Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
ebuild
New Contributor

Created on ‎03-19-2016 05:08 AM

Best appraoch to test Antivirus Profile; Locky malware case

In our Fortigate 100D we enabled IMPA and POP3 profiles, but need to make sure the antivirus is working as expected, for that how one can run an attack test ?

6859
0 Kudos
2 Solutions
ede_pfau
SuperUser
SuperUser

Created on ‎03-20-2016 03:33 AM

AFAIK there is no check for 'locky' in AV. The signature is included in Application Control, 'Botnet' category.

 

And no, I don't know of any reliable source / web site where you could catch a locky trojan -

Ede Kernel panic: Aiee, killing interrupt handler!

View solution in original post

Ede Kernel panic: Aiee, killing interrupt handler!
1838
0 Kudos
netmin
Contributor II
In response to ede_pfau

Created on ‎03-20-2016 05:16 AM

To just test the AV profile setup for general functionality, the standard EICAR anti-virus test files could be used: http://www.eicar.org/85-0-Download.html - they should be detected/blocked by every AV software, so you might need to temporarily disable your local AV client, when trying to send an email containing it.

 

btw, here's another interesting site: http://metal.fortiguard.com/

View solution in original post

1838
0 Kudos
2 REPLIES 2
ede_pfau
SuperUser
SuperUser

Created on ‎03-20-2016 03:33 AM

AFAIK there is no check for 'locky' in AV. The signature is included in Application Control, 'Botnet' category.

 

And no, I don't know of any reliable source / web site where you could catch a locky trojan -

Ede Kernel panic: Aiee, killing interrupt handler!
Ede Kernel panic: Aiee, killing interrupt handler!
1839
0 Kudos
netmin
Contributor II
In response to ede_pfau

Created on ‎03-20-2016 05:16 AM

To just test the AV profile setup for general functionality, the standard EICAR anti-virus test files could be used: http://www.eicar.org/85-0-Download.html - they should be detected/blocked by every AV software, so you might need to temporarily disable your local AV client, when trying to send an email containing it.

 

btw, here's another interesting site: http://metal.fortiguard.com/

1839
0 Kudos
Announcements
Check out our Community Chatter Blog! Click here to get involved
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.