Skip to main content
usmansa1
usmansa1
Visitor III
October 22, 2024
Question

Questions regarding antivirus profile ?

  • October 22, 2024
  • 2 replies
  • 1563 views

Hi, 

 

I was reading the FortiGate antivirus topic from Fortinet website. Also I tested them in my test environment by downloading the file from ecior.org. What I found, until or unless you don't use SSL/SSH decryption profile, this antivirus profile is  helpless which means that unless or until we don't do the SSL decryption the encrypted files cant be scanned. Is this correct assumption ? Moreover, can any one please help me to point in right direction that where can I find more information about CPRL ?

2 replies

akileshc
Staff
akileshc
Staff
October 22, 2024

Hello, 

Yes, your understanding is correct. In order for the FortiGate antivirus profile to scan encrypted files, SSL/SSH decryption must be enabled to decrypt the traffic for inspection. Without decryption, the antivirus profile cannot scan encrypted files for viruses and malware.

You can access the FortiOS documents to understand the requirement and test cases:

https://docs.fortinet.com/document/fortigate/7.6.0/administration-guide/315155/testing-an-antivirus-profile 

 https://docs.fortinet.com/document/fortigate/7.6.0/administration-guide/122078/deep-inspection

    usmansa1
    usmansa1Author
    Visitor III
    October 26, 2024

    hey mate, what about CPRL ?

    akileshc
    Staff
    akileshc
    Staff
    October 27, 2024

    Hi Usman,

    The FortiGuard Antivirus Service uses Content Pattern Recognition Language (CPRL) to boost both the accuracy and speed of threat detection, going beyond what traditional signature-based methods can offer, especially for more sophisticated threats. Deep inspection is necessary for CPRL to thoroughly analyze encrypted and application-layer traffic.

     

    https://docs.fortinet.com/document/fortigate/7.6.0/administration-guide/610527/antivirus-techniques 

     

     

    Terms & ConditionsAccessibility statement