New Member

Question

Exclude file from AV scanner

Forum|Forum|11 years ago
September 9, 2014
5 replies
20967 views

Hi guys, Is there a way to exclude certain files from being scanned by the FGT AV? thanks theG

Christopher_McMullan

Staff

This is based on FortiOS v5.0, but the syntax looks the same in v5.2. It' s reasonably safe to assume the syntax reaches back into 4.3 and beyond. You can configure a blacklist or whitelist per-profile for AV, and apply it based on file pattern or file type: config antivirus profile edit <profile_name> set analytics-wl-filetype <filepattern_list_int> ... end config dlp filepattern edit <filepattern_list_int> set name <list_name_str> config entries edit <filepattern_str> set file-type ... set filter-type {pattern | type} end end File pattern means the file' s name. File type would require the FortiGate to try and determine what kind of file is being scanned based on its contents. In the case of file pattern, the name you give to the entry in quotation marks, i.e., edit " allowedfile.zip" will be what the FortiGate looks for. This is covered in pp. 58 and 77-78 in the CLI Reference Guide for OS 5.0. (http://docs.fortinet.com/uploaded/files/800/fortigate-cli-50.pdf)

AndreaSoliva

New Member

Hi this possibility is under 5.2.1 not anymore given event the command " config dlp filepattern" still exists. The command which was gone is " analytics-[wl | bl[-filetype" . From my point ov view is the command " config dlp filepattern" going to nirvana because the lists are not anymore useable within the dlp sensor! This is for 5.2.1 under 5.2.0 this was still possible! have fun Andrea

Christopher_McMullan

Staff

I can confirm the command is still available to me on a FGT60C running 5.2.1. Could you show the CLI output from attempting to add a DLP filepattern as a WL to the A/V profile? Or a screenshot?

AndreaSoliva

New Member

Hi I have a 60D which is still configured or was with this function this means: config antivirus profile edit <profile_name> set analytics-wl-filetype <filepattern_list_int> ... end config dlp filepattern edit <filepattern_list_int> set name <list_name_str> config entries edit <filepattern_str> set file-type ... set filter-type {pattern | type} end end I upgraded to 5.2.1 and no I see the filepatterns which I created under 5.2.0 but under antivirus the command: set analytics-wl-filetype <filepattern_list_int> set analytics-bl-filetype <filepattern_list_int> is not anymore available. This the reason I told not anymore available. It can be a bug under 60D which would not wonder me! hope this helps have fun Andrea

Christopher_McMullan

Staff

It looks like something specific to the 60D, you' re right. I can still see the option on my 60C. On the 60D it looks more tightly tied to ftgd-analytics than it had been before, since on my lab 60D running 5.2.1, the analytics-bl... options only appeared after specifying: set ftgd-analytics {suspicious | everything}.

AndreaSoliva

New Member

Hi many thanks for the hint...if I set " ftgd-analytics" so suspicious I see again the two options for bl and wl. It seems that within the upgrade there was something going wroing. From this point of view the options on the 60D are back. Again many thanks for the hint :-) have fun Andrea

hklb

Visitor III

Hi,

It's an old topic, but I search how to whitelist an extension for AV scanning (all AV scanning).. Is this feature works or it's only for sandboxing ?

The help showss :

analytics-wl-filetype Do not submit files matching this file-pattern table to the FortiSandbox.

analytics-bl-filetype Only submit files matching this file-pattern table to the FortiSandbox.

Lucas

Mantiakapra

New Member

Hello,

Have FortiGate 100E with FortiOS 6.0.2 GA. But there is no command set file-type.

Also have FortiWiFi 90D with 6.0.2 OS, and set file-type is correct comand. Where did we failed?

Attach jpeg with output.

Thanks,

Anatoliy Kim

image001.jpg

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded