Fortinet white logo
Fortinet white logo

CLI Reference

config antivirus profile

config antivirus profile

Configure AntiVirus profiles.

config antivirus profile
    Description: Configure AntiVirus profiles.
    edit <name>
        set comment {var-string}
        set replacemsg-group {string}
        set ftgd-analytics [disable|suspicious|...]
        set analytics-max-upload {integer}
        set analytics-ignore-filetype {integer}
        set analytics-accept-filetype {integer}
        set analytics-db [disable|enable]
        set mobile-malware-db [disable|enable]
        config http
            Description: Configure HTTP AntiVirus options.
            set av-scan [disable|block|...]
            set outbreak-prevention [disable|block|...]
            set external-blocklist [disable|block|...]
            set fortindr [disable|block|...]
            set quarantine [disable|enable]
            set archive-block {option1}, {option2}, ...
            set archive-log {option1}, {option2}, ...
            set emulator [enable|disable]
            set unknown-content-encoding [block|inspect|...]
            set content-disarm [disable|enable]
        end
        config ftp
            Description: Configure FTP AntiVirus options.
            set av-scan [disable|block|...]
            set outbreak-prevention [disable|block|...]
            set external-blocklist [disable|block|...]
            set fortindr [disable|block|...]
            set quarantine [disable|enable]
            set archive-block {option1}, {option2}, ...
            set archive-log {option1}, {option2}, ...
            set emulator [enable|disable]
        end
        config imap
            Description: Configure IMAP AntiVirus options.
            set av-scan [disable|block|...]
            set outbreak-prevention [disable|block|...]
            set external-blocklist [disable|block|...]
            set fortindr [disable|block|...]
            set quarantine [disable|enable]
            set archive-block {option1}, {option2}, ...
            set archive-log {option1}, {option2}, ...
            set emulator [enable|disable]
            set executables [default|virus]
            set content-disarm [disable|enable]
        end
        config pop3
            Description: Configure POP3 AntiVirus options.
            set av-scan [disable|block|...]
            set outbreak-prevention [disable|block|...]
            set external-blocklist [disable|block|...]
            set fortindr [disable|block|...]
            set quarantine [disable|enable]
            set archive-block {option1}, {option2}, ...
            set archive-log {option1}, {option2}, ...
            set emulator [enable|disable]
            set executables [default|virus]
            set content-disarm [disable|enable]
        end
        config smtp
            Description: Configure SMTP AntiVirus options.
            set av-scan [disable|block|...]
            set outbreak-prevention [disable|block|...]
            set external-blocklist [disable|block|...]
            set fortindr [disable|block|...]
            set quarantine [disable|enable]
            set archive-block {option1}, {option2}, ...
            set archive-log {option1}, {option2}, ...
            set emulator [enable|disable]
            set executables [default|virus]
            set content-disarm [disable|enable]
        end
        config mapi
            Description: Configure MAPI AntiVirus options.
            set av-scan [disable|block|...]
            set outbreak-prevention [disable|block|...]
            set external-blocklist [disable|block|...]
            set quarantine [disable|enable]
            set archive-block {option1}, {option2}, ...
            set archive-log {option1}, {option2}, ...
            set emulator [enable|disable]
            set executables [default|virus]
        end
        config nntp
            Description: Configure NNTP AntiVirus options.
            set av-scan [disable|block|...]
            set outbreak-prevention [disable|block|...]
            set external-blocklist [disable|block|...]
            set fortindr [disable|block|...]
            set quarantine [disable|enable]
            set archive-block {option1}, {option2}, ...
            set archive-log {option1}, {option2}, ...
            set emulator [enable|disable]
        end
        config cifs
            Description: Configure CIFS AntiVirus options.
            set av-scan [disable|block|...]
            set outbreak-prevention [disable|block|...]
            set external-blocklist [disable|block|...]
            set fortindr [disable|block|...]
            set quarantine [disable|enable]
            set archive-block {option1}, {option2}, ...
            set archive-log {option1}, {option2}, ...
            set emulator [enable|disable]
        end
        config ssh
            Description: Configure SFTP and SCP AntiVirus options.
            set av-scan [disable|block|...]
            set outbreak-prevention [disable|block|...]
            set external-blocklist [disable|block|...]
            set fortindr [disable|block|...]
            set quarantine [disable|enable]
            set archive-block {option1}, {option2}, ...
            set archive-log {option1}, {option2}, ...
            set emulator [enable|disable]
        end
        config nac-quar
            Description: Configure AntiVirus quarantine settings.
            set infected [none|quar-src-ip]
            set expiry {user}
            set log [enable|disable]
        end
        config content-disarm
            Description: AV Content Disarm and Reconstruction settings.
            set original-file-destination [fortisandbox|quarantine|...]
            set error-action [block|log-only|...]
            set office-macro [disable|enable]
            set office-hylink [disable|enable]
            set office-linked [disable|enable]
            set office-embed [disable|enable]
            set office-dde [disable|enable]
            set office-action [disable|enable]
            set pdf-javacode [disable|enable]
            set pdf-embedfile [disable|enable]
            set pdf-hyperlink [disable|enable]
            set pdf-act-gotor [disable|enable]
            set pdf-act-launch [disable|enable]
            set pdf-act-sound [disable|enable]
            set pdf-act-movie [disable|enable]
            set pdf-act-java [disable|enable]
            set pdf-act-form [disable|enable]
            set cover-page [disable|enable]
            set detect-only [disable|enable]
        end
        set outbreak-prevention-archive-scan [disable|enable]
        set external-blocklist-enable-all [disable|enable]
        set external-blocklist <name1>, <name2>, ...
        set ems-threat-feed [disable|enable]
        set fortindr-error-action [log-only|block|...]
        set fortindr-timeout-action [log-only|block|...]
        set av-virus-log [enable|disable]
        set av-block-log [enable|disable]
        set extended-log [enable|disable]
        set scan-mode [default|legacy]
    next
end

config antivirus profile

Parameter

Description

Type

Size

Default

name

Profile name.

string

Maximum length: 35

comment

Comment.

var-string

Maximum length: 255

replacemsg-group

Replacement message group customized for this profile.

string

Maximum length: 35

ftgd-analytics

Settings to control which files are uploaded to FortiSandbox.

option

-

disable

Option

Description

disable

Do not upload files to FortiSandbox.

suspicious

Submit files supported by FortiSandbox if heuristics or other methods determine they are suspicious.

everything

Submit files supported by FortiSandbox and known infected files.

analytics-max-upload

Maximum size of files that can be uploaded to FortiSandbox.

integer

Minimum value: 1 Maximum value: 26214

10

analytics-ignore-filetype

Do not submit files matching this DLP file-pattern to FortiSandbox.

integer

Minimum value: 0 Maximum value: 4294967295

0

analytics-accept-filetype

Only submit files matching this DLP file-pattern to FortiSandbox.

integer

Minimum value: 0 Maximum value: 4294967295

0

analytics-db

Enable/disable using the FortiSandbox signature database to supplement the AV signature databases.

option

-

disable

Option

Description

disable

Use only the standard AV signature databases.

enable

Also use the FortiSandbox signature database.

mobile-malware-db

Enable/disable using the mobile malware signature database.

option

-

enable

Option

Description

disable

Do not use the mobile malware signature database.

enable

Also use the mobile malware signature database.

outbreak-prevention-archive-scan

Enable/disable outbreak-prevention archive scanning.

option

-

enable

Option

Description

disable

Analyze files as sent, not the content of archives.

enable

Analyze files including the content of archives.

external-blocklist-enable-all

Enable/disable all external blocklists.

option

-

disable

Option

Description

disable

Use configured external blocklists.

enable

Enable all external blocklists.

external-blocklist <name>

One or more external malware block lists.

External blocklist.

string

Maximum length: 79

ems-threat-feed

Enable/disable use of EMS threat feed when performing AntiVirus scan. Analyzes files including the content of archives.

option

-

disable

Option

Description

disable

Disable use of EMS threat feed when performing AntiVirus scan.

enable

Enable use of EMS threat feed when performing AntiVirus scan.

fortindr-error-action

Action to take if FortiNDR encounters an error.

option

-

log-only

Option

Description

log-only

Log FortiNDR error, but allow the file.

block

Block the file on FortiNDR error.

ignore

Do nothing on FortiNDR error.

fortindr-timeout-action

Action to take if FortiNDR encounters a scan timeout.

option

-

log-only

Option

Description

log-only

Log FortiNDR scan timeout, but allow the file.

block

Block the file on FortiNDR scan timeout.

ignore

Do nothing on FortiNDR scan timeout.

av-virus-log

Enable/disable AntiVirus logging.

option

-

enable

Option

Description

enable

Enable setting.

disable

Disable setting.

av-block-log

Enable/disable logging for AntiVirus file blocking.

option

-

enable

Option

Description

enable

Enable setting.

disable

Disable setting.

extended-log

Enable/disable extended logging for antivirus.

option

-

disable

Option

Description

enable

Enable setting.

disable

Disable setting.

scan-mode

Configure scan mode.

option

-

default

Option

Description

default

On the fly decompression and scanning of certain archive files.

legacy

Scan archive files only after the entire file is received.

config http

Parameter

Description

Type

Size

Default

av-scan

Enable AntiVirus scan service.

option

-

disable

Option

Description

disable

Disable.

block

Block the virus infected files.

monitor

Log the virus infected files.

outbreak-prevention

Enable virus outbreak prevention service.

option

-

disable

Option

Description

disable

Disable.

block

Block the matched files.

monitor

Log the matched files.

external-blocklist

Enable external-blocklist. Analyzes files including the content of archives.

option

-

disable

Option

Description

disable

Disable.

block

Block the matched files.

monitor

Log the matched files.

fortindr

Enable/disable scanning of files by FortiNDR.

option

-

disable

Option

Description

disable

Disable.

block

Block the FortiNDR detected infections.

monitor

Log the FortiNDR detected infections.

quarantine

Enable/disable quarantine for infected files.

option

-

disable

Option

Description

disable

Disable quarantine for infected files.

enable

Enable quarantine for infected files.

archive-block

Select the archive types to block.

option

-

Option

Description

encrypted

Block encrypted archives.

corrupted

Block corrupted archives.

partiallycorrupted

Block partially corrupted archives.

multipart

Block multipart archives.

nested

Block nested archives that exceed uncompressed nest limit.

mailbomb

Block mail bomb archives.

timeout

Block scan timeout.

unhandled

Block archives that FortiProxy cannot open.

archive-log

Select the archive types to log.

option

-

Option

Description

encrypted

Log encrypted archives.

corrupted

Log corrupted archives.

partiallycorrupted

Log partially corrupted archives.

multipart

Log multipart archives.

nested

Log nested archives that exceed uncompressed nest limit.

mailbomb

Log mail bomb archives.

timeout

Log scan timeout.

unhandled

Log archives that FortiProxy cannot open.

emulator

Enable/disable the virus emulator.

option

-

enable

Option

Description

enable

Enable the virus emulator.

disable

Disable the virus emulator.

unknown-content-encoding

Configure the action the FortiGate unit will take on unknown content-encoding.

option

-

block

Option

Description

block

Block HTTP session when unknown content-encoding is detected.

inspect

Inspect HTTP traffic as plain-text with AV scan when unknown content-encoding is detected.

bypass

Bypass AV scan when unknown content-encoding is detected.

content-disarm

Enable/disable Content Disarm and Reconstruction when performing AntiVirus scan.

option

-

disable

Option

Description

disable

Disable Content Disarm and Reconstruction when performing AntiVirus scan.

enable

Enable Content Disarm and Reconstruction when performing AntiVirus scan.

config ftp

Parameter

Description

Type

Size

Default

av-scan

Enable AntiVirus scan service.

option

-

disable

Option

Description

disable

Disable.

block

Block the virus infected files.

monitor

Log the virus infected files.

outbreak-prevention

Enable virus outbreak prevention service.

option

-

disable

Option

Description

disable

Disable.

block

Block the matched files.

monitor

Log the matched files.

external-blocklist

Enable external-blocklist. Analyzes files including the content of archives.

option

-

disable

Option

Description

disable

Disable.

block

Block the matched files.

monitor

Log the matched files.

fortindr

Enable/disable scanning of files by FortiNDR.

option

-

disable

Option

Description

disable

Disable.

block

Block the FortiNDR detected infections.

monitor

Log the FortiNDR detected infections.

quarantine

Enable/disable quarantine for infected files.

option

-

disable

Option

Description

disable

Disable quarantine for infected files.

enable

Enable quarantine for infected files.

archive-block

Select the archive types to block.

option

-

Option

Description

encrypted

Block encrypted archives.

corrupted

Block corrupted archives.

partiallycorrupted

Block partially corrupted archives.

multipart

Block multipart archives.

nested

Block nested archives that exceed uncompressed nest limit.

mailbomb

Block mail bomb archives.

timeout

Block scan timeout.

unhandled

Block archives that FortiProxy cannot open.

archive-log

Select the archive types to log.

option

-

Option

Description

encrypted

Log encrypted archives.

corrupted

Log corrupted archives.

partiallycorrupted

Log partially corrupted archives.

multipart

Log multipart archives.

nested

Log nested archives that exceed uncompressed nest limit.

mailbomb

Log mail bomb archives.

timeout

Log scan timeout.

unhandled

Log archives that FortiProxy cannot open.

emulator

Enable/disable the virus emulator.

option

-

enable

Option

Description

enable

Enable the virus emulator.

disable

Disable the virus emulator.

config imap

Parameter

Description

Type

Size

Default

av-scan

Enable AntiVirus scan service.

option

-

disable

Option

Description

disable

Disable.

block

Block the virus infected files.

monitor

Log the virus infected files.

outbreak-prevention

Enable virus outbreak prevention service.

option

-

disable

Option

Description

disable

Disable.

block

Block the matched files.

monitor

Log the matched files.

external-blocklist

Enable external-blocklist. Analyzes files including the content of archives.

option

-

disable

Option

Description

disable

Disable.

block

Block the matched files.

monitor

Log the matched files.

fortindr

Enable/disable scanning of files by FortiNDR.

option

-

disable

Option

Description

disable

Disable.

block

Block the FortiNDR detected infections.

monitor

Log the FortiNDR detected infections.

quarantine

Enable/disable quarantine for infected files.

option

-

disable

Option

Description

disable

Disable quarantine for infected files.

enable

Enable quarantine for infected files.

archive-block

Select the archive types to block.

option

-

Option

Description

encrypted

Block encrypted archives.

corrupted

Block corrupted archives.

partiallycorrupted

Block partially corrupted archives.

multipart

Block multipart archives.

nested

Block nested archives that exceed uncompressed nest limit.

mailbomb

Block mail bomb archives.

timeout

Block scan timeout.

unhandled

Block archives that FortiProxy cannot open.

archive-log

Select the archive types to log.

option

-

Option

Description

encrypted

Log encrypted archives.

corrupted

Log corrupted archives.

partiallycorrupted

Log partially corrupted archives.

multipart

Log multipart archives.

nested

Log nested archives that exceed uncompressed nest limit.

mailbomb

Log mail bomb archives.

timeout

Log scan timeout.

unhandled

Log archives that FortiProxy cannot open.

emulator

Enable/disable the virus emulator.

option

-

enable

Option

Description

enable

Enable the virus emulator.

disable

Disable the virus emulator.

executables

Treat Windows executable files as viruses for the purpose of blocking or monitoring.

option

-

default

Option

Description

default

Perform standard AntiVirus scanning of Windows executable files.

virus

Treat Windows executables as viruses.

content-disarm

Enable/disable Content Disarm and Reconstruction when performing AntiVirus scan.

option

-

disable

Option

Description

disable

Disable Content Disarm and Reconstruction when performing AntiVirus scan.

enable

Enable Content Disarm and Reconstruction when performing AntiVirus scan.

config pop3

Parameter

Description

Type

Size

Default

av-scan

Enable AntiVirus scan service.

option

-

disable

Option

Description

disable

Disable.

block

Block the virus infected files.

monitor

Log the virus infected files.

outbreak-prevention

Enable virus outbreak prevention service.

option

-

disable

Option

Description

disable

Disable.

block

Block the matched files.

monitor

Log the matched files.

external-blocklist

Enable external-blocklist. Analyzes files including the content of archives.

option

-

disable

Option

Description

disable

Disable.

block

Block the matched files.

monitor

Log the matched files.

fortindr

Enable/disable scanning of files by FortiNDR.

option

-

disable

Option

Description

disable

Disable.

block

Block the FortiNDR detected infections.

monitor

Log the FortiNDR detected infections.

quarantine

Enable/disable quarantine for infected files.

option

-

disable

Option

Description

disable

Disable quarantine for infected files.

enable

Enable quarantine for infected files.

archive-block

Select the archive types to block.

option

-

Option

Description

encrypted

Block encrypted archives.

corrupted

Block corrupted archives.

partiallycorrupted

Block partially corrupted archives.

multipart

Block multipart archives.

nested

Block nested archives that exceed uncompressed nest limit.

mailbomb

Block mail bomb archives.

timeout

Block scan timeout.

unhandled

Block archives that FortiProxy cannot open.

archive-log

Select the archive types to log.

option

-

Option

Description

encrypted

Log encrypted archives.

corrupted

Log corrupted archives.

partiallycorrupted

Log partially corrupted archives.

multipart

Log multipart archives.

nested

Log nested archives that exceed uncompressed nest limit.

mailbomb

Log mail bomb archives.

timeout

Log scan timeout.

unhandled

Log archives that FortiProxy cannot open.

emulator

Enable/disable the virus emulator.

option

-

enable

Option

Description

enable

Enable the virus emulator.

disable

Disable the virus emulator.

executables

Treat Windows executable files as viruses for the purpose of blocking or monitoring.

option

-

default

Option

Description

default

Perform standard AntiVirus scanning of Windows executable files.

virus

Treat Windows executables as viruses.

content-disarm

Enable/disable Content Disarm and Reconstruction when performing AntiVirus scan.

option

-

disable

Option

Description

disable

Disable Content Disarm and Reconstruction when performing AntiVirus scan.

enable

Enable Content Disarm and Reconstruction when performing AntiVirus scan.

config smtp

Parameter

Description

Type

Size

Default

av-scan

Enable AntiVirus scan service.

option

-

disable

Option

Description

disable

Disable.

block

Block the virus infected files.

monitor

Log the virus infected files.

outbreak-prevention

Enable virus outbreak prevention service.

option

-

disable

Option

Description

disable

Disable.

block

Block the matched files.

monitor

Log the matched files.

external-blocklist

Enable external-blocklist. Analyzes files including the content of archives.

option

-

disable

Option

Description

disable

Disable.

block

Block the matched files.

monitor

Log the matched files.

fortindr

Enable/disable scanning of files by FortiNDR.

option

-

disable

Option

Description

disable

Disable.

block

Block the FortiNDR detected infections.

monitor

Log the FortiNDR detected infections.

quarantine

Enable/disable quarantine for infected files.

option

-

disable

Option

Description

disable

Disable quarantine for infected files.

enable

Enable quarantine for infected files.

archive-block

Select the archive types to block.

option

-

Option

Description

encrypted

Block encrypted archives.

corrupted

Block corrupted archives.

partiallycorrupted

Block partially corrupted archives.

multipart

Block multipart archives.

nested

Block nested archives that exceed uncompressed nest limit.

mailbomb

Block mail bomb archives.

timeout

Block scan timeout.

unhandled

Block archives that FortiProxy cannot open.

archive-log

Select the archive types to log.

option

-

Option

Description

encrypted

Log encrypted archives.

corrupted

Log corrupted archives.

partiallycorrupted

Log partially corrupted archives.

multipart

Log multipart archives.

nested

Log nested archives that exceed uncompressed nest limit.

mailbomb

Log mail bomb archives.

timeout

Log scan timeout.

unhandled

Log archives that FortiProxy cannot open.

emulator

Enable/disable the virus emulator.

option

-

enable

Option

Description

enable

Enable the virus emulator.

disable

Disable the virus emulator.

executables

Treat Windows executable files as viruses for the purpose of blocking or monitoring.

option

-

default

Option

Description

default

Perform standard AntiVirus scanning of Windows executable files.

virus

Treat Windows executables as viruses.

content-disarm

Enable/disable Content Disarm and Reconstruction when performing AntiVirus scan.

option

-

disable

Option

Description

disable

Disable Content Disarm and Reconstruction when performing AntiVirus scan.

enable

Enable Content Disarm and Reconstruction when performing AntiVirus scan.

config mapi

Parameter

Description

Type

Size

Default

av-scan

Enable AntiVirus scan service.

option

-

disable

Option

Description

disable

Disable.

block

Block the virus infected files.

monitor

Log the virus infected files.

outbreak-prevention

Enable virus outbreak prevention service.

option

-

disable

Option

Description

disable

Disable.

block

Block the matched files.

monitor

Log the matched files.

external-blocklist

Enable external-blocklist. Analyzes files including the content of archives.

option

-

disable

Option

Description

disable

Disable.

block

Block the matched files.

monitor

Log the matched files.

quarantine

Enable/disable quarantine for infected files.

option

-

disable

Option

Description

disable

Disable quarantine for infected files.

enable

Enable quarantine for infected files.

archive-block

Select the archive types to block.

option

-

Option

Description

encrypted

Block encrypted archives.

corrupted

Block corrupted archives.

partiallycorrupted

Block partially corrupted archives.

multipart

Block multipart archives.

nested

Block nested archives that exceed uncompressed nest limit.

mailbomb

Block mail bomb archives.

timeout

Block scan timeout.

unhandled

Block archives that FortiProxy cannot open.

archive-log

Select the archive types to log.

option

-

Option

Description

encrypted

Log encrypted archives.

corrupted

Log corrupted archives.

partiallycorrupted

Log partially corrupted archives.

multipart

Log multipart archives.

nested

Log nested archives that exceed uncompressed nest limit.

mailbomb

Log mail bomb archives.

timeout

Log scan timeout.

unhandled

Log archives that FortiProxy cannot open.

emulator

Enable/disable the virus emulator.

option

-

enable

Option

Description

enable

Enable the virus emulator.

disable

Disable the virus emulator.

executables

Treat Windows executable files as viruses for the purpose of blocking or monitoring.

option

-

default

Option

Description

default

Perform standard AntiVirus scanning of Windows executable files.

virus

Treat Windows executables as viruses.

config nntp

Parameter

Description

Type

Size

Default

av-scan

Enable AntiVirus scan service.

option

-

disable

Option

Description

disable

Disable.

block

Block the virus infected files.

monitor

Log the virus infected files.

outbreak-prevention

Enable virus outbreak prevention service.

option

-

disable

Option

Description

disable

Disable.

block

Block the matched files.

monitor

Log the matched files.

external-blocklist

Enable external-blocklist. Analyzes files including the content of archives.

option

-

disable

Option

Description

disable

Disable.

block

Block the matched files.

monitor

Log the matched files.

fortindr

Enable/disable scanning of files by FortiNDR.

option

-

disable

Option

Description

disable

Disable.

block

Block the FortiNDR detected infections.

monitor

Log the FortiNDR detected infections.

quarantine

Enable/disable quarantine for infected files.

option

-

disable

Option

Description

disable

Disable quarantine for infected files.

enable

Enable quarantine for infected files.

archive-block

Select the archive types to block.

option

-

Option

Description

encrypted

Block encrypted archives.

corrupted

Block corrupted archives.

partiallycorrupted

Block partially corrupted archives.

multipart

Block multipart archives.

nested

Block nested archives that exceed uncompressed nest limit.

mailbomb

Block mail bomb archives.

timeout

Block scan timeout.

unhandled

Block archives that FortiProxy cannot open.

archive-log

Select the archive types to log.

option

-

Option

Description

encrypted

Log encrypted archives.

corrupted

Log corrupted archives.

partiallycorrupted

Log partially corrupted archives.

multipart

Log multipart archives.

nested

Log nested archives that exceed uncompressed nest limit.

mailbomb

Log mail bomb archives.

timeout

Log scan timeout.

unhandled

Log archives that FortiProxy cannot open.

emulator

Enable/disable the virus emulator.

option

-

enable

Option

Description

enable

Enable the virus emulator.

disable

Disable the virus emulator.

config cifs

Parameter

Description

Type

Size

Default

av-scan

Enable AntiVirus scan service.

option

-

disable

Option

Description

disable

Disable.

block

Block the virus infected files.

monitor

Log the virus infected files.

outbreak-prevention

Enable virus outbreak prevention service.

option

-

disable

Option

Description

disable

Disable.

block

Block the matched files.

monitor

Log the matched files.

external-blocklist

Enable external-blocklist. Analyzes files including the content of archives.

option

-

disable

Option

Description

disable

Disable.

block

Block the matched files.

monitor

Log the matched files.

fortindr

Enable/disable scanning of files by FortiNDR.

option

-

disable

Option

Description

disable

Disable.

block

Block the FortiNDR detected infections.

monitor

Log the FortiNDR detected infections.

quarantine

Enable/disable quarantine for infected files.

option

-

disable

Option

Description

disable

Disable quarantine for infected files.

enable

Enable quarantine for infected files.

archive-block

Select the archive types to block.

option

-

Option

Description

encrypted

Block encrypted archives.

corrupted

Block corrupted archives.

partiallycorrupted

Block partially corrupted archives.

multipart

Block multipart archives.

nested

Block nested archives that exceed uncompressed nest limit.

mailbomb

Block mail bomb archives.

timeout

Block scan timeout.

unhandled

Block archives that FortiProxy cannot open.

archive-log

Select the archive types to log.

option

-

Option

Description

encrypted

Log encrypted archives.

corrupted

Log corrupted archives.

partiallycorrupted

Log partially corrupted archives.

multipart

Log multipart archives.

nested

Log nested archives that exceed uncompressed nest limit.

mailbomb

Log mail bomb archives.

timeout

Log scan timeout.

unhandled

Log archives that FortiProxy cannot open.

emulator

Enable/disable the virus emulator.

option

-

enable

Option

Description

enable

Enable the virus emulator.

disable

Disable the virus emulator.

config ssh

Parameter

Description

Type

Size

Default

av-scan

Enable AntiVirus scan service.

option

-

disable

Option

Description

disable

Disable.

block

Block the virus infected files.

monitor

Log the virus infected files.

outbreak-prevention

Enable virus outbreak prevention service.

option

-

disable

Option

Description

disable

Disable.

block

Block the matched files.

monitor

Log the matched files.

external-blocklist

Enable external-blocklist. Analyzes files including the content of archives.

option

-

disable

Option

Description

disable

Disable.

block

Block the matched files.

monitor

Log the matched files.

fortindr

Enable/disable scanning of files by FortiNDR.

option

-

disable

Option

Description

disable

Disable.

block

Block the FortiNDR detected infections.

monitor

Log the FortiNDR detected infections.

quarantine

Enable/disable quarantine for infected files.

option

-

disable

Option

Description

disable

Disable quarantine for infected files.

enable

Enable quarantine for infected files.

archive-block

Select the archive types to block.

option

-

Option

Description

encrypted

Block encrypted archives.

corrupted

Block corrupted archives.

partiallycorrupted

Block partially corrupted archives.

multipart

Block multipart archives.

nested

Block nested archives that exceed uncompressed nest limit.

mailbomb

Block mail bomb archives.

timeout

Block scan timeout.

unhandled

Block archives that FortiProxy cannot open.

archive-log

Select the archive types to log.

option

-

Option

Description

encrypted

Log encrypted archives.

corrupted

Log corrupted archives.

partiallycorrupted

Log partially corrupted archives.

multipart

Log multipart archives.

nested

Log nested archives that exceed uncompressed nest limit.

mailbomb

Log mail bomb archives.

timeout

Log scan timeout.

unhandled

Log archives that FortiProxy cannot open.

emulator

Enable/disable the virus emulator.

option

-

enable

Option

Description

enable

Enable the virus emulator.

disable

Disable the virus emulator.

config nac-quar

Parameter

Description

Type

Size

Default

infected

Enable/Disable quarantining infected hosts to the banned user list.

option

-

none

Option

Description

none

Do not quarantine infected hosts.

quar-src-ip

Quarantine all traffic from the infected hosts source IP.

expiry

Duration of quarantine.

user

Not Specified

5m

log

Enable/disable AntiVirus quarantine logging.

option

-

disable

Option

Description

enable

Enable AntiVirus quarantine logging.

disable

Disable AntiVirus quarantine logging.

config content-disarm

Parameter

Description

Type

Size

Default

original-file-destination

Destination to send original file if active content is removed.

option

-

discard

Option

Description

fortisandbox

Send original file to configured FortiSandbox.

quarantine

Send original file to quarantine.

discard

Original file will be discarded after content disarm.

error-action

Action to be taken if CDR engine encounters an unrecoverable error.

option

-

log-only

Option

Description

block

Block file on CDR error.

log-only

Log CDR error, but allow file.

ignore

Do nothing on CDR error.

office-macro

Enable/disable stripping of macros in Microsoft Office documents.

option

-

enable

Option

Description

disable

Disable this Content Disarm and Reconstruction feature.

enable

Enable this Content Disarm and Reconstruction feature.

office-hylink

Enable/disable stripping of hyperlinks in Microsoft Office documents.

option

-

enable

Option

Description

disable

Disable this Content Disarm and Reconstruction feature.

enable

Enable this Content Disarm and Reconstruction feature.

office-linked

Enable/disable stripping of linked objects in Microsoft Office documents.

option

-

enable

Option

Description

disable

Disable this Content Disarm and Reconstruction feature.

enable

Enable this Content Disarm and Reconstruction feature.

office-embed

Enable/disable stripping of embedded objects in Microsoft Office documents.

option

-

enable

Option

Description

disable

Disable this Content Disarm and Reconstruction feature.

enable

Enable this Content Disarm and Reconstruction feature.

office-dde

Enable/disable stripping of Dynamic Data Exchange events in Microsoft Office documents.

option

-

enable

Option

Description

disable

Disable this Content Disarm and Reconstruction feature.

enable

Enable this Content Disarm and Reconstruction feature.

office-action

Enable/disable stripping of PowerPoint action events in Microsoft Office documents.

option

-

enable

Option

Description

disable

Disable this Content Disarm and Reconstruction feature.

enable

Enable this Content Disarm and Reconstruction feature.

pdf-javacode

Enable/disable stripping of JavaScript code in PDF documents.

option

-

enable

Option

Description

disable

Disable this Content Disarm and Reconstruction feature.

enable

Enable this Content Disarm and Reconstruction feature.

pdf-embedfile

Enable/disable stripping of embedded files in PDF documents.

option

-

enable

Option

Description

disable

Disable this Content Disarm and Reconstruction feature.

enable

Enable this Content Disarm and Reconstruction feature.

pdf-hyperlink

Enable/disable stripping of hyperlinks from PDF documents.

option

-

enable

Option

Description

disable

Disable this Content Disarm and Reconstruction feature.

enable

Enable this Content Disarm and Reconstruction feature.

pdf-act-gotor

Enable/disable stripping of PDF document actions that access other PDF documents.

option

-

enable

Option

Description

disable

Disable this Content Disarm and Reconstruction feature.

enable

Enable this Content Disarm and Reconstruction feature.

pdf-act-launch

Enable/disable stripping of PDF document actions that launch other applications.

option

-

enable

Option

Description

disable

Disable this Content Disarm and Reconstruction feature.

enable

Enable this Content Disarm and Reconstruction feature.

pdf-act-sound

Enable/disable stripping of PDF document actions that play a sound.

option

-

enable

Option

Description

disable

Disable this Content Disarm and Reconstruction feature.

enable

Enable this Content Disarm and Reconstruction feature.

pdf-act-movie

Enable/disable stripping of PDF document actions that play a movie.

option

-

enable

Option

Description

disable

Disable this Content Disarm and Reconstruction feature.

enable

Enable this Content Disarm and Reconstruction feature.

pdf-act-java

Enable/disable stripping of PDF document actions that execute JavaScript code.

option

-

enable

Option

Description

disable

Disable this Content Disarm and Reconstruction feature.

enable

Enable this Content Disarm and Reconstruction feature.

pdf-act-form

Enable/disable stripping of PDF document actions that submit data to other targets.

option

-

enable

Option

Description

disable

Disable this Content Disarm and Reconstruction feature.

enable

Enable this Content Disarm and Reconstruction feature.

cover-page

Enable/disable inserting a cover page into the disarmed document.

option

-

enable

Option

Description

disable

Disable this Content Disarm and Reconstruction feature.

enable

Enable this Content Disarm and Reconstruction feature.

detect-only

Enable/disable only detect disarmable files, do not alter content.

option

-

disable

Option

Description

disable

Disable this Content Disarm and Reconstruction feature.

enable

Enable this Content Disarm and Reconstruction feature.

config antivirus profile

config antivirus profile

Configure AntiVirus profiles.

config antivirus profile
    Description: Configure AntiVirus profiles.
    edit <name>
        set comment {var-string}
        set replacemsg-group {string}
        set ftgd-analytics [disable|suspicious|...]
        set analytics-max-upload {integer}
        set analytics-ignore-filetype {integer}
        set analytics-accept-filetype {integer}
        set analytics-db [disable|enable]
        set mobile-malware-db [disable|enable]
        config http
            Description: Configure HTTP AntiVirus options.
            set av-scan [disable|block|...]
            set outbreak-prevention [disable|block|...]
            set external-blocklist [disable|block|...]
            set fortindr [disable|block|...]
            set quarantine [disable|enable]
            set archive-block {option1}, {option2}, ...
            set archive-log {option1}, {option2}, ...
            set emulator [enable|disable]
            set unknown-content-encoding [block|inspect|...]
            set content-disarm [disable|enable]
        end
        config ftp
            Description: Configure FTP AntiVirus options.
            set av-scan [disable|block|...]
            set outbreak-prevention [disable|block|...]
            set external-blocklist [disable|block|...]
            set fortindr [disable|block|...]
            set quarantine [disable|enable]
            set archive-block {option1}, {option2}, ...
            set archive-log {option1}, {option2}, ...
            set emulator [enable|disable]
        end
        config imap
            Description: Configure IMAP AntiVirus options.
            set av-scan [disable|block|...]
            set outbreak-prevention [disable|block|...]
            set external-blocklist [disable|block|...]
            set fortindr [disable|block|...]
            set quarantine [disable|enable]
            set archive-block {option1}, {option2}, ...
            set archive-log {option1}, {option2}, ...
            set emulator [enable|disable]
            set executables [default|virus]
            set content-disarm [disable|enable]
        end
        config pop3
            Description: Configure POP3 AntiVirus options.
            set av-scan [disable|block|...]
            set outbreak-prevention [disable|block|...]
            set external-blocklist [disable|block|...]
            set fortindr [disable|block|...]
            set quarantine [disable|enable]
            set archive-block {option1}, {option2}, ...
            set archive-log {option1}, {option2}, ...
            set emulator [enable|disable]
            set executables [default|virus]
            set content-disarm [disable|enable]
        end
        config smtp
            Description: Configure SMTP AntiVirus options.
            set av-scan [disable|block|...]
            set outbreak-prevention [disable|block|...]
            set external-blocklist [disable|block|...]
            set fortindr [disable|block|...]
            set quarantine [disable|enable]
            set archive-block {option1}, {option2}, ...
            set archive-log {option1}, {option2}, ...
            set emulator [enable|disable]
            set executables [default|virus]
            set content-disarm [disable|enable]
        end
        config mapi
            Description: Configure MAPI AntiVirus options.
            set av-scan [disable|block|...]
            set outbreak-prevention [disable|block|...]
            set external-blocklist [disable|block|...]
            set quarantine [disable|enable]
            set archive-block {option1}, {option2}, ...
            set archive-log {option1}, {option2}, ...
            set emulator [enable|disable]
            set executables [default|virus]
        end
        config nntp
            Description: Configure NNTP AntiVirus options.
            set av-scan [disable|block|...]
            set outbreak-prevention [disable|block|...]
            set external-blocklist [disable|block|...]
            set fortindr [disable|block|...]
            set quarantine [disable|enable]
            set archive-block {option1}, {option2}, ...
            set archive-log {option1}, {option2}, ...
            set emulator [enable|disable]
        end
        config cifs
            Description: Configure CIFS AntiVirus options.
            set av-scan [disable|block|...]
            set outbreak-prevention [disable|block|...]
            set external-blocklist [disable|block|...]
            set fortindr [disable|block|...]
            set quarantine [disable|enable]
            set archive-block {option1}, {option2}, ...
            set archive-log {option1}, {option2}, ...
            set emulator [enable|disable]
        end
        config ssh
            Description: Configure SFTP and SCP AntiVirus options.
            set av-scan [disable|block|...]
            set outbreak-prevention [disable|block|...]
            set external-blocklist [disable|block|...]
            set fortindr [disable|block|...]
            set quarantine [disable|enable]
            set archive-block {option1}, {option2}, ...
            set archive-log {option1}, {option2}, ...
            set emulator [enable|disable]
        end
        config nac-quar
            Description: Configure AntiVirus quarantine settings.
            set infected [none|quar-src-ip]
            set expiry {user}
            set log [enable|disable]
        end
        config content-disarm
            Description: AV Content Disarm and Reconstruction settings.
            set original-file-destination [fortisandbox|quarantine|...]
            set error-action [block|log-only|...]
            set office-macro [disable|enable]
            set office-hylink [disable|enable]
            set office-linked [disable|enable]
            set office-embed [disable|enable]
            set office-dde [disable|enable]
            set office-action [disable|enable]
            set pdf-javacode [disable|enable]
            set pdf-embedfile [disable|enable]
            set pdf-hyperlink [disable|enable]
            set pdf-act-gotor [disable|enable]
            set pdf-act-launch [disable|enable]
            set pdf-act-sound [disable|enable]
            set pdf-act-movie [disable|enable]
            set pdf-act-java [disable|enable]
            set pdf-act-form [disable|enable]
            set cover-page [disable|enable]
            set detect-only [disable|enable]
        end
        set outbreak-prevention-archive-scan [disable|enable]
        set external-blocklist-enable-all [disable|enable]
        set external-blocklist <name1>, <name2>, ...
        set ems-threat-feed [disable|enable]
        set fortindr-error-action [log-only|block|...]
        set fortindr-timeout-action [log-only|block|...]
        set av-virus-log [enable|disable]
        set av-block-log [enable|disable]
        set extended-log [enable|disable]
        set scan-mode [default|legacy]
    next
end

config antivirus profile

Parameter

Description

Type

Size

Default

name

Profile name.

string

Maximum length: 35

comment

Comment.

var-string

Maximum length: 255

replacemsg-group

Replacement message group customized for this profile.

string

Maximum length: 35

ftgd-analytics

Settings to control which files are uploaded to FortiSandbox.

option

-

disable

Option

Description

disable

Do not upload files to FortiSandbox.

suspicious

Submit files supported by FortiSandbox if heuristics or other methods determine they are suspicious.

everything

Submit files supported by FortiSandbox and known infected files.

analytics-max-upload

Maximum size of files that can be uploaded to FortiSandbox.

integer

Minimum value: 1 Maximum value: 26214

10

analytics-ignore-filetype

Do not submit files matching this DLP file-pattern to FortiSandbox.

integer

Minimum value: 0 Maximum value: 4294967295

0

analytics-accept-filetype

Only submit files matching this DLP file-pattern to FortiSandbox.

integer

Minimum value: 0 Maximum value: 4294967295

0

analytics-db

Enable/disable using the FortiSandbox signature database to supplement the AV signature databases.

option

-

disable

Option

Description

disable

Use only the standard AV signature databases.

enable

Also use the FortiSandbox signature database.

mobile-malware-db

Enable/disable using the mobile malware signature database.

option

-

enable

Option

Description

disable

Do not use the mobile malware signature database.

enable

Also use the mobile malware signature database.

outbreak-prevention-archive-scan

Enable/disable outbreak-prevention archive scanning.

option

-

enable

Option

Description

disable

Analyze files as sent, not the content of archives.

enable

Analyze files including the content of archives.

external-blocklist-enable-all

Enable/disable all external blocklists.

option

-

disable

Option

Description

disable

Use configured external blocklists.

enable

Enable all external blocklists.

external-blocklist <name>

One or more external malware block lists.

External blocklist.

string

Maximum length: 79

ems-threat-feed

Enable/disable use of EMS threat feed when performing AntiVirus scan. Analyzes files including the content of archives.

option

-

disable

Option

Description

disable

Disable use of EMS threat feed when performing AntiVirus scan.

enable

Enable use of EMS threat feed when performing AntiVirus scan.

fortindr-error-action

Action to take if FortiNDR encounters an error.

option

-

log-only

Option

Description

log-only

Log FortiNDR error, but allow the file.

block

Block the file on FortiNDR error.

ignore

Do nothing on FortiNDR error.

fortindr-timeout-action

Action to take if FortiNDR encounters a scan timeout.

option

-

log-only

Option

Description

log-only

Log FortiNDR scan timeout, but allow the file.

block

Block the file on FortiNDR scan timeout.

ignore

Do nothing on FortiNDR scan timeout.

av-virus-log

Enable/disable AntiVirus logging.

option

-

enable

Option

Description

enable

Enable setting.

disable

Disable setting.

av-block-log

Enable/disable logging for AntiVirus file blocking.

option

-

enable

Option

Description

enable

Enable setting.

disable

Disable setting.

extended-log

Enable/disable extended logging for antivirus.

option

-

disable

Option

Description

enable

Enable setting.

disable

Disable setting.

scan-mode

Configure scan mode.

option

-

default

Option

Description

default

On the fly decompression and scanning of certain archive files.

legacy

Scan archive files only after the entire file is received.

config http

Parameter

Description

Type

Size

Default

av-scan

Enable AntiVirus scan service.

option

-

disable

Option

Description

disable

Disable.

block

Block the virus infected files.

monitor

Log the virus infected files.

outbreak-prevention

Enable virus outbreak prevention service.

option

-

disable

Option

Description

disable

Disable.

block

Block the matched files.

monitor

Log the matched files.

external-blocklist

Enable external-blocklist. Analyzes files including the content of archives.

option

-

disable

Option

Description

disable

Disable.

block

Block the matched files.

monitor

Log the matched files.

fortindr

Enable/disable scanning of files by FortiNDR.

option

-

disable

Option

Description

disable

Disable.

block

Block the FortiNDR detected infections.

monitor

Log the FortiNDR detected infections.

quarantine

Enable/disable quarantine for infected files.

option

-

disable

Option

Description

disable

Disable quarantine for infected files.

enable

Enable quarantine for infected files.

archive-block

Select the archive types to block.

option

-

Option

Description

encrypted

Block encrypted archives.

corrupted

Block corrupted archives.

partiallycorrupted

Block partially corrupted archives.

multipart

Block multipart archives.

nested

Block nested archives that exceed uncompressed nest limit.

mailbomb

Block mail bomb archives.

timeout

Block scan timeout.

unhandled

Block archives that FortiProxy cannot open.

archive-log

Select the archive types to log.

option

-

Option

Description

encrypted

Log encrypted archives.

corrupted

Log corrupted archives.

partiallycorrupted

Log partially corrupted archives.

multipart

Log multipart archives.

nested

Log nested archives that exceed uncompressed nest limit.

mailbomb

Log mail bomb archives.

timeout

Log scan timeout.

unhandled

Log archives that FortiProxy cannot open.

emulator

Enable/disable the virus emulator.

option

-

enable

Option

Description

enable

Enable the virus emulator.

disable

Disable the virus emulator.

unknown-content-encoding

Configure the action the FortiGate unit will take on unknown content-encoding.

option

-

block

Option

Description

block

Block HTTP session when unknown content-encoding is detected.

inspect

Inspect HTTP traffic as plain-text with AV scan when unknown content-encoding is detected.

bypass

Bypass AV scan when unknown content-encoding is detected.

content-disarm

Enable/disable Content Disarm and Reconstruction when performing AntiVirus scan.

option

-

disable

Option

Description

disable

Disable Content Disarm and Reconstruction when performing AntiVirus scan.

enable

Enable Content Disarm and Reconstruction when performing AntiVirus scan.

config ftp

Parameter

Description

Type

Size

Default

av-scan

Enable AntiVirus scan service.

option

-

disable

Option

Description

disable

Disable.

block

Block the virus infected files.

monitor

Log the virus infected files.

outbreak-prevention

Enable virus outbreak prevention service.

option

-

disable

Option

Description

disable

Disable.

block

Block the matched files.

monitor

Log the matched files.

external-blocklist

Enable external-blocklist. Analyzes files including the content of archives.

option

-

disable

Option

Description

disable

Disable.

block

Block the matched files.

monitor

Log the matched files.

fortindr

Enable/disable scanning of files by FortiNDR.

option

-

disable

Option

Description

disable

Disable.

block

Block the FortiNDR detected infections.

monitor

Log the FortiNDR detected infections.

quarantine

Enable/disable quarantine for infected files.

option

-

disable

Option

Description

disable

Disable quarantine for infected files.

enable

Enable quarantine for infected files.

archive-block

Select the archive types to block.

option

-

Option

Description

encrypted

Block encrypted archives.

corrupted

Block corrupted archives.

partiallycorrupted

Block partially corrupted archives.

multipart

Block multipart archives.

nested

Block nested archives that exceed uncompressed nest limit.

mailbomb

Block mail bomb archives.

timeout

Block scan timeout.

unhandled

Block archives that FortiProxy cannot open.

archive-log

Select the archive types to log.

option

-

Option

Description

encrypted

Log encrypted archives.

corrupted

Log corrupted archives.

partiallycorrupted

Log partially corrupted archives.

multipart

Log multipart archives.

nested

Log nested archives that exceed uncompressed nest limit.

mailbomb

Log mail bomb archives.

timeout

Log scan timeout.

unhandled

Log archives that FortiProxy cannot open.

emulator

Enable/disable the virus emulator.

option

-

enable

Option

Description

enable

Enable the virus emulator.

disable

Disable the virus emulator.

config imap

Parameter

Description

Type

Size

Default

av-scan

Enable AntiVirus scan service.

option

-

disable

Option

Description

disable

Disable.

block

Block the virus infected files.

monitor

Log the virus infected files.

outbreak-prevention

Enable virus outbreak prevention service.

option

-

disable

Option

Description

disable

Disable.

block

Block the matched files.

monitor

Log the matched files.

external-blocklist

Enable external-blocklist. Analyzes files including the content of archives.

option

-

disable

Option

Description

disable

Disable.

block

Block the matched files.

monitor

Log the matched files.

fortindr

Enable/disable scanning of files by FortiNDR.

option

-

disable

Option

Description

disable

Disable.

block

Block the FortiNDR detected infections.

monitor

Log the FortiNDR detected infections.

quarantine

Enable/disable quarantine for infected files.

option

-

disable

Option

Description

disable

Disable quarantine for infected files.

enable

Enable quarantine for infected files.

archive-block

Select the archive types to block.

option

-

Option

Description

encrypted

Block encrypted archives.

corrupted

Block corrupted archives.

partiallycorrupted

Block partially corrupted archives.

multipart

Block multipart archives.

nested

Block nested archives that exceed uncompressed nest limit.

mailbomb

Block mail bomb archives.

timeout

Block scan timeout.

unhandled

Block archives that FortiProxy cannot open.

archive-log

Select the archive types to log.

option

-

Option

Description

encrypted

Log encrypted archives.

corrupted

Log corrupted archives.

partiallycorrupted

Log partially corrupted archives.

multipart

Log multipart archives.

nested

Log nested archives that exceed uncompressed nest limit.

mailbomb

Log mail bomb archives.

timeout

Log scan timeout.

unhandled

Log archives that FortiProxy cannot open.

emulator

Enable/disable the virus emulator.

option

-

enable

Option

Description

enable

Enable the virus emulator.

disable

Disable the virus emulator.

executables

Treat Windows executable files as viruses for the purpose of blocking or monitoring.

option

-

default

Option

Description

default

Perform standard AntiVirus scanning of Windows executable files.

virus

Treat Windows executables as viruses.

content-disarm

Enable/disable Content Disarm and Reconstruction when performing AntiVirus scan.

option

-

disable

Option

Description

disable

Disable Content Disarm and Reconstruction when performing AntiVirus scan.

enable

Enable Content Disarm and Reconstruction when performing AntiVirus scan.

config pop3

Parameter

Description

Type

Size

Default

av-scan

Enable AntiVirus scan service.

option

-

disable

Option

Description

disable

Disable.

block

Block the virus infected files.

monitor

Log the virus infected files.

outbreak-prevention

Enable virus outbreak prevention service.

option

-

disable

Option

Description

disable

Disable.

block

Block the matched files.

monitor

Log the matched files.

external-blocklist

Enable external-blocklist. Analyzes files including the content of archives.

option

-

disable

Option

Description

disable

Disable.

block

Block the matched files.

monitor

Log the matched files.

fortindr

Enable/disable scanning of files by FortiNDR.

option

-

disable

Option

Description

disable

Disable.

block

Block the FortiNDR detected infections.

monitor

Log the FortiNDR detected infections.

quarantine

Enable/disable quarantine for infected files.

option

-

disable

Option

Description

disable

Disable quarantine for infected files.

enable

Enable quarantine for infected files.

archive-block

Select the archive types to block.

option

-

Option

Description

encrypted

Block encrypted archives.

corrupted

Block corrupted archives.

partiallycorrupted

Block partially corrupted archives.

multipart

Block multipart archives.

nested

Block nested archives that exceed uncompressed nest limit.

mailbomb

Block mail bomb archives.

timeout

Block scan timeout.

unhandled

Block archives that FortiProxy cannot open.

archive-log

Select the archive types to log.

option

-

Option

Description

encrypted

Log encrypted archives.

corrupted

Log corrupted archives.

partiallycorrupted

Log partially corrupted archives.

multipart

Log multipart archives.

nested

Log nested archives that exceed uncompressed nest limit.

mailbomb

Log mail bomb archives.

timeout

Log scan timeout.

unhandled

Log archives that FortiProxy cannot open.

emulator

Enable/disable the virus emulator.

option

-

enable

Option

Description

enable

Enable the virus emulator.

disable

Disable the virus emulator.

executables

Treat Windows executable files as viruses for the purpose of blocking or monitoring.

option

-

default

Option

Description

default

Perform standard AntiVirus scanning of Windows executable files.

virus

Treat Windows executables as viruses.

content-disarm

Enable/disable Content Disarm and Reconstruction when performing AntiVirus scan.

option

-

disable

Option

Description

disable

Disable Content Disarm and Reconstruction when performing AntiVirus scan.

enable

Enable Content Disarm and Reconstruction when performing AntiVirus scan.

config smtp

Parameter

Description

Type

Size

Default

av-scan

Enable AntiVirus scan service.

option

-

disable

Option

Description

disable

Disable.

block

Block the virus infected files.

monitor

Log the virus infected files.

outbreak-prevention

Enable virus outbreak prevention service.

option

-

disable

Option

Description

disable

Disable.

block

Block the matched files.

monitor

Log the matched files.

external-blocklist

Enable external-blocklist. Analyzes files including the content of archives.

option

-

disable

Option

Description

disable

Disable.

block

Block the matched files.

monitor

Log the matched files.

fortindr

Enable/disable scanning of files by FortiNDR.

option

-

disable

Option

Description

disable

Disable.

block

Block the FortiNDR detected infections.

monitor

Log the FortiNDR detected infections.

quarantine

Enable/disable quarantine for infected files.

option

-

disable

Option

Description

disable

Disable quarantine for infected files.

enable

Enable quarantine for infected files.

archive-block

Select the archive types to block.

option

-

Option

Description

encrypted

Block encrypted archives.

corrupted

Block corrupted archives.

partiallycorrupted

Block partially corrupted archives.

multipart

Block multipart archives.

nested

Block nested archives that exceed uncompressed nest limit.

mailbomb

Block mail bomb archives.

timeout

Block scan timeout.

unhandled

Block archives that FortiProxy cannot open.

archive-log

Select the archive types to log.

option

-

Option

Description

encrypted

Log encrypted archives.

corrupted

Log corrupted archives.

partiallycorrupted

Log partially corrupted archives.

multipart

Log multipart archives.

nested

Log nested archives that exceed uncompressed nest limit.

mailbomb

Log mail bomb archives.

timeout

Log scan timeout.

unhandled

Log archives that FortiProxy cannot open.

emulator

Enable/disable the virus emulator.

option

-

enable

Option

Description

enable

Enable the virus emulator.

disable

Disable the virus emulator.

executables

Treat Windows executable files as viruses for the purpose of blocking or monitoring.

option

-

default

Option

Description

default

Perform standard AntiVirus scanning of Windows executable files.

virus

Treat Windows executables as viruses.

content-disarm

Enable/disable Content Disarm and Reconstruction when performing AntiVirus scan.

option

-

disable

Option

Description

disable

Disable Content Disarm and Reconstruction when performing AntiVirus scan.

enable

Enable Content Disarm and Reconstruction when performing AntiVirus scan.

config mapi

Parameter

Description

Type

Size

Default

av-scan

Enable AntiVirus scan service.

option

-

disable

Option

Description

disable

Disable.

block

Block the virus infected files.

monitor

Log the virus infected files.

outbreak-prevention

Enable virus outbreak prevention service.

option

-

disable

Option

Description

disable

Disable.

block

Block the matched files.

monitor

Log the matched files.

external-blocklist

Enable external-blocklist. Analyzes files including the content of archives.

option

-

disable

Option

Description

disable

Disable.

block

Block the matched files.

monitor

Log the matched files.

quarantine

Enable/disable quarantine for infected files.

option

-

disable

Option

Description

disable

Disable quarantine for infected files.

enable

Enable quarantine for infected files.

archive-block

Select the archive types to block.

option

-

Option

Description

encrypted

Block encrypted archives.

corrupted

Block corrupted archives.

partiallycorrupted

Block partially corrupted archives.

multipart

Block multipart archives.

nested

Block nested archives that exceed uncompressed nest limit.

mailbomb

Block mail bomb archives.

timeout

Block scan timeout.

unhandled

Block archives that FortiProxy cannot open.

archive-log

Select the archive types to log.

option

-

Option

Description

encrypted

Log encrypted archives.

corrupted

Log corrupted archives.

partiallycorrupted

Log partially corrupted archives.

multipart

Log multipart archives.

nested

Log nested archives that exceed uncompressed nest limit.

mailbomb

Log mail bomb archives.

timeout

Log scan timeout.

unhandled

Log archives that FortiProxy cannot open.

emulator

Enable/disable the virus emulator.

option

-

enable

Option

Description

enable

Enable the virus emulator.

disable

Disable the virus emulator.

executables

Treat Windows executable files as viruses for the purpose of blocking or monitoring.

option

-

default

Option

Description

default

Perform standard AntiVirus scanning of Windows executable files.

virus

Treat Windows executables as viruses.

config nntp

Parameter

Description

Type

Size

Default

av-scan

Enable AntiVirus scan service.

option

-

disable

Option

Description

disable

Disable.

block

Block the virus infected files.

monitor

Log the virus infected files.

outbreak-prevention

Enable virus outbreak prevention service.

option

-

disable

Option

Description

disable

Disable.

block

Block the matched files.

monitor

Log the matched files.

external-blocklist

Enable external-blocklist. Analyzes files including the content of archives.

option

-

disable

Option

Description

disable

Disable.

block

Block the matched files.

monitor

Log the matched files.

fortindr

Enable/disable scanning of files by FortiNDR.

option

-

disable

Option

Description

disable

Disable.

block

Block the FortiNDR detected infections.

monitor

Log the FortiNDR detected infections.

quarantine

Enable/disable quarantine for infected files.

option

-

disable

Option

Description

disable

Disable quarantine for infected files.

enable

Enable quarantine for infected files.

archive-block

Select the archive types to block.

option

-

Option

Description

encrypted

Block encrypted archives.

corrupted

Block corrupted archives.

partiallycorrupted

Block partially corrupted archives.

multipart

Block multipart archives.

nested

Block nested archives that exceed uncompressed nest limit.

mailbomb

Block mail bomb archives.

timeout

Block scan timeout.

unhandled

Block archives that FortiProxy cannot open.

archive-log

Select the archive types to log.

option

-

Option

Description

encrypted

Log encrypted archives.

corrupted

Log corrupted archives.

partiallycorrupted

Log partially corrupted archives.

multipart

Log multipart archives.

nested

Log nested archives that exceed uncompressed nest limit.

mailbomb

Log mail bomb archives.

timeout

Log scan timeout.

unhandled

Log archives that FortiProxy cannot open.

emulator

Enable/disable the virus emulator.

option

-

enable

Option

Description

enable

Enable the virus emulator.

disable

Disable the virus emulator.

config cifs

Parameter

Description

Type

Size

Default

av-scan

Enable AntiVirus scan service.

option

-

disable

Option

Description

disable

Disable.

block

Block the virus infected files.

monitor

Log the virus infected files.

outbreak-prevention

Enable virus outbreak prevention service.

option

-

disable

Option

Description

disable

Disable.

block

Block the matched files.

monitor

Log the matched files.

external-blocklist

Enable external-blocklist. Analyzes files including the content of archives.

option

-

disable

Option

Description

disable

Disable.

block

Block the matched files.

monitor

Log the matched files.

fortindr

Enable/disable scanning of files by FortiNDR.

option

-

disable

Option

Description

disable

Disable.

block

Block the FortiNDR detected infections.

monitor

Log the FortiNDR detected infections.

quarantine

Enable/disable quarantine for infected files.

option

-

disable

Option

Description

disable

Disable quarantine for infected files.

enable

Enable quarantine for infected files.

archive-block

Select the archive types to block.

option

-

Option

Description

encrypted

Block encrypted archives.

corrupted

Block corrupted archives.

partiallycorrupted

Block partially corrupted archives.

multipart

Block multipart archives.

nested

Block nested archives that exceed uncompressed nest limit.

mailbomb

Block mail bomb archives.

timeout

Block scan timeout.

unhandled

Block archives that FortiProxy cannot open.

archive-log

Select the archive types to log.

option

-

Option

Description

encrypted

Log encrypted archives.

corrupted

Log corrupted archives.

partiallycorrupted

Log partially corrupted archives.

multipart

Log multipart archives.

nested

Log nested archives that exceed uncompressed nest limit.

mailbomb

Log mail bomb archives.

timeout

Log scan timeout.

unhandled

Log archives that FortiProxy cannot open.

emulator

Enable/disable the virus emulator.

option

-

enable

Option

Description

enable

Enable the virus emulator.

disable

Disable the virus emulator.

config ssh

Parameter

Description

Type

Size

Default

av-scan

Enable AntiVirus scan service.

option

-

disable

Option

Description

disable

Disable.

block

Block the virus infected files.

monitor

Log the virus infected files.

outbreak-prevention

Enable virus outbreak prevention service.

option

-

disable

Option

Description

disable

Disable.

block

Block the matched files.

monitor

Log the matched files.

external-blocklist

Enable external-blocklist. Analyzes files including the content of archives.

option

-

disable

Option

Description

disable

Disable.

block

Block the matched files.

monitor

Log the matched files.

fortindr

Enable/disable scanning of files by FortiNDR.

option

-

disable

Option

Description

disable

Disable.

block

Block the FortiNDR detected infections.

monitor

Log the FortiNDR detected infections.

quarantine

Enable/disable quarantine for infected files.

option

-

disable

Option

Description

disable

Disable quarantine for infected files.

enable

Enable quarantine for infected files.

archive-block

Select the archive types to block.

option

-

Option

Description

encrypted

Block encrypted archives.

corrupted

Block corrupted archives.

partiallycorrupted

Block partially corrupted archives.

multipart

Block multipart archives.

nested

Block nested archives that exceed uncompressed nest limit.

mailbomb

Block mail bomb archives.

timeout

Block scan timeout.

unhandled

Block archives that FortiProxy cannot open.

archive-log

Select the archive types to log.

option

-

Option

Description

encrypted

Log encrypted archives.

corrupted

Log corrupted archives.

partiallycorrupted

Log partially corrupted archives.

multipart

Log multipart archives.

nested

Log nested archives that exceed uncompressed nest limit.

mailbomb

Log mail bomb archives.

timeout

Log scan timeout.

unhandled

Log archives that FortiProxy cannot open.

emulator

Enable/disable the virus emulator.

option

-

enable

Option

Description

enable

Enable the virus emulator.

disable

Disable the virus emulator.

config nac-quar

Parameter

Description

Type

Size

Default

infected

Enable/Disable quarantining infected hosts to the banned user list.

option

-

none

Option

Description

none

Do not quarantine infected hosts.

quar-src-ip

Quarantine all traffic from the infected hosts source IP.

expiry

Duration of quarantine.

user

Not Specified

5m

log

Enable/disable AntiVirus quarantine logging.

option

-

disable

Option

Description

enable

Enable AntiVirus quarantine logging.

disable

Disable AntiVirus quarantine logging.

config content-disarm

Parameter

Description

Type

Size

Default

original-file-destination

Destination to send original file if active content is removed.

option

-

discard

Option

Description

fortisandbox

Send original file to configured FortiSandbox.

quarantine

Send original file to quarantine.

discard

Original file will be discarded after content disarm.

error-action

Action to be taken if CDR engine encounters an unrecoverable error.

option

-

log-only

Option

Description

block

Block file on CDR error.

log-only

Log CDR error, but allow file.

ignore

Do nothing on CDR error.

office-macro

Enable/disable stripping of macros in Microsoft Office documents.

option

-

enable

Option

Description

disable

Disable this Content Disarm and Reconstruction feature.

enable

Enable this Content Disarm and Reconstruction feature.

office-hylink

Enable/disable stripping of hyperlinks in Microsoft Office documents.

option

-

enable

Option

Description

disable

Disable this Content Disarm and Reconstruction feature.

enable

Enable this Content Disarm and Reconstruction feature.

office-linked

Enable/disable stripping of linked objects in Microsoft Office documents.

option

-

enable

Option

Description

disable

Disable this Content Disarm and Reconstruction feature.

enable

Enable this Content Disarm and Reconstruction feature.

office-embed

Enable/disable stripping of embedded objects in Microsoft Office documents.

option

-

enable

Option

Description

disable

Disable this Content Disarm and Reconstruction feature.

enable

Enable this Content Disarm and Reconstruction feature.

office-dde

Enable/disable stripping of Dynamic Data Exchange events in Microsoft Office documents.

option

-

enable

Option

Description

disable

Disable this Content Disarm and Reconstruction feature.

enable

Enable this Content Disarm and Reconstruction feature.

office-action

Enable/disable stripping of PowerPoint action events in Microsoft Office documents.

option

-

enable

Option

Description

disable

Disable this Content Disarm and Reconstruction feature.

enable

Enable this Content Disarm and Reconstruction feature.

pdf-javacode

Enable/disable stripping of JavaScript code in PDF documents.

option

-

enable

Option

Description

disable

Disable this Content Disarm and Reconstruction feature.

enable

Enable this Content Disarm and Reconstruction feature.

pdf-embedfile

Enable/disable stripping of embedded files in PDF documents.

option

-

enable

Option

Description

disable

Disable this Content Disarm and Reconstruction feature.

enable

Enable this Content Disarm and Reconstruction feature.

pdf-hyperlink

Enable/disable stripping of hyperlinks from PDF documents.

option

-

enable

Option

Description

disable

Disable this Content Disarm and Reconstruction feature.

enable

Enable this Content Disarm and Reconstruction feature.

pdf-act-gotor

Enable/disable stripping of PDF document actions that access other PDF documents.

option

-

enable

Option

Description

disable

Disable this Content Disarm and Reconstruction feature.

enable

Enable this Content Disarm and Reconstruction feature.

pdf-act-launch

Enable/disable stripping of PDF document actions that launch other applications.

option

-

enable

Option

Description

disable

Disable this Content Disarm and Reconstruction feature.

enable

Enable this Content Disarm and Reconstruction feature.

pdf-act-sound

Enable/disable stripping of PDF document actions that play a sound.

option

-

enable

Option

Description

disable

Disable this Content Disarm and Reconstruction feature.

enable

Enable this Content Disarm and Reconstruction feature.

pdf-act-movie

Enable/disable stripping of PDF document actions that play a movie.

option

-

enable

Option

Description

disable

Disable this Content Disarm and Reconstruction feature.

enable

Enable this Content Disarm and Reconstruction feature.

pdf-act-java

Enable/disable stripping of PDF document actions that execute JavaScript code.

option

-

enable

Option

Description

disable

Disable this Content Disarm and Reconstruction feature.

enable

Enable this Content Disarm and Reconstruction feature.

pdf-act-form

Enable/disable stripping of PDF document actions that submit data to other targets.

option

-

enable

Option

Description

disable

Disable this Content Disarm and Reconstruction feature.

enable

Enable this Content Disarm and Reconstruction feature.

cover-page

Enable/disable inserting a cover page into the disarmed document.

option

-

enable

Option

Description

disable

Disable this Content Disarm and Reconstruction feature.

enable

Enable this Content Disarm and Reconstruction feature.

detect-only

Enable/disable only detect disarmable files, do not alter content.

option

-

disable

Option

Description

disable

Disable this Content Disarm and Reconstruction feature.

enable

Enable this Content Disarm and Reconstruction feature.