Fortinet Gate 60D - Viewing the File Quarantine List

To Next Page

To Previous Page

AntiVirus File Quarantine

FortiGate Version 4.0 Administration Guide

01-400-89802-20090424 447

http://docs.fortinet.com/ • Feedback

Viewing the File Quarantine list

The Quarantined Files list displays information about each quarantined file because of

virus infection or file blocking. Sort the files by file name, date, service, status, duplicate

count (DC), or time to live (TTL). Filter the list to view only quarantined files with a specific

status or from a specific service.

To view the Quarantined Files list, go to UTM > AntiVirus > Quarantined Files.

Figure 281: File Quarantine list

The file quarantine list displays the following information about each quarantined file:

Source Either FortiAnalyzer or Local disk, depending where you configure to

quarantined files to be stored.

Sort by Sort the list. Choose from: Status, Service, File Name, Date, TTL, or Duplicate

Count. Select Apply to complete the sort.

Filter Filter the list. Choose either Status (infected, blocked, or heuristics) or Service

(IMAP, POP3, SMTP, FTP, HTTP, IM, or NNTP). Select Apply to complete the

filtering. Heuristics mode is configurable through the CLI only. See “Antivirus CLI

configuration” on page 453.

If your FortiGate unit supports SSL content scanning and inspection Service can

also be IMAPS, POP3S, SMTPS, or HTTPS.

Apply Select to apply the sorting and filtering selections to the list of quarantined files.

Delete Select to delete the selected files.

Page Controls Use the controls to page through the list. For details, see “Using page controls

on web-based manager lists” on page 57.

Remove All

Entries

Removes all quarantined files from the local hard disk.

This icon only appears when the files are quarantined to the hard disk.

File Name The processed file name of the quarantined file. When a file is quarantined, all

spaces are removed from the file name, and a 32-bit checksum is performed on

the file. The checksum appears in the replacement message but not in the

quarantined file. The file is stored on the FortiGate hard disk with the following

naming convention:

<32bit_CRC>.<processed_filename>

For example, a file named Over Size.exe is stored as 3fc155d2.oversize.exe.

Date The date and time the file was quarantined, in the format dd/mm/yyyy hh:mm.

This value indicates the time that the first file was quarantined if the duplicate

count increases.

Service The service from which the file was quarantined (HTTP, FTP, IMAP, POP3,

SMTP, IM, NNTP, IMAPS, POP3S, SMTPS, or HTTPS).