Content Disarm and reconstruction

Forum|Forum|7 years ago
April 8, 2019
2 replies
18217 views

when we enable content and disarm in antivirus getting error when applied to a policy "value conflicts with system settings" with fortiOS 6.0.4 and 6.2

Markus

New Member

This has helped me

https://cookbook.fortinet.com/content-disarm-reconstruction-60/

Good Luck

Alivo__FTNT

Staff

Hello, The message you receive when attempting to enable Content Disarm and Reconstruction on the AntiVirus profile, is because the Proxy Options settings in the CLI Console have splice and clientcomfort on CDR-supported protocols enabled. To fix it please do: config firewall profile-protocol-options edit custom-default config smtp unset options splice next config http unset options clientcomfort next end end You should also confirm the AntiVirus profile’s protocol settings under config antivirus profile: ensure that set options scan is enabled on CDR-supported protocols if set options av-monitor is configured on a CDR-supported protocol , it overrides the config content-disarm detect-only setting (and CDR will not occur) CDR supported protocols are: http smtp imap pop3

I hope this helps Alivo

dbaddorf

New Member

With 6.0.4 I too am having the problem where when I try to enable "Content Disarm and Reconstruction" in the Security Profiles - AntiVirus, I get the message: "Value conflicts with system settings". This is when logged into the Global VDOM. (The root VDOM didn't give me an Apply button to save changes so I'm assuming that I need to be in the Global VDOM).

I tried to follow the instructions from Alivo which didn't work exactly. I can't use the "config firewall profile-protocol-options" for the "config global". I need to be in my root VDOM. But even from here after I removed splice from SMTP (and I didn't see clientcomfort anywhere) I couldn't enable the "Content Disarm and Reconstruction" in the GUI.

Here are my settings for the root VDOM:

config firewall profile-protocol-options edit "default" set comment "All services." config http set ports 80 unset options unset post-lang end config ftp set ports 21 set options splice end config imap set ports 143 set options fragmail end config mapi set ports 135 set options fragmail end config pop3 set ports 110 set options fragmail end config smtp set ports 25 set options fragmail splice end config nntp set ports 119 set options splice end config dns set ports 53 end next edit "custom-default" set comment "All default services." config http set ports 80 unset options unset post-lang end config ftp set ports 21 set options splice end config imap set ports 143 set options fragmail end config mapi set ports 135 set options fragmail end config pop3 set ports 110 set options fragmail end config smtp set ports 25 set options fragmail end config nntp set ports 119 set options splice end config dns set ports 53 end next end

Any idea of how I can enable "Content Disarm and Reconstruction" for my root VDOM?

Thanks!

JulJameson

New Member

most likely you need to add an exception

jim3cantos

Explorer

JulJameson wrote:
most likely you need to add an exception

Add an exception where?

It seems that CDR is not production ready (at least in 6.0.7). The problem I indicated above is indeed a bug (confirmed by Support) and there are more. For example, if you activate CDR only for Office files, it keeps disarming PDF files (or at least it says so in the log).

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded