Hi!
I recently deployed new FortiGuard unit at customer site and I have problem with Antivirus profile.
Users uses POP3 email clients connecting to external email server. Those connection are under control of Antivirus security profile, which block any detected viruses. So far so good.
The problem arises when an message with virus is delivered to user mailbox (among many other, normal, harmless messages).
When user's email client check his mailbox on the server for new messages, it will try to download all new messages, among which there is also an infected one. And then FortiGuard detect it and block connection. Ok, after all it is intended purpose of AV profile. But now, user is unable to download ANY messages (also clean ones), until I either infected message is somehow removed from server or until I will disable AV profile.
Currently I have modified AV profile for email clients not to block detected viruses, but instead only log this fact, but it defeats purpose of using FortiGuard and AV profiles.
What could be done to block infected messages in this situation, but allow all clean ones?
Thank you for any suggestion.
elk
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1733 | |
1106 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.