Fortinet 393 FortiWeb 5.0 Patch 6 Administration Guide
Troj ans Enable to scan for trojans, viruses, malware, and greyware. Yo u
must also configure a file upload restriction where you enable
Antivirus Scan (see “Limiting file uploads” on page 451).
Attack log messages contain the file name and signature ID (for
example, filename [eicar.com] virus name
[EICAR_TEST_FILE]: Waf anti-virus) when this feature
detects a possible virus.
In the Action column, select that the FortiWeb will do when it
detects this type of attack:
•Alert
•Alert & Deny
•Period Block
•Redirect
• Send 403 Forbidden
To configure which database of signatures to use, select either
Regular Virus Database or Extended Virus Database (see
“Choosing the virus signature database & decompression buffer”
on page 138).
Caution: Files greater than the scan buffer configured in Maximum
Antivirus Buffer Size are too large for FortiWeb to decompress, and
will pass through without being scanned. This could allow
malware to reach your web severs. To block oversized files, you
must configure Body Length.
Caution: To remain effective as new malware emerges, it is vital
that your FortiWeb can connect to FortiGuard services to regularly
update its engine and signatures. Failure to do so will cause this
feature to become less effective over time, and may allow viruses
to pass through your FortiWeb. For instructions on how to verify
connectivity and enable automatic updates, see “Connecting to
FortiGuard services” on page 134.
Setting name Description