AntiVirus Antivirus settings and controls
FortiGate Version 4.0 MR1 Administration Guide
01-410-89802-20090903 519
http://docs.fortinet.com/ • Feedback
File pattern
Once a file is accepted, the FortiGate unit applies the file pattern recognition filter. The
FortiGate unit will check the file against the file pattern setting you have configured. If the
file is a blocked pattern, “.EXE” for example, then it is stopped and a replacement
message is sent to the end user. No other levels of protections are applied. If the file is not
a blocked pattern the next level of protection is applied.
File type
Once a file passes the heuristic scan, the FortiGate unit applies the file type recognition
filter. The FortiGate unit will check the file against the file type setting you have configured.
If the file is a blocked type, then it is stopped and a replacement message is sent to the
end user. No other levels of protections are applied. If the file is not a blocked type, the
next level of protection is applied.
Virus scan
If the file passes the file pattern scan, it will have a virus scan applied to it. The virus
definitions are keep up to date through the FortiNet Distribution Network. The list is
updated on a regular basis so you do not have to wait for a firmware upgrade. For more
information on updating virus definitions, see “FortiGuard antivirus” on page 519.
Grayware
Once past the virus scan, the incoming file will be checked for grayware. Grayware
checking can be turned on and off as required. Grayware signatures are kept up to date
because the are included in the antivirus definitions. For more information on see
“Selecting the virus database” on page 527.
Heuristics
After an incoming file has passed the grayware scan, it is subjected to the heuristics scan.
The FortiGate heuristic antivirus engine, if enabled, performs tests on the file to detect
virus-like behavior or known virus indicators. In this way, heuristic scanning may detect
new viruses, but may also produce some false positive results.
FortiGuard antivirus
FortiGuard antivirus services are an excellent resource and include automatic updates of
virus and IPS (attack) engines and definitions, as well as the local spam DNSBL, through
the FortiGuard Distribution Network (FDN). The FortiGuard Center also provides the
FortiGuard antivirus virus and attack encyclopedia and the FortiGuard Bulletin. Visit the
Fortinet Knowledge Center for details and a link to the FortiGuard Center.
The connection between the FortiGate unit and FortiGuard Center is configured in
System > Maintenance > FortiGuard. See “Configuring the FortiGate unit for FDN and
FortiGuard subscription services” on page 323 for more information.
Antivirus settings and controls
While antivirus settings are configured for system-wide use, specific settings can be
implemented on a per profile basis. Table 47 compares antivirus options in protection
profiles and the antivirus menu.
Note: Heuristics is configurable only through the CLI. See the FortiGate CLI Reference.
To Next Page
Loading...
Need help?
General
