Unlock Exclusive Benefits
Join Our Community Today!
Join our community and post in the forum to earn your exclusive Holiday badge! Become a member today!
LOGIN/REGISTER
CONTINUE AS A GUEST
- Support Forum
- Knowledge Base
- Customer Service
- Internal Article Nominations
- FortiGate
- FortiClient
- FortiAP
- FortiAnalyzer
- FortiADC
- FortiAuthenticator
- FortiBridge
- FortiCache
- FortiCarrier
- FortiCASB
- FortiConnect
- FortiConverter
- FortiCNP
- FortiDAST
- FortiDDoS
- FortiDB
- FortiDNS
- FortiDLP
- FortiDevSec
- FortiDeceptor
- FortiDirector
- FortiEDR
- FortiExtender
- FortiGate Cloud
- FortiHypervisor
- FortiGuard
- FortiInsight
- FortiIsolator
- FortiMail
- FortiMonitor
- FortiManager
- FortiNAC
- FortiNAC-F
- FortiNDR (on-premise)
- FortiNDRCloud
- FortiPAM
- FortiPhish
- FortiPortal
- FortiProxy
- FortiRecon
- FortiRecorder
- FortiSRA
- FortiSandbox
- FortiSASE
- FortiScan
- FortiSIEM
- FortiSOAR
- FortiSwitch
- FortiTester
- FortiToken
- FortiVoice
- FortiWAN
- FortiWeb
- FortiAppSec Cloud
- Lacework
- Wireless Controller
- RMA Information and Announcements
- FortiCloud Products
- ZTNA
- 4D Documents
- Customer Service
- Community Groups
- Blogs
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
- Fortinet Community
- Support Forum
- RE: AV Engine cannot block virus attached in emai...
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
AV Engine cannot block virus attached in emails that sent to my email server
Hi Fortinet,
I have a rule which used for my Exchange 2013 to send and receive emails. I would like to use my Fortigate unit to protect the Exchange Server and our clients email from getting virus in their emails. That is my objective. I enabled the flow based AV profile for the rule, but it seem that it doesn' t meet my first objective. The fortigate unit can well detect virus, if I go to the Exchange Server, surf web, and purposely download a virus from http/https. But It cannot detect the virus if I attach virus in email, and send to one email address in my company. I ' m sure that my Exchange use SMTP, not SMTPS, to receive the email from outside.
Please advice me.
Much thanks to any suggestion.
=========>
=========>
Nominate a Forum Post for Knowledge Article Creation
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
4 REPLIES 4
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
First of all, what I would suggest is to turn on proxy-based AV scanning, instead of flow-based one.
The scanning engine is more accurate and also not limited to decompress only a few compressed attachment types.
Your users don' t think will miss emails if the Fortigate gets hold onto the attachment until it could fully scan it.
Do you have Fortiguard subscription to receive all the latest updates?
http://www.fortinet.com/support/fortiguard_services/antivirus.html
What is your Fortigate/FortiOS version?
How do you send emails to your users at the company. I assume the email always traverses through the Fortigate, instead of just passing the message internally from one Exchange box to the other.
If you are trying to send through some new virus that doesn' t get caught? If so then you may want to submit it to Fortiguard, so they can add the signature to the next AV update.
http://www.fortiguard.com/antivirus/submit.html
BTW, this is a group of mostly independent individuals, not an official Fortinet customer support service.
If you want to create a ticket to investigate, you can do it online or by calling their number:
http://www.fortinet.com/support/forticare_support/
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi Istvan,
Yes we have Fortiguard subscription for Antivirus, Antispam....
My Fortigate unit model is 60D/ FortiOS version is v5.2.0,build0589 (GA)
I use another company' s email system to send email to this company users. The virus sample I used, is in eicar.org. I ' m sure that Fortigate can catch the virus, not depend on flow based or proxy based mode. Fortigate control traffic from/to Exchange Server, the Fortigate box doesn' t control traffic between Exchange and clients if they sit inside the network, but control the traffic if clients are outside the Internet. Clients are using web browsers or outlook application to check their emails.
So what I have to do now? Open o support case?
Please advise.
Thanks.
=========>
=========>
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Just check first if not your 60D is using all the resources first and the AV scanning has failed open as the result.
# diagnose sys top-summary
# get sys glob | grep failopen-se
If by any chance you have ' pass' configured and the 60D is in conserve mode due to low in resources, connections bypass the antivirus system until the system enters non-conserve mode again.
That can also explain potentially why it' s unable to catch the file.
Check if the system is in conserve mode:
# diagnose hardware sysinfo shm
.........
conservemode: 0 <--------- # 0 not in conserve mode, 1 or 2 means it is.
If none of the above explains and you won' t receive any better advise here from more experienced forum users, then yes, I guess the best is to open a ticket.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
First off, Fortinet has a dedicated instrument for protecting the Mail Systems from Spam' s and viruses. " FortiMail" . So if you are looking for a high level protection for your mail system better you have to incorporate the device between your exchange server and internet.( Of Course fortigate should be there)
Or if you are simply looking for a Fortigate protection, Ideally I will do like below ( Later we will fine tune :P) - I am sure there are great genius among us in this group and they gonna help us to find out the missing points. ;P
1.Separate the Servers to another zone(DMZ) if it mixed with users network.
2. Limit only the required services to /from the Servers ( From WAN- DMZ & LAN- DMZ)
3. Create an antivirus policy with proxy option and place in both policies ( will take more resource, but more accurate than flow based)
4. Create antispam policy ( proxy) with the all available options. few options are there to use the spam detection( You can start with replaced message in header something like SPAM ( Tagged), and later you can fine tune with block( Discard), and you can eventually create a local Black White list also )
5. Create an IPS sensor to protect email server and place in both policies.
Nihas [\b]
Nihas [\b]
Announcements
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
Labels
-
FortiGate
8,729 -
FortiClient
1,771 -
5.2
801 -
FortiManager
734 -
5.4
639 -
FortiAnalyzer
562 -
FortiSwitch
476 -
FortiAP
473 -
FortiClient EMS
435 -
6.0
416 -
5.6
362 -
FortiMail
320 -
6.2
251 -
SSL-VPN
247 -
FortiAuthenticator v5.5
234 -
IPsec
210 -
Fortiweb
205 -
5.0
196 -
FortiNAC
190 -
FortiGuard
139 -
6.4
128 -
SD-WAN
115 -
FortiAuthenticator
104 -
FortiGateCloud
102 -
FortiSIEM
99 -
FortiCloud Products
97 -
FortiToken
92 -
Firewall policy
84 -
Customer Service
80 -
Wireless Controller
79 -
4.0MR3
64 -
FortiProxy
60 -
High Availability
56 -
FortiADC
54 -
Fortivoice
53 -
FortiEDR
52 -
vlan
52 -
ZTNA
49 -
Routing
47 -
FortiExtender
45 -
FortiSandbox
44 -
DNS
43 -
FortiDNS
42 -
LDAP
42 -
BGP
40 -
Authentication
38 -
FortiGate v5.4
35 -
SAML
35 -
NAT
35 -
Certificate
35 -
FortiSwitch v6.4
34 -
RADIUS
34 -
SSO
33 -
Interface
31 -
FortiConnect
30 -
VDOM
30 -
FortiLink
29 -
FortiWAN
27 -
Application control
27 -
Web profile
27 -
FortiConverter
25 -
Logging
25 -
Virtual IP
25 -
FortiGate v5.2
24 -
SSL SSH inspection
23 -
FortiPAM
22 -
Fortigate Cloud
20 -
FortiSwitch v6.2
19 -
FortiPortal
19 -
FortiMonitor
18 -
FortiGate-VM
17 -
Traffic shaping
17 -
WAN optimization
16 -
FortiDDoS
15 -
OSPF
15 -
SSID
15 -
Automation
15 -
FortiGate v5.0
14 -
FortiSoar
14 -
Static route
14 -
System settings
14 -
Web application firewall profile
14 -
IP address management - IPAM
14 -
SNMP
13 -
FortiCASB
12 -
Admin
12 -
FortiManager v5.0
11 -
FortiRecorder
11 -
Security profile
11 -
FortiManager v4.0
10 -
FortiBridge
10 -
IPS signature
10 -
FortiAP profile
10 -
Proxy policy
10 -
4.0MR2
9 -
FortiGate v4.0 MR3
9 -
FortiWeb v5.0
9 -
Traffic shaping policy
9 -
Intrusion prevention
9 -
FortiDeceptor
8 -
RMA Information and Announcements
8 -
Port policy
8 -
4.0
7 -
FortiAnalyzer v5.0
7 -
FortiCache
7 -
DNS filter
7 -
Antivirus profile
7 -
Fabric connector
7 -
Web rating
7 -
Fortinet Engage Partner Program
7 -
FortiToken Cloud
6 -
Explicit proxy
6 -
trunk
6 -
Packet capture
6 -
Traffic shaping profile
6 -
API
5 -
FortiTester
5 -
Users
5 -
Email filter profile
5 -
3.6
4 -
FortiCarrier
4 -
FortiScan
4 -
FortiDirector
4 -
Internet service database
4 -
Application signature
4 -
Authentication rule and scheme
4 -
DLP sensor
4 -
Netflow
4 -
Replacement messages
4 -
Cloud Management Security
4 -
FortiDB
3 -
FortiHypervisor
3 -
FortiNDR
3 -
NAC policy
3 -
DLP Dictionary
3 -
DLP profile
3 -
DoS policy
3 -
Protocol option
3 -
TACACS
3 -
SDN connector
3 -
Service
3 -
VoIP profile
3 -
Multicast routing
3 -
FortiInsight
2 -
FortiAI
2 -
Kerberos
2 -
Schedule
2 -
Multicast policy
2 -
Zone
2 -
Vulnerability Management
2 -
4.0MR1
1 -
FortiManager-VM
1 -
FortiCWP
1 -
Subscription Renewal Policy
1 -
Video Filter
1 -
ICAP profile
1
Top Kudoed Authors
| User | Count |
|---|---|
| 1721 | |
| 1098 | |
| 752 | |
| 447 | |
| 234 |
Broad. Integrated. Automated.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Security Research
Company
News & Articles
Copyright 2024 Fortinet, Inc. All Rights Reserved.