AntiVirus Order of operations
FortiGate Version 4.0 Administration Guide
01-400-89802-20090424 439
http://docs.fortinet.com/ • Feedback
AntiVirus
This section describes how to configure the antivirus options associated with firewall
protection profiles. From a protection profile you can configure the FortiGate unit to apply
antivirus protection to HTTP, FTP, IMAP, POP3, SMTP, IM, and NNTP sessions. If your
FortiGate unit supports SSL content scanning and inspection you can also configure
antivirus protection for HTTPS, IMAPS,POP3S, and SMTPS sessions. For more
information, see “SSL content scanning and inspection” on page 399.
If you enable virtual domains (VDOMs) on the FortiGate unit, most antivirus options are
configured separately for each virtual domain. However, the file quarantine, the virus list
and the grayware list are part of the global configuration. Only administrators with global
access can configure and manage the file quarantine, view the virus list, and configure the
grayware list. For details, see “Using virtual domains” on page 103.
This section describes:
• Order of operations
• Antivirus tasks
• Antivirus settings and controls
• File Filter
• File Quarantine
• Viewing the virus database information
• Viewing and configuring the grayware list
• Antivirus CLI configuration
Order of operations
Antivirus scanning function includes various modules and engines that perform separate
tasks. The FortiGate unit performs antivirus processing in the following order:
• File size
• File pattern
• File type
• Virus scan
• Grayware
• Heuristics
If a file fails any of the tasks of the antivirus scan, no further scans are performed. For
example, if the file “fakefile.EXE” is recognized as a blocked pattern, the FortiGate unit will
send the end user a replacement message and the file will be deleted or quarantined. The
virus scan, grayware, heuristics, and file type scans will not be performed as the file is
already been determined to be a threat and has been dealt with.
Note: File filter includes file pattern and file type scans which are applied at different stages
in the antivirus process.
To Next Page
Loading...