forbidden by RFC 2822.

header-insertion-status {enable | disable}

Enable to add message headers to the email before forwarding it to the recipient.

Many email clients can sort incoming email messages into separate mailboxes based on text appearing in various parts of email messages, including the message header. For details, see the documentation for your email client.

Message header lines are composed of two parts: a key (name) and a value, which are separated by a colon, such as:

X-Custom-Header: Virus detected by profile 22.

Also configure header-insertion-name <name_str> and header-insertion-value "<header_str>".

header-insertion-value "<header_str>"

Enter the message header value.

notification-profile <profile_name>

Type the name of the notification profile used for sending notifications.

notification-status {enable | disable}

Enable to send a notification about the detection. Also configure notification-profile <profile_name>.

quarantine-folder "<path_str>"

Enter the location of the quarantine folder.

This setting is available if action {discard | domain-quarantine | none | reject | repackage | repackage-with-cmsg | rewrite-rcpt | system-quarantine} is system-quarantine or domain-quarantine.

quarantine-notify {enable | disable}

Enable to quarantine and also notify the recipient about the action.

This setting is available if action {discard | domain-quarantine | none | reject | repackage | repackage-with-cmsg | rewrite-rcpt | system-quarantine} is system-quarantine or domain-quarantine.

quarantine-notify-profile <profile_name>

Enter the name of a notification profile.

This setting is available if action {discard | domain-quarantine | none | reject | repackage | repackage-with-cmsg | rewrite-rcpt | system-quarantine} is system-quarantine or domain-quarantine.

remove-url-status {enable | disable}

Enable to remove URL detected by FortiSandbox.

replace-infected-status {enable | disable}

Enable or disable the option to replace infected body or attachment.

rewrite-rcpt-local-type {none | prefix | replace | suffix}

Change the local part (the portion of the email address before the '@' symbol, typically a user name) of the recipient address of any email message detecting a virus.

• none: No change.

• prefix: Enter to prepend the part with new text. Also configure rewrite-rcpt-local-value <value_str>.

• suffix: Enter to append the part with new text. Also configure rewrite-rcpt-local-value <value_str>.

• replace: Enter to substitute the part with new text. Also configure rewrite-rcpt-local-value <value_str>.

This setting is available if action {discard | domain-quarantine | none | reject | repackage | repackage-with-cmsg | rewrite-rcpt | system-quarantine} is rewrite-rcpt.

rewrite-rcpt-local-value <value_str>

Enter the text for the option (except none) that you chose in rewrite-rcpt-local-type {none | prefix | replace | suffix}.

rewrite-rcpt-domain-type {none-prefix | replace | suffix}

Change the domain part (the portion of the email address after the '@' symbol) of the recipient address of any email message detecting a virus.

• none: No change.

• prefix: Enter to prepend the part with new text. Also configure rewrite-rcpt-domain-value <value_str>.

• suffix: Enter to append the part with new text. Also configure rewrite-rcpt-domain-value <value_str>.

• replace: Enter to substitute the part with new text. Also configure rewrite-rcpt-domain-value <value_str>.

This setting is available if action {discard | domain-quarantine | none | reject | repackage | repackage-with-cmsg | rewrite-rcpt | system-quarantine} is rewrite-rcpt.

rewrite-rcpt-domain-value <value_str>

Enter the text for the option (except none) you choose in rewrite-rcpt-domain-type {none-prefix | replace | suffix}.

subject-tagging-status {enable | disable}

Enable to prepend text defined using subject-tagging-text "<tag_str>" ("tag") to the subject line on detected virus.