AntiVirus Quarantine
FortiGate Version 3.0 MR4 Administration Guide
01-30004-0203-20070102 341
Quarantine
FortiGate units with a local disk can quarantine blocked and infected files. View
the file name and status information about the file in the quarantined file list.
Submit specific files and add file patterns to the AutoSubmit list so they will
automatically be uploaded to Fortinet for analysis.
FortiGate units without a local disk can quarantine blocked and infected files to a
FortiAnalyzer unit. Files stored on the FortiAnalyzer can be retrieved for viewing.
To configure the FortiAnalyzer unit, go to Log & Report > Log Config > Log
Setting.
Viewing the Quarantined Files list
The Quarantined Files list displays information about each file quarantined
because of virus infection or file blocking. Sort the files by file name, date, service,
status, duplicate count (DC), or time to live (TTL). Filter the list to view only
quarantined files with a specific status or from a specific service.
To view the Quarantined Files list, go to AntiVirus > Quarantine > Quarantined
Files.
Figure 222:Quarantined files list
The quarantined files list has the following features and displays the following
information about each quarantined file:
Note: If virtual domains are enabled on the FortiGate unit, antivirus features are configured
globally. To access these features, select Global Configuration on the main menu.
Apply Select to apply the sorting and filtering selections to the quarantined
files list.
Sort by Sort the list. Choose from: status, service, file name, date, TTL, or
duplicate count. Select Apply to complete the sort.
Filter Filter the list. Choose from status (infected, blocked, or heuristics) or
service (IMAP, POP3, SMTP, FTP, or HTTP). Select Apply to complete
the filtering. Heuristics mode is configurable through the CLI only. See
“Antivirus CLI configuration” on page 347.
File Name The processed file name of the quarantined file. When a file is
quarantined, all spaces are removed from the file name, and a 32-bit
checksum is performed on the file. The checksum appears in the
replacement message but not in the quarantined file. The file is stored
on the FortiGate hard disk with the following naming convention:
<32bit_CRC>.<processed_filename>
For example, a file named Over Size.exe is stored as
3fc155d2.oversize.exe.
Date The date and time the file was quarantined, in the format dd/mm/yyyy
hh:mm. This value indicates the time that the first file was quarantined
if the duplicate count increases.
To Next Page
Loading...
