- Forums
- Knowledge Base
- Customer Service
- Internal Article Nominations
- FortiGate
- FortiClient
- FortiAP
- FortiAnalyzer
- FortiADC
- FortiBridge
- FortiAuthenticator
- FortiCache
- FortiCarrier
- FortiCASB
- FortiConnect
- FortiConverter
- FortiCNP
- FortiDDoS
- FortiDAST
- FortiDB
- FortiDNS
- FortiDeceptor
- FortiDevSec
- FortiDirector
- FortiEDR
- FortiGate Cloud
- FortiExtender
- FortiGuard
- FortiHypervisor
- FortiInsight
- FortiIsolator
- FortiMail
- FortiMonitor
- FortiManager
- FortiNAC
- FortiNAC-F
- FortiNDR (on-premise)
- FortiNDRCloud
- FortiPAM
- FortiPortal
- FortiProxy
- FortiRecorder
- FortiRecon
- FortiSandbox
- FortiScan
- FortiSASE
- FortiSIEM
- FortiSOAR
- FortiSwitch
- FortiTester
- FortiToken
- FortiVoice
- FortiWAN
- FortiWeb
- Wireless Controller
- FortiWebCloud
- RMA Information and Announcements
- FortiCloud Products
- ZTNA
- 4D Documents
- Customer Service
- Community Groups
- Blogs
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
- Fortinet Community
- Forums
- Support Forum
- relation between oversized file and AV
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Not applicable
Created on 04-07-2009 03:54 AM
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
relation between oversized file and AV
Hi all,
I' m confused with oversized file " " pass" and " block" , and anti virus function,
if the action is Pass, then does AV check less than threshold amount or greater amount? or i' m wrong and something else would happen,
it makes me nervous,
Best,
Kamyar
14 REPLIES 14
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
the file size if the maximum size that the AV will scan. so if you are downloading a 11MB file, and you have it set to 10MB, then it will allow it through unscanned if it is set to ' pass' .
if its set to block, it will not allow you to download a file thats bigger than the setting, so this 11MB file would be blocked.
UK Based Technical Consultant
FCSE v2.5
FCSE v2.8
FCNSP v3
Specialising in Systems, Apps, SAN Storage and Networks, with over 25 Yrs IT experience.
UK Based Technical Consultant FCSE v2.5 FCSE v2.8 FCNSP v3 Specialising
in Systems, Apps, SAN Storage and Networks, with over 25 Yrs IT
experience.
Not applicable
Created on 04-07-2009 04:19 AM
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
" the file size if the maximum size that the AV will scan. so if you are downloading a 11MB file, and you have it set to 10MB, then it will allow it through unscanned if it is set to ' pass' . "
and the AV does not check the first 10 MB?
Best,
Kamyar
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
That was also my idea. Looking for more info on that.
Nick
[link]https://www.secure-it.be[/link]
[link]https://www.secure-it.be[/link]
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
The AV will not check any of a large file. Fortinet AV works by buffering the file and then performing AV functions.
If the file is too large, according to threshold, or larger that 2/3rds (I think) of the limit when compressed. It will bypass AV and the action selected will occur.
To scan part of the file is not the Fortinet way as this implies stream based AV,which is little more than IPS. The Fortigate AV is considerably more advanced than this, and includes teh ability to uncompress GZIP files and identify custom unpackers etc.
Check out http://blog.fortinet.com for some real in depth AV stuff
Still learning to type " the"
Still learning to type " the"
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Doshbass,
I think it actually depends on the way the file is served, if the file size is provided back to the client (and thus also the firewall), then it seems to see its too big and bypass the AV scanning. If the size isnt reported (which seems to be case most of the time) then it does scan the file up to the threshold.
At least, this is what i see when i test it.
UK Based Technical Consultant
FCSE v2.5
FCSE v2.8
FCNSP v3
Specialising in Systems, Apps, SAN Storage and Networks, with over 25 Yrs IT experience.
UK Based Technical Consultant FCSE v2.5 FCSE v2.8 FCNSP v3 Specialising
in Systems, Apps, SAN Storage and Networks, with over 25 Yrs IT
experience.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
ORIGINAL: UkWizard Doshbass, I think it actually depends on the way the file is served, if the file size is provided back to the client (and thus also the firewall), then it seems to see its too big and bypass the AV scanning. If the size isnt reported (which seems to be case most of the time) then it does scan the file up to the threshold. At least, this is what i see when i test it.Hi UK Wizard, what is the benefit of scan the file up to the threshold? can virus be embedded anywhere in pdf or in any files, like start, middle or end of the file or in attachement? A lot of files or patches that we have to download are way larger than the threshold 12MB, what do u suggest ? is OS 4.0 better in scanning larger file that is scalable.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I guess it may buffer, getting ready to scan, but it will not actually begin scanning until teh entire file is downloaded.
So in the case of oversized file without a known size, then buffer buffer buffer buffer too big give. Only in 1s and 0s
Oh and call me Dosh, tha bass bit is just a fomality
Still learning to type " the"
Still learning to type " the"
Not applicable
Created on 04-08-2009 03:29 AM
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
and can i increase the treshold amount (by default %10 RAM)?
if so, how many do you recommend?
Best,
kamyar
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Just did the test..
Downloaded file of 15 mb, first 10mb download at 4mb/sec. then it drops to the speed of internet.
Thus it' s scanning the first 10meg and then passes the rest.
[link]https://www.secure-it.be[/link]
[link]https://www.secure-it.be[/link]
Announcements
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
Related Posts
- FortiSandbox - dynamic scan VMs as... 28 Views
- Help with Broadcast AND Chromecast 222 Views
- IOC related to CVE-2022-42475 240 Views
- How-to upgrade Microsoft OLEDB related to... 161 Views
- How can I block all Youtube... 323 Views
Labels
-
FortiGate
7,155 -
FortiClient
1,412 -
5.2
801 -
5.4
639 -
FortiManager
619 -
FortiAnalyzer
456 -
6.0
416 -
FortiAP
374 -
FortiSwitch
372 -
5.6
362 -
FortiClient EMS
291 -
FortiMail
281 -
6.2
251 -
FortiAuthenticator v5.5
234 -
5.0
196 -
FortiWeb
175 -
FortiNAC
128 -
6.4
128 -
FortiGuard
115 -
IPsec
107 -
SSL-VPN
103 -
FortiGateCloud
97 -
FortiSIEM
93 -
FortiCloud Products
89 -
FortiToken
76 -
Customer Service
71 -
Wireless Controller
65 -
4.0MR3
64 -
FortiProxy
49 -
SD-WAN
48 -
FortiADC
45 -
FortiEDR
44 -
Fortivoice
44 -
FortiDNS
39 -
FortiExtender
35 -
FortiGate v5.4
35 -
FortiAuthenticator
35 -
FortiSandbox
34 -
Firewall policy
33 -
FortiSwitch v6.4
32 -
VLAN
31 -
High Availability
31 -
DNS
24 -
FortiWAN
24 -
FortiConnect
24 -
ZTNA
23 -
BGP
21 -
FortiConverter
21 -
Certificate
20 -
SAML
19 -
FortiGate v5.2
19 -
FortiPortal
18 -
LDAP
18 -
Interface
18 -
FortiSwitch v6.2
17 -
Routing
17 -
VDOM
17 -
FortiMonitor
15 -
Authentication
15 -
FortiGate v5.0
14 -
FortiLink
14 -
Fortigate Cloud
14 -
FortiDDoS
14 -
Logging
14 -
NAT
13 -
RADIUS
12 -
FortiCASB
12 -
Web profile
11 -
Traffic shaping
10 -
Virtual IP
10 -
SSO
10 -
SSL SSH inspection
10 -
FortiRecorder
10 -
Application control
10 -
SSID
9 -
FortiWeb v5.0
9 -
FortiManager v5.0
9 -
WAN optimization
9 -
4.0MR2
9 -
IP address management - IPAM
8 -
FortiBridge
8 -
FortiGate v4.0 MR3
8 -
OSPF
8 -
RMA Information and Announcements
7 -
FortiSOAR
7 -
FortiAnalyzer v5.0
7 -
SNMP
7 -
4.0
7 -
Admin
7 -
Web application firewall profile
7 -
Static route
6 -
Security profile
6 -
Proxy policy
6 -
Traffic shaping policy
6 -
FortiAP profile
6 -
Automation
6 -
IPS signature
5 -
Packet capture
5 -
DNS Filter
5 -
FortiCache
5 -
FortiManager v4.0
5 -
trunk
5 -
FortiDeceptor
4 -
FortiDirector
4 -
Web rating
4 -
Intrusion prevention
4 -
Port policy
4 -
Antivirus profile
4 -
FortiPAM
4 -
FortiCarrier
4 -
FortiTester
4 -
3.6
4 -
DLP sensor
4 -
FortiScan
4 -
Fabric connector
3 -
NAC policy
3 -
Multicast routing
3 -
System settings
3 -
FortiToken Cloud
3 -
Traffic shaping profile
3 -
Fortinet Engage Partner Program
3 -
DLP Dictionary
3 -
DLP profile
3 -
FortiDB
3 -
DoS policy
3 -
Email filter profile
3 -
FortiInsight
2 -
Netflow
2 -
Users
2 -
Protocol option
2 -
FortiAI
2 -
Application signature
2 -
FortiHypervisor
2 -
VoIP profile
2 -
Internet Service Database
2 -
Explicit proxy
2 -
4.0MR1
1 -
Multicast policy
1 -
Zone
1 -
FortiCWP
1 -
Kerberos
1 -
Subscription Renewal Policy
1 -
FortiNDR
1 -
TACACS
1 -
Replacement messages
1 -
Schedule
1 -
SDN connector
1 -
FortiManager-VM
1 -
Authentication rule and scheme
1 -
Service
1
Top Kudoed Authors
| User | Count |
|---|---|
| 1062 | |
| 887 | |
| 527 | |
| 441 | |
| 151 |
Broad. Integrated. Automated.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Security Research
Company
News & Articles
Copyright 2024 Fortinet, Inc. All Rights Reserved.