12.03.2015 Views

FortiGate Administration Guide - FirewallShop.com

FortiGate Administration Guide - FirewallShop.com

FortiGate Administration Guide - FirewallShop.com

SHOW MORE
SHOW LESS

You also want an ePaper? Increase the reach of your titles

YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.

AntiVirus<br />

Quarantine<br />

Note: If virtual domains are enabled on the <strong>FortiGate</strong> unit, antivirus features are configured<br />

globally. To access these features, select Global Configuration on the main menu.<br />

Viewing the Quarantined Files list<br />

The Quarantined Files list displays information about each file quarantined<br />

because of virus infection or file blocking. Sort the files by file name, date, service,<br />

status, duplicate count (DC), or time to live (TTL). Filter the list to view only<br />

quarantined files with a specific status or from a specific service.<br />

To view the Quarantined Files list, go to AntiVirus > Quarantine > Quarantined<br />

Files.<br />

Figure 272:Quarantined files list<br />

The quarantined files list has the following features and displays the following<br />

information about each quarantined file:<br />

Apply<br />

Sort by<br />

Filter<br />

File Name<br />

Date<br />

Service<br />

Status<br />

Status<br />

Description<br />

DC<br />

TTL<br />

Select to apply the sorting and filtering selections to the quarantined<br />

files list.<br />

Sort the list. Choose from: status, service, file name, date, TTL, or<br />

duplicate count. Select Apply to <strong>com</strong>plete the sort.<br />

Filter the list. Choose from status (infected, blocked, or heuristics) or<br />

service (IMAP, POP3, SMTP, FTP, or HTTP). Select Apply to <strong>com</strong>plete<br />

the filtering. Heuristics mode is configurable through the CLI only. See<br />

“Antivirus CLI configuration” on page 409.<br />

The processed file name of the quarantined file. When a file is<br />

quarantined, all spaces are removed from the file name, and a 32-bit<br />

checksum is performed on the file. The checksum appears in the<br />

replacement message but not in the quarantined file. The file is stored<br />

on the <strong>FortiGate</strong> hard disk with the following naming convention:<br />

.<br />

For example, a file named Over Size.exe is stored as<br />

3fc155d2.oversize.exe.<br />

The date and time the file was quarantined, in the format dd/mm/yyyy<br />

hh:mm. This value indicates the time that the first file was quarantined<br />

if the duplicate count increases.<br />

The service from which the file was quarantined (HTTP, FTP, IMAP,<br />

POP3, SMTP, IM).<br />

The reason the file was quarantined: infected, heuristics, or blocked.<br />

Specific information related to the status, for example, “File is infected<br />

with “W32/Klez.h”” or “File was stopped by file block pattern.”<br />

Duplicate count. A count of how many duplicates of the same file were<br />

quarantined. A rapidly increasing number can indicate a virus outbreak.<br />

Time to live in the format hh:mm. When the TTL elapses, the <strong>FortiGate</strong><br />

unit labels the file as EXP under the TTL heading. In the case of<br />

duplicate files, each duplicate found refreshes the TTL.<br />

The TTL information is not available if the files are quarantined on a<br />

FortiAnalyzer unit.<br />

<strong>FortiGate</strong> Version 3.0 MR5 <strong>Administration</strong> <strong>Guide</strong><br />

01-30005-0203-20070830 403

Hooray! Your file is uploaded and ready to be published.

Saved successfully!

Ooh no, something went wrong!