Hi,
I have attached Antivirus filter to the policy and trying to test if filter is applied correctly by downloading http://www.eicar.org/download/eicar_com.zip file but looks like the file is getting downloaded without any issue. Below is the sample configuration. I tried both, proxy and flow based configurations but no luck. I am using FG version 5.2.1. Please advice what could be the issue. I remember it was working with 5.0.x with same configuration.
config antivirus profile
edit "DEFAULT"
set comment "DEFAULT"
set inspection-mode proxy
set scan-botnet-connections disable
config http
set options scan
end
config ftp
set options scan
end
config imap
set options scan
end
config pop3
set options scan
end
config smtp
set options scan
end
config mapi
set options scan
end
next
end
Can you please let me know how to check oversized threshold configuration?
BTW, eicar.zip is only a few kb file. From the traffic logs, I could also see that policy does not scan the file.
PaulM1114 wrote:Did you check the file size compared to the configured oversized threshold size?
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.