FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
gcortes1
Staff
Staff
Description
This article shows the antivirus configuration options.


Solution
The antivirus configuration has the following options:
FGT # show full-configuration antivirus settings
config antivirus settings
    set default-db extended
    set grayware enable
end
AntiVirus databases:

The antivirus scanning engine relies on a database of virus signatures to detail the unique attributes of each infection.
The antivirus scan searches for these signatures, and when one is discovered, the FortiGate unit determines the file is infected and takes action.


All FortiGate units have the normal antivirus signature database but some models have additional databases that can be selected for use, that will depend on the network and security needs.

Normal:   

Includes viruses currently spreading as determined by the FortiGuard Global Security Research Team.
These viruses are the greatest threat. The Normal database is the default selection and it is available on every FortiGate unit.


Extended:   

Includes the normal database in addition to recent viruses that are no-longer active.
These viruses may have been spreading within the last year but have since nearly or completely disappeared.


 If the FortiGate unit supports extended, extreme, or flow-based virus database definitions, select the virus database most suited to the requirement.

If the most comprehensive antivirus protection is required, enable the extended virus database.
The additional coverage comes at a cost because the extra processing requires additional resources.


To change the antivirus database:
FGT (settings) # set default-db ?
Normal: Use normal antivirus database.
Extended: Use extended antivirus database.

Grayware protection:

If the file passes the virus scan, it can be checked for grayware.

Grayware scanning is an optional function and must be enabled in the CLI if it is to be scanned for along with other malware.
Grayware cannot be scanned for on its own. While done as a separate step, antivirus scanning must be enabled as well.


 To enable or disable grayware detection, issue the following command:
FGT (settings) # set grayware ?
Enable: Enable setting.
Disable: Disable setting.

Grayware signatures are kept up to date in the same manner as the antivirus definitions.

Contributors