AntiVirus Order of operations
FortiGate Version 4.0 MR1 Administration Guide
01-410-89802-20090903 517
http://docs.fortinet.com/ • Feedback
AntiVirus
This section describes how to configure the antivirus options associated with firewall
protection profiles. From a protection profile you can configure the FortiGate unit to apply
antivirus protection to HTTP, FTP, IMAP, POP3, SMTP, IM, and NNTP sessions. If your
FortiGate unit supports SSL content scanning and inspection you can also configure
antivirus protection for HTTPS, IMAPS,POP3S, and SMTPS sessions. For more
information, see “SSL content scanning and inspection” on page 481.
This section provides an introduction to antivirus settings. For more information see the
FortiGate UTM User Guide.
If you enable virtual domains (VDOMs) on the FortiGate unit, UTM > Antivirus options are
configured separately for each virtual domain. For details, see “Using virtual domains” on
page 159.
This section describes:
• Order of operations
• Antivirus tasks
• Antivirus settings and controls
• File Filter
• File Quarantine
• Selecting the virus database
• Antivirus CLI configuration
Order of operations
Antivirus scanning function includes various modules and engines that perform separate
tasks. The FortiGate unit performs antivirus processing in the following order:
• File size
• File pattern
• File type
• Virus scan
• Grayware
• Heuristics
If a file fails any of the tasks of the antivirus scan, no further scans are performed. For
example, if the file “fakefile.EXE” is recognized as a blocked pattern, the FortiGate unit will
send the end user a replacement message and the file will be deleted or quarantined. The
virus scan, grayware, heuristics, and file type scans will not be performed as the file is
already been determined to be a threat and has been dealt with.
Note: File filter includes file pattern and file type scans which are applied at different stages
in the antivirus process.
To Next Page
Loading...
Need help?
General