config antivirus profile
Configure AntiVirus profiles.
config antivirus profile Description: Configure AntiVirus profiles. edit <name> set comment {var-string} set replacemsg-group {string} set ftgd-analytics [disable|suspicious|...] set analytics-max-upload {integer} set analytics-ignore-filetype {integer} set analytics-accept-filetype {integer} set analytics-db [disable|enable] set mobile-malware-db [disable|enable] config http Description: Configure HTTP AntiVirus options. set av-scan [disable|block|...] set outbreak-prevention [disable|block|...] set external-blocklist [disable|block|...] set fortindr [disable|block|...] set quarantine [disable|enable] set archive-block {option1}, {option2}, ... set archive-log {option1}, {option2}, ... set emulator [enable|disable] set unknown-content-encoding [block|inspect|...] set content-disarm [disable|enable] end config ftp Description: Configure FTP AntiVirus options. set av-scan [disable|block|...] set outbreak-prevention [disable|block|...] set external-blocklist [disable|block|...] set fortindr [disable|block|...] set quarantine [disable|enable] set archive-block {option1}, {option2}, ... set archive-log {option1}, {option2}, ... set emulator [enable|disable] end config imap Description: Configure IMAP AntiVirus options. set av-scan [disable|block|...] set outbreak-prevention [disable|block|...] set external-blocklist [disable|block|...] set fortindr [disable|block|...] set quarantine [disable|enable] set archive-block {option1}, {option2}, ... set archive-log {option1}, {option2}, ... set emulator [enable|disable] set executables [default|virus] set content-disarm [disable|enable] end config pop3 Description: Configure POP3 AntiVirus options. set av-scan [disable|block|...] set outbreak-prevention [disable|block|...] set external-blocklist [disable|block|...] set fortindr [disable|block|...] set quarantine [disable|enable] set archive-block {option1}, {option2}, ... set archive-log {option1}, {option2}, ... set emulator [enable|disable] set executables [default|virus] set content-disarm [disable|enable] end config smtp Description: Configure SMTP AntiVirus options. set av-scan [disable|block|...] set outbreak-prevention [disable|block|...] set external-blocklist [disable|block|...] set fortindr [disable|block|...] set quarantine [disable|enable] set archive-block {option1}, {option2}, ... set archive-log {option1}, {option2}, ... set emulator [enable|disable] set executables [default|virus] set content-disarm [disable|enable] end config mapi Description: Configure MAPI AntiVirus options. set av-scan [disable|block|...] set outbreak-prevention [disable|block|...] set external-blocklist [disable|block|...] set quarantine [disable|enable] set archive-block {option1}, {option2}, ... set archive-log {option1}, {option2}, ... set emulator [enable|disable] set executables [default|virus] end config nntp Description: Configure NNTP AntiVirus options. set av-scan [disable|block|...] set outbreak-prevention [disable|block|...] set external-blocklist [disable|block|...] set fortindr [disable|block|...] set quarantine [disable|enable] set archive-block {option1}, {option2}, ... set archive-log {option1}, {option2}, ... set emulator [enable|disable] end config cifs Description: Configure CIFS AntiVirus options. set av-scan [disable|block|...] set outbreak-prevention [disable|block|...] set external-blocklist [disable|block|...] set fortindr [disable|block|...] set quarantine [disable|enable] set archive-block {option1}, {option2}, ... set archive-log {option1}, {option2}, ... set emulator [enable|disable] end config ssh Description: Configure SFTP and SCP AntiVirus options. set av-scan [disable|block|...] set outbreak-prevention [disable|block|...] set external-blocklist [disable|block|...] set fortindr [disable|block|...] set quarantine [disable|enable] set archive-block {option1}, {option2}, ... set archive-log {option1}, {option2}, ... set emulator [enable|disable] end config nac-quar Description: Configure AntiVirus quarantine settings. set infected [none|quar-src-ip] set expiry {user} set log [enable|disable] end config content-disarm Description: AV Content Disarm and Reconstruction settings. set original-file-destination [fortisandbox|quarantine|...] set error-action [block|log-only|...] set office-macro [disable|enable] set office-hylink [disable|enable] set office-linked [disable|enable] set office-embed [disable|enable] set office-dde [disable|enable] set office-action [disable|enable] set pdf-javacode [disable|enable] set pdf-embedfile [disable|enable] set pdf-hyperlink [disable|enable] set pdf-act-gotor [disable|enable] set pdf-act-launch [disable|enable] set pdf-act-sound [disable|enable] set pdf-act-movie [disable|enable] set pdf-act-java [disable|enable] set pdf-act-form [disable|enable] set cover-page [disable|enable] set detect-only [disable|enable] end set outbreak-prevention-archive-scan [disable|enable] set external-blocklist-enable-all [disable|enable] set external-blocklist <name1>, <name2>, ... set ems-threat-feed [disable|enable] set fortindr-error-action [log-only|block|...] set fortindr-timeout-action [log-only|block|...] set av-virus-log [enable|disable] set av-block-log [enable|disable] set extended-log [enable|disable] set scan-mode [default|legacy] next end
config antivirus profile
Parameter |
Description |
Type |
Size |
Default |
||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|
name |
Profile name. |
string |
Maximum length: 35 |
|
||||||||
comment |
Comment. |
var-string |
Maximum length: 255 |
|
||||||||
replacemsg-group |
Replacement message group customized for this profile. |
string |
Maximum length: 35 |
|
||||||||
ftgd-analytics |
Settings to control which files are uploaded to FortiSandbox. |
option |
- |
disable |
||||||||
|
|
|||||||||||
analytics-max-upload |
Maximum size of files that can be uploaded to FortiSandbox. |
integer |
Minimum value: 1 Maximum value: 26214 |
10 |
||||||||
analytics-ignore-filetype |
Do not submit files matching this DLP file-pattern to FortiSandbox. |
integer |
Minimum value: 0 Maximum value: 4294967295 |
0 |
||||||||
analytics-accept-filetype |
Only submit files matching this DLP file-pattern to FortiSandbox. |
integer |
Minimum value: 0 Maximum value: 4294967295 |
0 |
||||||||
analytics-db |
Enable/disable using the FortiSandbox signature database to supplement the AV signature databases. |
option |
- |
disable |
||||||||
|
|
|||||||||||
mobile-malware-db |
Enable/disable using the mobile malware signature database. |
option |
- |
enable |
||||||||
|
|
|||||||||||
outbreak-prevention-archive-scan |
Enable/disable outbreak-prevention archive scanning. |
option |
- |
enable |
||||||||
|
|
|||||||||||
external-blocklist-enable-all |
Enable/disable all external blocklists. |
option |
- |
disable |
||||||||
|
|
|||||||||||
external-blocklist |
One or more external malware block lists. External blocklist. |
string |
Maximum length: 79 |
|
||||||||
ems-threat-feed |
Enable/disable use of EMS threat feed when performing AntiVirus scan. Analyzes files including the content of archives. |
option |
- |
disable |
||||||||
|
|
|||||||||||
fortindr-error-action |
Action to take if FortiNDR encounters an error. |
option |
- |
log-only |
||||||||
|
|
|||||||||||
fortindr-timeout-action |
Action to take if FortiNDR encounters a scan timeout. |
option |
- |
log-only |
||||||||
|
|
|||||||||||
av-virus-log |
Enable/disable AntiVirus logging. |
option |
- |
enable |
||||||||
|
|
|||||||||||
av-block-log |
Enable/disable logging for AntiVirus file blocking. |
option |
- |
enable |
||||||||
|
|
|||||||||||
extended-log |
Enable/disable extended logging for antivirus. |
option |
- |
disable |
||||||||
|
|
|||||||||||
scan-mode |
Configure scan mode. |
option |
- |
default |
||||||||
|
|
config http
Parameter |
Description |
Type |
Size |
Default |
||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
av-scan |
Enable AntiVirus scan service. |
option |
- |
disable |
||||||||||||||||||
|
|
|||||||||||||||||||||
outbreak-prevention |
Enable virus outbreak prevention service. |
option |
- |
disable |
||||||||||||||||||
|
|
|||||||||||||||||||||
external-blocklist |
Enable external-blocklist. Analyzes files including the content of archives. |
option |
- |
disable |
||||||||||||||||||
|
|
|||||||||||||||||||||
fortindr |
Enable/disable scanning of files by FortiNDR. |
option |
- |
disable |
||||||||||||||||||
|
|
|||||||||||||||||||||
quarantine |
Enable/disable quarantine for infected files. |
option |
- |
disable |
||||||||||||||||||
|
|
|||||||||||||||||||||
archive-block |
Select the archive types to block. |
option |
- |
|
||||||||||||||||||
|
|
|||||||||||||||||||||
archive-log |
Select the archive types to log. |
option |
- |
|
||||||||||||||||||
|
|
|||||||||||||||||||||
emulator |
Enable/disable the virus emulator. |
option |
- |
enable |
||||||||||||||||||
|
|
|||||||||||||||||||||
unknown-content-encoding |
Configure the action the FortiGate unit will take on unknown content-encoding. |
option |
- |
block |
||||||||||||||||||
|
|
|||||||||||||||||||||
content-disarm |
Enable/disable Content Disarm and Reconstruction when performing AntiVirus scan. |
option |
- |
disable |
||||||||||||||||||
|
|
config ftp
Parameter |
Description |
Type |
Size |
Default |
||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
av-scan |
Enable AntiVirus scan service. |
option |
- |
disable |
||||||||||||||||||
|
|
|||||||||||||||||||||
outbreak-prevention |
Enable virus outbreak prevention service. |
option |
- |
disable |
||||||||||||||||||
|
|
|||||||||||||||||||||
external-blocklist |
Enable external-blocklist. Analyzes files including the content of archives. |
option |
- |
disable |
||||||||||||||||||
|
|
|||||||||||||||||||||
fortindr |
Enable/disable scanning of files by FortiNDR. |
option |
- |
disable |
||||||||||||||||||
|
|
|||||||||||||||||||||
quarantine |
Enable/disable quarantine for infected files. |
option |
- |
disable |
||||||||||||||||||
|
|
|||||||||||||||||||||
archive-block |
Select the archive types to block. |
option |
- |
|
||||||||||||||||||
|
|
|||||||||||||||||||||
archive-log |
Select the archive types to log. |
option |
- |
|
||||||||||||||||||
|
|
|||||||||||||||||||||
emulator |
Enable/disable the virus emulator. |
option |
- |
enable |
||||||||||||||||||
|
|
config imap
Parameter |
Description |
Type |
Size |
Default |
||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
av-scan |
Enable AntiVirus scan service. |
option |
- |
disable |
||||||||||||||||||
|
|
|||||||||||||||||||||
outbreak-prevention |
Enable virus outbreak prevention service. |
option |
- |
disable |
||||||||||||||||||
|
|
|||||||||||||||||||||
external-blocklist |
Enable external-blocklist. Analyzes files including the content of archives. |
option |
- |
disable |
||||||||||||||||||
|
|
|||||||||||||||||||||
fortindr |
Enable/disable scanning of files by FortiNDR. |
option |
- |
disable |
||||||||||||||||||
|
|
|||||||||||||||||||||
quarantine |
Enable/disable quarantine for infected files. |
option |
- |
disable |
||||||||||||||||||
|
|
|||||||||||||||||||||
archive-block |
Select the archive types to block. |
option |
- |
|
||||||||||||||||||
|
|
|||||||||||||||||||||
archive-log |
Select the archive types to log. |
option |
- |
|
||||||||||||||||||
|
|
|||||||||||||||||||||
emulator |
Enable/disable the virus emulator. |
option |
- |
enable |
||||||||||||||||||
|
|
|||||||||||||||||||||
executables |
Treat Windows executable files as viruses for the purpose of blocking or monitoring. |
option |
- |
default |
||||||||||||||||||
|
|
|||||||||||||||||||||
content-disarm |
Enable/disable Content Disarm and Reconstruction when performing AntiVirus scan. |
option |
- |
disable |
||||||||||||||||||
|
|
config pop3
Parameter |
Description |
Type |
Size |
Default |
||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
av-scan |
Enable AntiVirus scan service. |
option |
- |
disable |
||||||||||||||||||
|
|
|||||||||||||||||||||
outbreak-prevention |
Enable virus outbreak prevention service. |
option |
- |
disable |
||||||||||||||||||
|
|
|||||||||||||||||||||
external-blocklist |
Enable external-blocklist. Analyzes files including the content of archives. |
option |
- |
disable |
||||||||||||||||||
|
|
|||||||||||||||||||||
fortindr |
Enable/disable scanning of files by FortiNDR. |
option |
- |
disable |
||||||||||||||||||
|
|
|||||||||||||||||||||
quarantine |
Enable/disable quarantine for infected files. |
option |
- |
disable |
||||||||||||||||||
|
|
|||||||||||||||||||||
archive-block |
Select the archive types to block. |
option |
- |
|
||||||||||||||||||
|
|
|||||||||||||||||||||
archive-log |
Select the archive types to log. |
option |
- |
|
||||||||||||||||||
|
|
|||||||||||||||||||||
emulator |
Enable/disable the virus emulator. |
option |
- |
enable |
||||||||||||||||||
|
|
|||||||||||||||||||||
executables |
Treat Windows executable files as viruses for the purpose of blocking or monitoring. |
option |
- |
default |
||||||||||||||||||
|
|
|||||||||||||||||||||
content-disarm |
Enable/disable Content Disarm and Reconstruction when performing AntiVirus scan. |
option |
- |
disable |
||||||||||||||||||
|
|
config smtp
Parameter |
Description |
Type |
Size |
Default |
||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
av-scan |
Enable AntiVirus scan service. |
option |
- |
disable |
||||||||||||||||||
|
|
|||||||||||||||||||||
outbreak-prevention |
Enable virus outbreak prevention service. |
option |
- |
disable |
||||||||||||||||||
|
|
|||||||||||||||||||||
external-blocklist |
Enable external-blocklist. Analyzes files including the content of archives. |
option |
- |
disable |
||||||||||||||||||
|
|
|||||||||||||||||||||
fortindr |
Enable/disable scanning of files by FortiNDR. |
option |
- |
disable |
||||||||||||||||||
|
|
|||||||||||||||||||||
quarantine |
Enable/disable quarantine for infected files. |
option |
- |
disable |
||||||||||||||||||
|
|
|||||||||||||||||||||
archive-block |
Select the archive types to block. |
option |
- |
|
||||||||||||||||||
|
|
|||||||||||||||||||||
archive-log |
Select the archive types to log. |
option |
- |
|
||||||||||||||||||
|
|
|||||||||||||||||||||
emulator |
Enable/disable the virus emulator. |
option |
- |
enable |
||||||||||||||||||
|
|
|||||||||||||||||||||
executables |
Treat Windows executable files as viruses for the purpose of blocking or monitoring. |
option |
- |
default |
||||||||||||||||||
|
|
|||||||||||||||||||||
content-disarm |
Enable/disable Content Disarm and Reconstruction when performing AntiVirus scan. |
option |
- |
disable |
||||||||||||||||||
|
|
config mapi
Parameter |
Description |
Type |
Size |
Default |
||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
av-scan |
Enable AntiVirus scan service. |
option |
- |
disable |
||||||||||||||||||
|
|
|||||||||||||||||||||
outbreak-prevention |
Enable virus outbreak prevention service. |
option |
- |
disable |
||||||||||||||||||
|
|
|||||||||||||||||||||
external-blocklist |
Enable external-blocklist. Analyzes files including the content of archives. |
option |
- |
disable |
||||||||||||||||||
|
|
|||||||||||||||||||||
quarantine |
Enable/disable quarantine for infected files. |
option |
- |
disable |
||||||||||||||||||
|
|
|||||||||||||||||||||
archive-block |
Select the archive types to block. |
option |
- |
|
||||||||||||||||||
|
|
|||||||||||||||||||||
archive-log |
Select the archive types to log. |
option |
- |
|
||||||||||||||||||
|
|
|||||||||||||||||||||
emulator |
Enable/disable the virus emulator. |
option |
- |
enable |
||||||||||||||||||
|
|
|||||||||||||||||||||
executables |
Treat Windows executable files as viruses for the purpose of blocking or monitoring. |
option |
- |
default |
||||||||||||||||||
|
|
config nntp
Parameter |
Description |
Type |
Size |
Default |
||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
av-scan |
Enable AntiVirus scan service. |
option |
- |
disable |
||||||||||||||||||
|
|
|||||||||||||||||||||
outbreak-prevention |
Enable virus outbreak prevention service. |
option |
- |
disable |
||||||||||||||||||
|
|
|||||||||||||||||||||
external-blocklist |
Enable external-blocklist. Analyzes files including the content of archives. |
option |
- |
disable |
||||||||||||||||||
|
|
|||||||||||||||||||||
fortindr |
Enable/disable scanning of files by FortiNDR. |
option |
- |
disable |
||||||||||||||||||
|
|
|||||||||||||||||||||
quarantine |
Enable/disable quarantine for infected files. |
option |
- |
disable |
||||||||||||||||||
|
|
|||||||||||||||||||||
archive-block |
Select the archive types to block. |
option |
- |
|
||||||||||||||||||
|
|
|||||||||||||||||||||
archive-log |
Select the archive types to log. |
option |
- |
|
||||||||||||||||||
|
|
|||||||||||||||||||||
emulator |
Enable/disable the virus emulator. |
option |
- |
enable |
||||||||||||||||||
|
|
config cifs
Parameter |
Description |
Type |
Size |
Default |
||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
av-scan |
Enable AntiVirus scan service. |
option |
- |
disable |
||||||||||||||||||
|
|
|||||||||||||||||||||
outbreak-prevention |
Enable virus outbreak prevention service. |
option |
- |
disable |
||||||||||||||||||
|
|
|||||||||||||||||||||
external-blocklist |
Enable external-blocklist. Analyzes files including the content of archives. |
option |
- |
disable |
||||||||||||||||||
|
|
|||||||||||||||||||||
fortindr |
Enable/disable scanning of files by FortiNDR. |
option |
- |
disable |
||||||||||||||||||
|
|
|||||||||||||||||||||
quarantine |
Enable/disable quarantine for infected files. |
option |
- |
disable |
||||||||||||||||||
|
|
|||||||||||||||||||||
archive-block |
Select the archive types to block. |
option |
- |
|
||||||||||||||||||
|
|
|||||||||||||||||||||
archive-log |
Select the archive types to log. |
option |
- |
|
||||||||||||||||||
|
|
|||||||||||||||||||||
emulator |
Enable/disable the virus emulator. |
option |
- |
enable |
||||||||||||||||||
|
|
config ssh
Parameter |
Description |
Type |
Size |
Default |
||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
av-scan |
Enable AntiVirus scan service. |
option |
- |
disable |
||||||||||||||||||
|
|
|||||||||||||||||||||
outbreak-prevention |
Enable virus outbreak prevention service. |
option |
- |
disable |
||||||||||||||||||
|
|
|||||||||||||||||||||
external-blocklist |
Enable external-blocklist. Analyzes files including the content of archives. |
option |
- |
disable |
||||||||||||||||||
|
|
|||||||||||||||||||||
fortindr |
Enable/disable scanning of files by FortiNDR. |
option |
- |
disable |
||||||||||||||||||
|
|
|||||||||||||||||||||
quarantine |
Enable/disable quarantine for infected files. |
option |
- |
disable |
||||||||||||||||||
|
|
|||||||||||||||||||||
archive-block |
Select the archive types to block. |
option |
- |
|
||||||||||||||||||
|
|
|||||||||||||||||||||
archive-log |
Select the archive types to log. |
option |
- |
|
||||||||||||||||||
|
|
|||||||||||||||||||||
emulator |
Enable/disable the virus emulator. |
option |
- |
enable |
||||||||||||||||||
|
|
config nac-quar
Parameter |
Description |
Type |
Size |
Default |
||||||
---|---|---|---|---|---|---|---|---|---|---|
infected |
Enable/Disable quarantining infected hosts to the banned user list. |
option |
- |
none |
||||||
|
|
|||||||||
expiry |
Duration of quarantine. |
user |
Not Specified |
5m |
||||||
log |
Enable/disable AntiVirus quarantine logging. |
option |
- |
disable |
||||||
|
|
config content-disarm
Parameter |
Description |
Type |
Size |
Default |
||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|
original-file-destination |
Destination to send original file if active content is removed. |
option |
- |
discard |
||||||||
|
|
|||||||||||
error-action |
Action to be taken if CDR engine encounters an unrecoverable error. |
option |
- |
log-only |
||||||||
|
|
|||||||||||
office-macro |
Enable/disable stripping of macros in Microsoft Office documents. |
option |
- |
enable |
||||||||
|
|
|||||||||||
office-hylink |
Enable/disable stripping of hyperlinks in Microsoft Office documents. |
option |
- |
enable |
||||||||
|
|
|||||||||||
office-linked |
Enable/disable stripping of linked objects in Microsoft Office documents. |
option |
- |
enable |
||||||||
|
|
|||||||||||
office-embed |
Enable/disable stripping of embedded objects in Microsoft Office documents. |
option |
- |
enable |
||||||||
|
|
|||||||||||
office-dde |
Enable/disable stripping of Dynamic Data Exchange events in Microsoft Office documents. |
option |
- |
enable |
||||||||
|
|
|||||||||||
office-action |
Enable/disable stripping of PowerPoint action events in Microsoft Office documents. |
option |
- |
enable |
||||||||
|
|
|||||||||||
pdf-javacode |
Enable/disable stripping of JavaScript code in PDF documents. |
option |
- |
enable |
||||||||
|
|
|||||||||||
pdf-embedfile |
Enable/disable stripping of embedded files in PDF documents. |
option |
- |
enable |
||||||||
|
|
|||||||||||
pdf-hyperlink |
Enable/disable stripping of hyperlinks from PDF documents. |
option |
- |
enable |
||||||||
|
|
|||||||||||
pdf-act-gotor |
Enable/disable stripping of PDF document actions that access other PDF documents. |
option |
- |
enable |
||||||||
|
|
|||||||||||
pdf-act-launch |
Enable/disable stripping of PDF document actions that launch other applications. |
option |
- |
enable |
||||||||
|
|
|||||||||||
pdf-act-sound |
Enable/disable stripping of PDF document actions that play a sound. |
option |
- |
enable |
||||||||
|
|
|||||||||||
pdf-act-movie |
Enable/disable stripping of PDF document actions that play a movie. |
option |
- |
enable |
||||||||
|
|
|||||||||||
pdf-act-java |
Enable/disable stripping of PDF document actions that execute JavaScript code. |
option |
- |
enable |
||||||||
|
|
|||||||||||
pdf-act-form |
Enable/disable stripping of PDF document actions that submit data to other targets. |
option |
- |
enable |
||||||||
|
|
|||||||||||
cover-page |
Enable/disable inserting a cover page into the disarmed document. |
option |
- |
enable |
||||||||
|
|
|||||||||||
detect-only |
Enable/disable only detect disarmable files, do not alter content. |
option |
- |
disable |
||||||||
|
|