This forum is for all security enthusiasts to discuss Fortinet's latest & evolving technologies and to connect & network with peers in the cybersecurity hemisphere. Share and learn on a broad range of topics like best practices, use cases, integrations and more. For support specific questions/resources, please visit the Support Forum or the Knowledge Base.
Do we have a list of suppported file types the AV engine will inspect?
Solved! Go to Solution.
This cookbook mainly covers compression formats for which it is almost updated. Only two changes required:
1. remove "starting with AV engine 5.6, yet to be released" as AV engine 5.6 has been official released
2. should Add CHM format which is supported since AV engine 6.0.7 which has not been official released yet.
But for all the supported file types. I think all possible malicious file types are support, some need AV engine deep paser like Windows PE, some are just covered by signatures like Power Shell script. So the following file types should be added:
*. Windows PE
*. MacOS Mach-O
* Linux ELF
*. Java Dex
*. HTML,
*. Javascript, VB script, etc
* .Net
Av engine team will maintain a supported file type list for references. I will also ask the cookbook writer for the required changes.
The document is for compression/archive support. For regular files, like Windows PE files (32-bit, 64-bit), ELF (Linux, all bitness), Mach-O (Mac OS X), Scripts (JS, VB, Perl, HTML, CSS, BAT, Shell, XML, etc), Java class files, etc.
Forgot to mention two natively supported file formats. DEX (Android) and FLASH.
AV engine has native CPRL intructions to decode and do pattern match on various parts of the relevant files.
Hi David,
could you recommend the document where all supported files are listed?
I've found this Cookbook link, but information looks a bit outdated.
Regards, Aleksey
This cookbook mainly covers compression formats for which it is almost updated. Only two changes required:
1. remove "starting with AV engine 5.6, yet to be released" as AV engine 5.6 has been official released
2. should Add CHM format which is supported since AV engine 6.0.7 which has not been official released yet.
But for all the supported file types. I think all possible malicious file types are support, some need AV engine deep paser like Windows PE, some are just covered by signatures like Power Shell script. So the following file types should be added:
*. Windows PE
*. MacOS Mach-O
* Linux ELF
*. Java Dex
*. HTML,
*. Javascript, VB script, etc
* .Net
Av engine team will maintain a supported file type list for references. I will also ask the cookbook writer for the required changes.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.