File Quarantine
AntiVirus
FortiGate Version 4.0 Administration Guide
448
01-400-89802-20090424
Viewing the AutoSubmit list
If the FortiGate unit has a local hard disk, you can configure the FortiGate unit to upload
suspicious files automatically to Fortinet for analysis. You can add file patterns to the
AutoSubmit list using wildcard characters (* or ?). File patterns are applied for AutoSubmit
regardless of file blocking settings.
Upload files to Fortinet based on status (blocked or heuristics), or submit individual files
directly from the file quarantine. The FortiGate unit uses encrypted email to autosubmit
files to an SMTP server through port 25.
To view the AutoSubmit list, go to
UTM > AntiVirus > AutoSubmit
.
The autosubmit feature is not available on the FortiGate models without a local hard disk.
Figure 282: Sample AutoSubmit list
AutoSubmit list has the following icons and features:
Status
The reason the file was quarantined:
infected
,
heuristics
, or
blocked
.
Status
Description
Specific information related to the status, for example, “File is infected with
“W32/Klez.h”” or “File was stopped by file block pattern.”
DC
Duplicate count. A count of how many duplicates of the same file were
quarantined. A rapidly increasing number can indicate a virus outbreak.
TTL
Time to live in the format hh:mm. When the TTL elapses, the FortiGate unit
labels the file as EXP under the TTL heading. In the case of duplicate files, each
duplicate found refreshes the TTL.
The TTL information is not available if the files are quarantined on a
FortiAnalyzer unit.
Upload status
Y
indicates the file has been uploaded to Fortinet for analysis,
N
indicates the
file has not been uploaded.
This option is available only if the FortiGate unit has a local hard disk.
Download icon
Select to download the corresponding file in its original format.
This option is available only if the FortiGate unit has a local hard disk.
Submit icon
Select to upload a suspicious file to Fortinet for analysis.
This option is available only if the FortiGate unit has a local hard disk.
Note:
Duplicates of files (based on the checksum) are not stored, only counted. The TTL
value and the duplicate count are updated each time a duplicate of a file is found.
Create New
Select to add a new file pattern to the AutoSubmit list.
File Pattern
The current list of file patterns that will be automatically uploaded. Create a
pattern by using ? or * wildcard characters. Enable the check box to enable all
file patterns in the list.
Delete icon
Select to remove the entry from the list.
Edit icon
Select to edit the following information: File Pattern and Enable.
Summary of Contents for Gate 60D
Page 705: ...www fortinet com...
Page 706: ...www fortinet com...