Antivirus scanning

Antivirus protection

 

 

6Configure the FortiGate unit to send an alert email when it blocks or deletes an infected file. See “Configuring alert email” in the Logging and Message Reference Guide.

Note: For information about receiving virus log messages, see “Configuring logging”, and for information about log message content and format, see “Virus log messages” in the Logging Configuration and Reference Guide

Antivirus scanning

Virus scanning intercepts most files (including files compressed with up to 12 layers of compression using zip, rar, gzip, tar, upx, and OLE) in the content streams for which you enable antivirus protection. Each file is tested to determine the file type and the most effective method of scanning the file for viruses. For example, binary files are scanned using binary virus scanning and Microsoft Office files containing macros are scanned for macro viruses.

FortiGate virus scanning does not scan the following file types:

cdimage

floppy image

.ace

.bzip2

.Tar+Gzip+Bzip2

If a file is found to contain a virus, the FortiGate unit removes the file from the content stream and replaces it with a replacement message.

If your FortiGate unit includes a hard disk and if quarantine is enabled for infected files for the matching traffic protocol, the FortiGate unit adds the file to the quarantine list.

To scan FortiGate firewall traffic for viruses

1Select antivirus scanning in a content profile.

For information about content profiles, see “Adding content profiles” on page 219.

2Optionally select Quarantine in this content profile.

3Add this content profile to firewall policies to apply virus scanning to the traffic controlled by the firewall policy.

See “Adding content profiles to policies” on page 221.

4Configure file quarantine settings to control the quarantining of infected files.

For information about configuring quarantine options, see “Configuring quarantine options” on page 285.

280

Fortinet Inc.

Page 280
Image 280
Fortinet FortiGate-800 manual Antivirus scanning, 280, To scan FortiGate firewall traffic for viruses