12.03.2015 Views

FortiGate Administration Guide - FirewallShop.com

FortiGate Administration Guide - FirewallShop.com

FortiGate Administration Guide - FirewallShop.com

SHOW MORE
SHOW LESS

You also want an ePaper? Increase the reach of your titles

YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.

Antivirus elements<br />

AntiVirus<br />

File pattern<br />

Once a file is accepted, the <strong>FortiGate</strong> unit applies the file pattern recognition filter.<br />

The <strong>FortiGate</strong> will check the file against the file pattern setting you have<br />

configured. If the file is a blocked pattern, “.EXE” for example, then it is stopped<br />

and a replacement message is sent to the end user. No other levels of protected<br />

are applied. If the file is not a blocked pattern the next level of protection is<br />

applied.<br />

Virus scan<br />

If the file is passed by the file pattern it will have a virus scan applied to it. The<br />

virus definitions are keep up to date through the FortiNet Distribution Network.<br />

The list is updated on a regular basis so you do not have to wait for a firmware<br />

upgrade. For more information on updating virus definitions see “FortiGuard<br />

antivirus” on page 398.<br />

Grayware<br />

Once past the file pattern and the virus scan, the in<strong>com</strong>ing file will be checked for<br />

grayware. Grayware configurations can be turned on and off as required and are<br />

kept up to date in the same manner as the antivirus definitions. For more<br />

information on configuring grayware please see “Viewing the grayware list” on<br />

page 407.<br />

Heuristics<br />

After an in<strong>com</strong>ing file has passed the first three antivirus elements, it is subjected<br />

to the heuristics element. The <strong>FortiGate</strong> heuristic antivirus engine performs tests<br />

on the file to detect virus-like behavior or known virus indicators. In this way,<br />

heuristic scanning may detect new viruses, but may also produce some false<br />

positive results.<br />

Note: Heuristics is configurable only through the CLI. See the <strong>FortiGate</strong> CLI Reference.<br />

FortiGuard antivirus<br />

FortiGuard antivirus services are an excellent resource and include automatic<br />

updates of virus and IPS (attack) engines and definitions, as well as the local<br />

spam DNSBL, through the FortiGuard Distribution Network (FDN). The FortiGuard<br />

Center also provides the FortiGuard antivirus virus and attack encyclopedia and<br />

the FortiGuard Bulletin. Visit the Fortinet Knowledge Center for details and a link<br />

to the FortiGuard Center.<br />

The connection between the <strong>FortiGate</strong> unit and FortiGuard Center is configured in<br />

System > Maintenance > FortiGuard Center. See “Configuring the <strong>FortiGate</strong><br />

unit for FDN and FortiGuard services” on page 188 for more information.<br />

Note: If virtual domains are enabled on the <strong>FortiGate</strong> unit, antivirus features are configured<br />

globally. To access these features, select Global Configuration on the main menu.<br />

<strong>FortiGate</strong> Version 3.0 MR5 <strong>Administration</strong> <strong>Guide</strong><br />

398 01-30005-0203-20070830

Hooray! Your file is uploaded and ready to be published.

Saved successfully!

Ooh no, something went wrong!