antivirus : profile
 
profile
Use this command to configure UTM antivirus profiles for firewall policies. Antivirus profiles configure how virus scanning is applied to sessions accepted by a firewall policy that includes the antivirus profile.
Syntax
config antivirus profile
edit <name_str>
set analytics-bl-filetype {1 | 2 | <filepattern_list_int>}
set analytics-wl-filetype {1 | 2 | <filepattern_list_int>}
set analytics-max-upload <mbytes>
set av-virus-log {enable | disable}
set av-block-log {enable | disable}
set comment <comment_str>
set ftgd-analytics {disable | suspicious | everything}
set inspection-mode {flow‑based | proxy}
set scan-botnet-connections {monitor | block | disable}
config {http | https | ftp | ftps | imap | imaps | mapi | pop3 | pop3s | smb | smtp | smtps | nntp}
set archive-block [corrupted encrypted mailbomb multipart nested unhandled]
set archive-log [corrupted encrypted mailbomb multipart nested unhandled]
set emulator {enable | disable}
set options {avmonitor | avquery | quarantine | scan}
config nac-quar
set infected {none | quar‑scr-ip}
set expiry <duration_str>
set log {disable | enable}
end
end
Variable
Description
Default
<name_str>
Enter the name of the antivirus profile.
 
analytics-bl-filetype {1 | 2 | <filepattern_list_int>}
Select file type pattern to blacklist and submit to FortiGuard Analytics:
1— builtin patterns
2 —all executables
<filepattern_list_int> — the identifier of a defined filepattern. See dlp filepattern.
0
analytics-wl-filetype {1 | 2 | <filepattern_list_int>}
Select file type pattern to whitelist and not submit to FortiGuard Analytics:
1— builtin patterns
2 —all executables
<filepattern_list_int> — the identifier of a defined filepattern. See dlp filepattern.
0
analytics-max-upload <mbytes>
Enter the maximum file size that can be scanned in Mbytes. Range: 1MB to 44MB
10
av-virus-log {enable | disable}
Enable or disable logging for virus scanning.
disable
av-block-log {enable | disable}
Enable or disable logging for antivirus file blocking.
disable
comment <comment_str>
Optionally enter a description of up to 63 characters of the antivirus profile.
 
ftgd-analytics {disable | suspicious | everything}
FortiGuard Analytics mode:
disable — FortiGuard Analytics disabled
suspicious — send only suspicious items
everything — send all items to FortiGuard
disable
inspection-mode {flow‑based | proxy}
Select flow-based or proxy antivirus protection.
proxy
scan-botnet-connections {monitor | block | disable}
Select how to treat connections to known botnet servers.
monitor - Log botnet connections
block - Block botnet connections
disable - Do not scan for botnet connections
block