Mail Replacement Messages; Http Replacement Messages - Fortinet FortiGate Series Administration Manual

Replacement messages

Mail replacement messages

HTTP replacement messages

254
The FortiGate unit sends the mail replacement messages listed in
clients and servers using IMAP, POP3, or SMTP when an event occurs such as antivirus
blocking a file attached to an email that contains a virus. Email replacement messages are
text messages.
If the FortiGate unit supports SSL content scanning and inspection these replacement
messages can also be added to IMAPS, POP3S, and SMTPS email messages.
Table 29: Mail replacement messages
Message name Description
Virus message Antivirus Virus Scan enabled for an email protocol in a protection profile deletes
a infected file from an email message and replaces the file with this message.
File block When the antivirus File Filter enabled for an email protocol in a protection profile
message deletes a file that matches an entry in the selected file filter list, the file is blocked
and the email is replaced with this message.
Oversized file When the antivirus Oversized File/Email is set to Block for an email protocol in a
message protection profile and removes an oversized file from an email message, the file
is replaced with this message.
Fragmented In a protection profile, antivirus Pass Fragmented Emails is not enabled so a
email fragmented email is blocked. This message replaces the first fragment of the
fragmented email.
Data leak In a DLP sensor, a rule with action set to Block replaces a blocked email
prevention message with this message.
message
Subject of data This message is added to the subject field of all email messages replaced by the
leak prevention DLP sensor Block, Ban, Ban Sender, Quarantine IP address, and Quarantine
message interface actions.
Banned by data In a DLP sensor, a rule with action set to Ban replaces a blocked email message
leak prevention with this message. This message also replaces any additional email messages
message that the banned user sends until they are removed from the banned user list.
Sender banned In a DLP sensor, a rule with action set to Ban Sender replaces a blocked email
by data leak message with this message. This message also replaces any additional email
prevention messages that the banned user sends until the user is removed from the banned
message user list.
Virus message Splice mode is enabled and the antivirus system detects a virus in an SMTP
(splice mode) email message. The FortiGate unit aborts the SMTP session and returns a 554
SMTP error message to the sender that includes this replacement message.
File block Splice mode is enabled and the antivirus file filter deleted a file from an SMTP
message (splice email message. The FortiGate unit aborts the SMTP session and returns a 554
mode) SMTP error message to the sender that includes this replacement message.
Oversized file Splice mode is enabled and antivirus Oversized File/Email set to Block and the
message (splice FortiGate unit blocks an oversize SMTP email message. The FortiGate unit
mode) aborts the SMTP session and returns a 554 SMTP error message to the sender
that includes this replacement message.
The FortiGate unit sends the HTTP replacement messages listed in
browsers using the HTTP protocol when an event occurs such as antivirus blocking a file
that contains a virus in an HTTP session. HTTP replacement messages are HTML pages.
If the FortiGate unit supports SSL content scanning and inspection and if Protocol
Recognition > HTTPS Content Filtering Mode is set to Deep Scan in the protection profile,
these replacement messages can also replace web pages downloaded using the HTTPS
protocol.
Table 29
Table 30
FortiGate Version 4.0 MR1 Administration Guide
01-410-89802-20090903
http://docs.fortinet.com/
System Config
to email
to web
• Feedback