Hi Rajan. Welcome to the forums. As you are new, I suggest checking out the FortiGate Cookbook section, as well the other sections. The attached screenshot gives a very basic example (i.e. far from perfect) set up of email spam filter/virus protection (under 5.0). (Note the example is using the default proxy mode rather than Flow-based.) Step 1. Create an AntiVrus Profile, check off the email ports you want scanned Step 2. Create an Email Filter Profile, check the options you want, but suggest just starting with the defaults then tweak these settings later Step 3. Create a firewall policy (or edit an existing one covering your email traffic) from your internal interface/all (or from your mail server' s IP addres) to your WAN connection, check off NAT (if needed), enable Security Profiles, check AntiVirus and Email FIlter, using the profiles you created in step 1 and 2. Move the new firewall policy up in the firewall list so it is triggered. If your company is running an email server, I suggest also creating/applying an IPS profile to that kind of traffic.