Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
khoo
New Contributor

antivirus keep detecting unknown virus/botnet

We using 100D, at last week , out of sudden the antivirus keep detecting unknown virus/botnet cause the firewall block all internet access, and we notice the antivirus keep updating the definition therefore we change the antivirus become monitor only, now the antivirus update running each 10 minutes but the antivirus still detecting unknown. Is there anyway to solve the issue?

33 REPLIES 33
zaskar
New Contributor

I have the same problem with 80C FortiOs 5.2.2

Many legitimate mails blocked as false positives with unknown virus.

Had to switch AV profile to monitor until Assistance will reply to my ticket (submitted Dec, 15th and no answer yet)

inspection-mode is proxy

AV euristic mode is disable

 

any ideas?

 

zaskarThanks --------------------------------------------- Marco Scala Fortigate-200 2.80,build489,051027

zaskarThanks --------------------------------------------- Marco Scala Fortigate-200 2.80,build489,051027
namitguy
New Contributor

I'm seeing the exact same behaviour at one of my customers running a Fortigate 90D / 5.2.2.  Also patiently waiting for TAC to pick up the case...

marcelo_malara
New Contributor

Same behaviour. Config is two 80C in active-active cluster, firmware 5.2.1 as one of them does not support 5.2.2.

 

 

khoo
New Contributor

seem fortinet no support for this, no admin to view and reply.

ljanos
New Contributor

I've the same problem with 2 FGT110C in an active-active cluster, 5.2.2 OS. TAC case is ongoing, so far I received a possible bug id : 0228168

blong
New Contributor

Anyone ever get an resolution to this? On my 90d running 5.2.2 this just started happening. Although we were on christmas break for a couple weeks so really could have happened about the same time yours all did. it looks like on mine something happened to the av engine it reports being version 0.00000 (Updated 2001-01-01 via Manual Update) updated instead of 5.00159 (Updated 2014-10-22 via Manual Update). tried manual update no luck.

namitguy
New Contributor

We're still working with TAC on this - will update the thread as soon as we receive a fix.  In the meantime do a log a ticket and quote the above-mentioned bug id.  Keep us posted!

 

blong wrote:

Anyone ever get an resolution to this? On my 90d running 5.2.2 this just started happening. Although we were on christmas break for a couple weeks so really could have happened about the same time yours all did. it looks like on mine something happened to the av engine it reports being version 0.00000 (Updated 2001-01-01 via Manual Update) updated instead of 5.00159 (Updated 2014-10-22 via Manual Update). tried manual update no luck.

Christopher_McMullan

Where does it indicate 0.000... for the version? Sometimes, if you use the Extended, Extreme, or Flow-Based database instead of Regular, Regular will appear with no version (or all zeros), but the database you're using will display the proper version.

 

From the CLI, try running 'di auto ver' and scan through the entries, to see if it's as I described for you.

Regards, Chris McMullan Fortinet Ottawa

blong
New Contributor

I was looking at the version under system -> Config -> Fortiguard. In my case I just went ahead and reloaded the same firmware Which seemed to fix the av engine for now.

Top Kudoed Authors