FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
kyozloveyou_FTNT

Description

This article describes how to eliminate 'Check Archive scanning enabled for AV scan' in the FortiGate compliance check.
 

When compliance check is configured in System> Advanced >Compliance, it is normal to see error message of “Check Archive scanning enabled for AV scan” in the compliance logs.


Solution
The error message is due to no block for unexpected archive such as encrypted, corrupted and etc.

AV profile may be enabled to scan this with using the following command:

config antivirus profile
    edit <AV_profile>
        config http
        set options scan
        set archive-block encrypted corrupted multipart nested mailbomb unhandled
    end
end


Note: Please do note that this AV profile needed to be used on any of the policy and please do not forget to re-run the compliance test again to confirm the result.