Fortiguard Antivirus; Antivirus Settings And Controls - Fortinet FortiGate Series Administration Manual

AntiVirus
File pattern
File type
Virus scan
Grayware
Heuristics

FortiGuard antivirus

Antivirus settings and controls

FortiGate Version 4.0 MR1 Administration Guide
01-410-89802-20090903
http://docs.fortinet.com/ • Feedback
Once a file is accepted, the FortiGate unit applies the file pattern recognition filter. The
FortiGate unit will check the file against the file pattern setting you have configured. If the
file is a blocked pattern, ".EXE" for example, then it is stopped and a replacement
message is sent to the end user. No other levels of protections are applied. If the file is not
a blocked pattern the next level of protection is applied.
Once a file passes the heuristic scan, the FortiGate unit applies the file type recognition
filter. The FortiGate unit will check the file against the file type setting you have configured.
If the file is a blocked type, then it is stopped and a replacement message is sent to the
end user. No other levels of protections are applied. If the file is not a blocked type, the
next level of protection is applied.
If the file passes the file pattern scan, it will have a virus scan applied to it. The virus
definitions are keep up to date through the FortiNet Distribution Network. The list is
updated on a regular basis so you do not have to wait for a firmware upgrade. For more
information on updating virus definitions, see
Once past the virus scan, the incoming file will be checked for grayware. Grayware
checking can be turned on and off as required. Grayware signatures are kept up to date
because the are included in the antivirus definitions. For more information on see
"Selecting the virus database" on page
After an incoming file has passed the grayware scan, it is subjected to the heuristics scan.
The FortiGate heuristic antivirus engine, if enabled, performs tests on the file to detect
virus-like behavior or known virus indicators. In this way, heuristic scanning may detect
new viruses, but may also produce some false positive results.
Note: Heuristics is configurable only through the CLI. See the
FortiGuard antivirus services are an excellent resource and include automatic updates of
virus and IPS (attack) engines and definitions, as well as the local spam DNSBL, through
the FortiGuard Distribution Network (FDN). The FortiGuard Center also provides the
FortiGuard antivirus virus and attack encyclopedia and the FortiGuard Bulletin. Visit the
Fortinet Knowledge Center
The connection between the FortiGate unit and FortiGuard Center is configured in
System > Maintenance > FortiGuard. See
FortiGuard subscription services" on page 323
While antivirus settings are configured for system-wide use, specific settings can be
implemented on a per profile basis.
profiles and the antivirus menu.
"FortiGuard antivirus" on page
527.
for details and a link to the FortiGuard Center.
"Configuring the FortiGate unit for FDN and
for more information.
Table 47 compares antivirus options in protection
Antivirus settings and controls
519.
FortiGate CLI Reference.
519