Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
gcortes1
Staff
Staff

Created on ‎11-01-2017 06:19 PM Edited on ‎07-29-2025 09:08 AM By Moderator

Article Id 191939

Technical Tip: Configuration options about antivirus

Description

 

This article shows the antivirus configuration options.

 

Scope

 

FortiGate.


Solution

 

The antivirus configuration has the following options:

 

FGT # show full-configuration antivirus settings
config antivirus settings
    set default-db extended
    set grayware enable
end

 

AntiVirus databases:
The antivirus scanning engine relies on a database of virus signatures to detail the unique attributes of each infection. The antivirus scan searches for these signatures, and when one is discovered, the FortiGate unit determines the file is infected and takes action.

All FortiGates have the normal antivirus signature database but some models have additional databases that can be selected for use, which will depend on the network and security needs.

Normal:   
Includes virus definitions for currently active and spreading viruses, as determined by the FortiGuard Global Security Research Team. These viruses are the greatest threat. The Normal database is the default selection, and it is available on every FortiGate unit.

Extended:   
In addition to the normal database, it includes viruses that are no longer considered active. These viruses may have been spreading within the last year, but have since been eradicated or disappeared.

If the FortiGate supports extended, extreme, or flow-based virus database definitions, select the virus database most suited to the requirement.

If the most comprehensive antivirus protection is required, enable the extended virus database. The additional coverage comes at a cost in processing resources.

To change the antivirus database: 

 

FGT (settings) # set default-db ?

 

  • Normal: Use the normal antivirus database.
  • Extended: Use extended antivirus database.

Note: Starting from FortiOS 6.4.0, this option has been removed for low-end models. For high-end models, the command has changed to 'use-extreme-db'. For more information, refer to Technical Tip: Antivirus uses extended DB by default.

 

config antivirus settings
    set use-extreme-db enable/disable 
end

 

Grayware protection:


If the file passes the virus scan, it can be checked for grayware.

Grayware scanning is an optional function and must be enabled in the CLI if it is to be scanned for, along with other malware. Grayware cannot be scanned on its own. While done as a separate step, antivirus scanning must be enabled as well.

 To enable or disable grayware detection, issue the following command:

 

FGT (settings) # set grayware ?

 

  • Enable: Enable setting.
  • Disable: Disable setting.


Grayware signatures are kept up to date in the same manner as the antivirus definitions.

9346
0 Kudos
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.