MMS virus scanning

MMS notifications

MMS notifications enable you to customize notifications for many different situations and differently for all the supported MMS message protocols — MM1, MM3, MM4, and MM7.

MMS notification types include:

  • Content Filter
  • File Block
  • Carrier Endpoint Block
  • Flood
  • Duplicate
  • MMS Content Checksum
  • Virus Scan

Day of Week, Window start time and Window Duration define what days and what time of day alert notifications will be sent. This allows you to control what alerts are sent on weekends. It also lets you control when to start sending notifications each day. This can be useful if system maintenance is performed at the same time each night — you might want to start alert notifications after maintenance has completed. Another reason to limit the time alert messages are sent could be to limit message traffic to business hours.

 

Notifications screen for FortiOS Carrier MMS Profile

For MMS Notification options, see MMS Notifications.

 

Replacement messages

FortiGate units send replacement messages when messages or content is blocked, quarantined, or otherwise diverted from the receiver. In it’s place a message is sent to notify the receiver what happened.

With FortiOS Carrier MMS replacement messages, send and receive message types are supported separately and receive their own custom replacement messages. This allows the network to potentially notify both the sender and reciever of the problem.

For example the replacement message MM1 send-req file block message is sent to the device that sent one or more files that were banned. The default message that is sent is This device has sent %%NUM_ MSG%% messages containing banned files in the last %%DURATION%% hours. The two variables are replaced by the appropriate values.

Replacement messages are not as detailed or specific as MMS notifications, but they are also not as complicated to configure. They are also useful when content has been removed from an MMS message that was still delivered.

 

Logging and reporting

With each virus infection, or file block, a syslog message is generated. The format of this syslog message is similar to:

2005-09-22 19:15:47 deviceid=FGT5001ABCDEF1234 logid=0211060ABC type=virus subtype=infected level=warning src=10.1.2.3 dst=10.2.3.4 srcintf=port1 dstintf=port2 service=mm1 status=blocked from=”<sending MSISDN>” to=”<receiving MSISDN>” file=”eicar.com.txt” virus=”EICAR_TEST_FILE” msg=”The file eicar.com.txt is infected with EICAR_TEST_FILE. ref http://www.fortinet.com/VirusEncyclopedia/search/encyclopediaSearch.do?method=quickSea rchDirectly&virusName=EICAR_TEST_FILE”

Note that the from and to fields are samples and not real values.

This entry was posted in FortiOS 5.4 Handbook on by .

About Mike

Michael Pruett, CISSP has a wide range of cyber-security and network engineering expertise. The plethora of vendors that resell hardware but have zero engineering knowledge resulting in the wrong hardware or configuration being deployed is a major pet peeve of Michael's. This site was started in an effort to spread information while providing the option of quality consulting services at a much lower price than Fortinet Professional Services. Owns PacketLlama.Com (Fortinet Hardware Sales) and Office Of The CISO, LLC (Cybersecurity consulting firm).

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.