AntiVirus
Antivirus settings and controls
FortiGate Version 4.0 Administration Guide
01-400-89802-20090424
441
•
File pattern
Once a file is accepted, the FortiGate unit applies the file pattern recognition filter. The
FortiGate unit will check the file against the file pattern setting you have configured. If the
file is a blocked pattern, “.EXE” for example, then it is stopped and a replacement
message is sent to the end user. No other levels of protections are applied. If the file is not
a blocked pattern the next level of protection is applied.
Virus scan
If the file passes the file pattern scan, it will have a virus scan applied to it. The virus
definitions are keep up to date through the FortiNet Distribution Network. The list is
updated on a regular basis so you do not have to wait for a firmware upgrade. For more
information on updating virus definitions, see
“FortiGuard antivirus” on page 441
Grayware
Once past the virus scan, the incoming file will be checked for grayware. Grayware
configurations can be turned on and off as required and are kept up to date in the same
manner as the antivirus definitions. For more information on configuring grayware please
see
“Viewing and configuring the grayware list” on page 452
.
Heuristics
After an incoming file has passed the grayware scan, it is subjected to the heuristics scan.
The FortiGate heuristic antivirus engine, if enabled, performs tests on the file to detect
virus-like behavior or known virus indicators. In this way, heuristic scanning may detect
new viruses, but may also produce some false positive results.
File type
Once a file passes the heuristic scan, the FortiGate unit applies the file type recognition
filter. The FortiGate unit will check the file against the file type setting you have configured.
If the file is a blocked type, then it is stopped and a replacement message is sent to the
end user. No other levels of protections are applied. If the file is not a blocked type, the
next level of protection is applied.
FortiGuard antivirus
FortiGuard antivirus services are an excellent resource and include automatic updates of
virus and IPS (attack) engines and definitions, as well as the local spam DNSBL, through
the FortiGuard Distribution Network (FDN). The FortiGuard Center also provides the
FortiGuard antivirus virus and attack encyclopedia and the FortiGuard Bulletin. Visit the
for details and a link to the FortiGuard Center.
The connection between the FortiGate unit and FortiGuard Center is configured in
System > Maintenance > FortiGuard
. See
“Configuring the FortiGate unit for FDN and
FortiGuard subscription services” on page 266
for more information.
Antivirus settings and controls
While antivirus settings are configured for system-wide use, specific settings can be
implemented on a per profile basis.
Table 44
compares antivirus options in protection
profiles and the antivirus menu.
Note:
Heuristics is configurable only through the CLI. See the
.
Summary of Contents for Gate 60D
Page 705: ...www fortinet com...
Page 706: ...www fortinet com...