prescan-config
Configure support for large files of up to 10GB in VM. Large file support is only available for VMs although this command is available on all platforms. Large files are usually archive files that contain many files.
In a cluster environment, use this command only in the primary node and the setting is synchronized to other nodes.
|
We recommend to only specifying one option each time. |
Syntax
prescan-config [-h|-l|-c|-n|-b|-y|-z|-a|-u]
|
Option |
Description |
|---|---|
|
-a |
Set size limit (<100M) of the archive file that will be scanned with the executable file in VM (default 5M) While scanning executable child files inside a zip file, the zip file may be needed as well. This is because the executable child files may reference another file inside the zip file. FortiSandbox is able to pass the parent zip file into the VM along with the executable child file while it is scanning inside the VM. However, for performance reasons, the default maximum size of the parent zip that can be passed into the VM is 5M. You can modify this value to up to 100M if needed. |
|
-b |
Set big file (>512MB) unpack timeout in seconds (default = 600, max = 86400). |
|
-c |
Set maximum number of child files to extract from archive file (default = 1000). |
|
-h |
Help information. |
|
-l |
Show prescan configuration settings. |
|
-n |
Set regular file (<=512MB) unpack timeout in seconds (default = 15, max = 3600). |
|
-u |
Unset all prescan settings, that is, set to default. |
|
-y |
Set regular file (<=512M) yara scan timeout in seconds (default = 30, max 3600) |
|
-z |
Set big file (>512M) yara scan timeout in seconds (default = 60, max = 3600) |
|
The unpack timeout and number of child files can be increased to improve threat detection. For more information, see Enhancing Threat Detection in the FortiSandbox Best Practices Guide. |