Enabling AntiVirus in Flow-mode – GUI
- Go to Security Profiles > AntiVirus.
- Choose whether you want to edit an existing profile or create a new one.
- The default profile will be the one displayed by default.
- If you are going to edit an existing profile, selecting it can be done by either using the drop down menu in the upper right hand corner of the window or by selecting the List icon (the furthest right of the 3 icons in the upper right of the window, if resembles a page with some lines on it), and then selecting the profile you want to edit from the list.
- If you need to create a new profile you can either select the Create New icon (a plus sign within a circle) or select the List icon and then select the Create New link in the upper left of the window that appears.
- If you are creating a new profile, write a name for it in the Name
- Select Quick or Full Scan Mode(see the discussion of the differences in antivirus scanning modes for more information).
- For the Detect Viruses field, select either Block to prevent infected files from passing throughout the FortiGate or Monitor to allow infected files to pass through the FortiGate but to record instances of infection.
- Under Inspected Protocols, enable the protocols you wish to be blocked or monitored.
- Under Inspection Options, you may enable the following: Treat Windows Executables in Email Attachments as Viruses and Include Mobile Malware Protection.
You may also enable the following options if you have a FortiCloud account active on your FortiGate: Send Files to FortiSandbox Cloud for Inspection and Use FortiSandbox Database.
- Select OK or Apply.
- Add the AntiVirus profile to a firewall security policy.
Enabling AntiVirus – CLI
Configure the scan option for each type of traffic you want scanned.
- Configure the AntiVirus profile config antivirus profile edit <profile_name> set comment “scan and delete virus” set replacemsg-group ” set scan-botnet-connections block set ftgd-analytics suspicious config http set options scan
end config ftp set options scan
end config imap set options scan
end config pop3 set options scan
end config smtp set options scan
end config nntp set options scan
end config smb set options scan
end
end
- Add the AntiVirus profile to the Fortigate firewall security policy. When using the CLI, you will need to know the policy ID number.
config firewall policy edit <policy ID number>
Testing your antivirus configuration
set av-profile <profile_name> set profile-protocol-options default
end
end
Overriding the AV engine file scan timeout
Overriding the AV engine file scan timeout allows the FortiGate to scan files as large as 4GB without breaking the scan.
Override the large file scan timeout value in seconds (30 – 3600). Zero is the default value and is used to disable this command. When disabled, the daemon adjusts the large file scan timeout based on the file size.
Syntax
config antivirus settings set override-timeout 0
end