Quarantined Files List Options - Fortinet FortiGate FortiGate-1000A Administration Manual
Fortinet fortigate fortigate-1000a: user guide
Hide thumbs
Also See for FortiGate FortiGate-1000A:
- Install manual (58 pages) ,
- Quick start manual (2 pages) ,
- Administration manual (458 pages)
Table of Contents
Advertisement
Antivirus
Quarantined files list options
FortiGate-1000A/FA2 Administration Guide
Figure 160:Sample quarantined files list
The quarantined files list has the following features and displays the following
information about each quarantined file:
Apply
Select Apply to apply the sorting and filtering selections to the quarantined
files list.
Sort by:
Sort the list. Choose from: status, service, file name, date, TTL, or duplicate
count. Click apply to complete the sort.
Filter:
Filter the list. Choose from status (infected, blocked, or heuristics) or
service (IMAP, POP3, SMTP, FTP, or HTTP). Click apply to complete the
filtering. Heuristics mode is configurable through the CLI only. See
configuration" on page
File Name
The processed file name of the quarantined file. When a file is quarantined,
all spaces are removed from the file name, and a 32-bit checksum is
performed on the file. The file is stored on the FortiGate hard disk with the
following naming convention: <32bit CRC>.<processed filename>
For example, a file named Over Size.exe is stored as
3fc155d2.oversize.exe.
For the US Domestic distribution, when the FortiGate unit quarantines files
from an SMTP email the file name of the quarantined file is changed to a
system generated file name. The system generated file name consists of
the name of the of the sender email address and the name of the receiver
email address separated with an underscore. The system generated file
name does not include a file name extension. For example, if the file
test.doc was quarantined in an email being sent from user@address.com
to info@fortinet.com the file name of the quarantined file would be
user_info.
Date
The date and time that the file was quarantined, in the format dd/mm/yyyy
hh:mm. This value indicates the time that the first file was quarantined if the
duplicate count increases.
Service
The service from which the file was quarantined (HTTP, FTP, IMAP, POP3,
SMTP).
Status
The reason the file was quarantined: infected, heuristics, or blocked.
Status
Specific information related to the status, for example, "File is infected with
"W32/Klez.h"" or "File was stopped by file block pattern."
Description
DC
Duplicate count. A count of how many duplicates of the same file were
quarantined. A rapidly increasing number can indicate a virus outbreak.
TTL
Time to live in the format hh:mm. When the TTL elapses, the FortiGate unit
labels the file as EXP under the TTL heading. In the case of duplicate files,
each duplicate found refreshes the TTL.
Upload status
Y indicates the file has been uploaded to Fortinet for analysis, N indicates
the file has not been uploaded.
The Delete icon.
01-28011-0254-20051115
317.
Quarantine
"CLI
311
Advertisement
Table of Contents
