We using 100D, at last week , out of sudden the antivirus keep detecting unknown virus/botnet cause the firewall block all internet access, and we notice the antivirus keep updating the definition therefore we change the antivirus become monitor only, now the antivirus update running each 10 minutes but the antivirus still detecting unknown. Is there anyway to solve the issue?
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
I have the same problem with 80C FortiOs 5.2.2
Many legitimate mails blocked as false positives with unknown virus.
Had to switch AV profile to monitor until Assistance will reply to my ticket (submitted Dec, 15th and no answer yet)
inspection-mode is proxy
AV euristic mode is disable
any ideas?
zaskarThanks --------------------------------------------- Marco Scala Fortigate-200 2.80,build489,051027
I'm seeing the exact same behaviour at one of my customers running a Fortigate 90D / 5.2.2. Also patiently waiting for TAC to pick up the case...
Same behaviour. Config is two 80C in active-active cluster, firmware 5.2.1 as one of them does not support 5.2.2.
seem fortinet no support for this, no admin to view and reply.
I've the same problem with 2 FGT110C in an active-active cluster, 5.2.2 OS. TAC case is ongoing, so far I received a possible bug id : 0228168
Anyone ever get an resolution to this? On my 90d running 5.2.2 this just started happening. Although we were on christmas break for a couple weeks so really could have happened about the same time yours all did. it looks like on mine something happened to the av engine it reports being version 0.00000 (Updated 2001-01-01 via Manual Update) updated instead of 5.00159 (Updated 2014-10-22 via Manual Update). tried manual update no luck.
We're still working with TAC on this - will update the thread as soon as we receive a fix. In the meantime do a log a ticket and quote the above-mentioned bug id. Keep us posted!
blong wrote:Anyone ever get an resolution to this? On my 90d running 5.2.2 this just started happening. Although we were on christmas break for a couple weeks so really could have happened about the same time yours all did. it looks like on mine something happened to the av engine it reports being version 0.00000 (Updated 2001-01-01 via Manual Update) updated instead of 5.00159 (Updated 2014-10-22 via Manual Update). tried manual update no luck.
Where does it indicate 0.000... for the version? Sometimes, if you use the Extended, Extreme, or Flow-Based database instead of Regular, Regular will appear with no version (or all zeros), but the database you're using will display the proper version.
From the CLI, try running 'di auto ver' and scan through the entries, to see if it's as I described for you.
Regards, Chris McMullan Fortinet Ottawa
I was looking at the version under system -> Config -> Fortiguard. In my case I just went ahead and reloaded the same firmware Which seemed to fix the av engine for now.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1645 | |
1070 | |
751 | |
443 | |
210 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.