Skip to main content
Robert_Cerny
Robert_Cerny
New Member
February 13, 2020
Question

How to prevent virus to be copied from SMB share

  • February 13, 2020
  • 1 reply
  • 8328 views

Hi,

I stored an eicar.txt file on the samba share (Windows 2080 R2 Server) and tried to copy it to my mac and it was copied without issues. Server and my test mac are connected using IPSec through two FGs, both ends have AV scanning on. Why wasn't the test file caught?

 

Thanks

Robert

    1 reply

    tanr
    tanr
    New Member
    February 13, 2020

    Have you configures for CIFS/SMB/SAMBA virus scanning per https://docs.fortinet.com/document/fortigate/6.0.0/handbook/488541/windows-file-sharing-cifs?

     

    Note that this only works for flow based.

     

     

    Robert_Cerny
    Robert_CernyAuthor
    New Member
    February 13, 2020

    Actually it's CIFS not samba in the newest FortiOS but yes, I have it enabled and the correct AV profile assigned to firewall rule. Inspection mode is Flow based. Could the IPSec make the difference? 

    tanr
    tanr
    New Member
    February 13, 2020

    It looks like CIFS filtering changed in 6.2.  We're not on 6.2, but the 6.2 docs have two sections:

     

    https://docs.fortinet.com/document/fortigate/6.2.0/cookbook/186160/cifs-support

    https://docs.fortinet.com/document/fortigate/6.2.0/new-features/409833/cifs-support

     

    These imply that now CIFS filtering requires proxy mode instead of flow, a separate cifs-profile, and a domain controller if CIFS traffic is encrypted.

     

    Be interested to hear if this works in 6.2 if you change to proxy, as we have this set up for flow in 6.0.

    Terms & ConditionsAccessibility statement