System Config
Replacement messages
FortiGate Version 4.0 Administration Guide
01-400-89802-20090424
197
•
•
NAC quarantine replacement messages
•
Mail replacement messages
The FortiGate unit sends the mail replacement messages listed in
to email
clients and servers using IMAP, POP3, or SMTP when an event occurs such as antivirus
blocking a file attached to an email that contains a virus. Email replacement messages are
text messages.
If the FortiGate unit supports SSL content scanning and inspection these replacement
messages can also be added to IMAPS, POP3S, and SMTPS email messages.
HTTP replacement messages
The FortiGate unit sends the HTTP replacement messages listed in
to web
browsers using the HTTP protocol when an event occurs such as antivirus blocking a file
that contains a virus in an HTTP session. HTTP replacement messages are HTML pages.
Table 28: Mail replacement messages
Message name Description
Virus message
Antivirus
Virus Scan
enabled for an email protocol in a protection profile deletes
a infected file from an email message and replaces the file with this message.
File block
message
When the antivirus
File Filter
enabled for an email protocol in a protection profile
deletes a file that matches an entry in the selected file filter list, the file is blocked
and the email is replaced with this message.
Oversized file
message
When the antivirus
Oversized File/Email
is set to
Block
for an email protocol in a
protection profile and removes an oversized file from an email message, the file
is replaced with this message.
Fragmented
email
In a protection profile, antivirus
Pass Fragmented Emails
is not enabled so a
fragmented email is blocked. This message replaces the first fragment of the
fragmented email.
Data leak
prevention
message
In a DLP sensor, a rule with action set to
Block
replaces a blocked email
message with this message.
Subject of data
leak prevention
message
This message is added to the subject field of all email messages replaced by the
DLP sensor
Block
,
Ban
,
Ban Sender
,
Quarantine IP address
, and
Quarantine
interface
actions.
Banned by data
leak prevention
message
In a DLP sensor, a rule with action set to
Ban
replaces a blocked email message
with this message. This message also replaces any additional email messages
that the banned user sends until they are removed from the banned user list.
Sender banned
by data leak
prevention
message
In a DLP sensor, a rule with action set to
Ban Sender
replaces a blocked email
message with this message. This message also replaces any additional email
messages that the banned user sends until the user is removed from the banned
user list.
Virus message
(splice mode)
Splice mode is enabled and the antivirus system detects a virus in an SMTP
email message. The FortiGate unit aborts the SMTP session and returns a 554
SMTP error message to the sender that includes this replacement message.
File block
message (splice
mode)
Splice mode is enabled and the antivirus file filter deleted a file from an SMTP
email message. The FortiGate unit aborts the SMTP session and returns a 554
SMTP error message to the sender that includes this replacement message.
Oversized file
message (splice
mode)
Splice mode is enabled and antivirus
Oversized File/Email
set to
Block
and the
FortiGate unit blocks an oversize SMTP email message. The FortiGate unit
aborts the SMTP session and returns a 554 SMTP error message to the sender
that includes this replacement message.
Summary of Contents for Gate 60D
Page 705: ...www fortinet com...
Page 706: ...www fortinet com...