antivirus : quarantine
 
quarantine
Use this command to set file quarantine options. FortiGate units with a hard disk or a connection to a FortiAnalyzer unit can quarantine files. FortiGate features such as virus scanning can quarantine files.
Syntax
config antivirus quarantine
set agelimit <hours_int>
set destination {disk | FortiAnalyzer | NULL}
set drop-blocked {ftp ftps http imap mm1 mm3 mm4 mm7 nntp pop3 smtp}
set drop-heuristic {ftp ftps http imap mm1 mm3 mm4 mm7 nntp pop3 smtp}
set drop-infected {ftp ftps http imap mapi mm1 mm3 mm4 mm7 nntp pop3 smtp}
set drop-intercepted {ftp http imap mm1 mm3 mm4 mm7 pop3 smtp}
set lowspace {drop-new | ovrw-old}
set maxfilesize <MB_int>
set quarantine-quota <MB_int>
set store-blocked {ftp http imap mm1 mm3 mm4 mm7 nntp pop3 smtp}
set store-heuristic {ftp http imap mm1 mm3 mm4 mm7 nntp pop3 smtp}
set store-infected {ftp ftps http https imap imaps mm1 mm3 mm4 mm7 nntp pop3 pop3s smtp smtps}
set store-intercepted {ftp http imap mm1 mm3 mm4 mm7 pop3 smtp}
end
Variable
Description
Default
agelimit <hours_int>
Specify how long files are kept in quarantine to a maximum of 479 hours. The age limit is used to formulate the value in the TTL column of the quarantined files list. When the limit is reached the TTL column displays EXP and the file is deleted (although a record is maintained in the quarantined files list). Entering an age limit of 0 (zero) means files are stored on disk indefinitely depending on low disk space action. This option appears when destination is not set to NULL.
0
destination
{disk | FortiAnalyzer | NULL}
The destination for quarantined files:
disk is the FortiGate unit internal hard disk, if present.
FortiAnalyzer is a FortiAnalyzer unit the FortiGate unit is configured to use.
NULL disables the quarantine.
This command appears only if the FortiGate unit has an internal hard disk or is configured to use a FortiAnalyzer unit.
NULL
drop-blocked
{ftp ftps http imap mm1 mm3 mm4 mm7 nntp pop3 smtp}
Do not quarantine blocked files found in traffic for the specified protocols. The files are deleted.
MM1, MM3, MM4, and MM7 traffic types supported only in FortiOS Carrier.
imap nntp
drop-heuristic
{ftp ftps http imap mm1 mm3 mm4 mm7 nntp pop3 smtp}
Do not quarantine files found by heuristic scanning in traffic for the specified protocols.
NNTP support for this field will be added in the future.
MM1, MM3, MM4, and MM7 traffic types supported in FortiOS Carrier.
http
im
imap nntp pop3 smtp
drop-infected
{ftp ftps http imap mapi mm1 mm3 mm4 mm7 nntp pop3 smtp}
Do not quarantine virus infected files found in traffic for the specified protocols.
NNTP support for this field will be added in the future.
MM1, MM3, MM4, and MM7 traffic types supported in FortiOS Carrier.
im
imap nntp
drop-intercepted
{ftp http imap mm1 mm3 mm4 mm7 pop3 smtp}
For FortiOS Carrier, do not quarantine intercepted files found in traffic for the specified protocols. The files are deleted.
imap smtp pop3 http ftp mm1 mm3 mm4 mm7
lowspace
{drop-new | ovrw-old}
Select the method for handling additional files when the FortiGate hard disk is running out of space.
Enter ovwr-old to drop the oldest file (lowest TTL), or drop‑new to drop new quarantine files.
This option appears when destination is not set to NULL.
ovrw-old
maxfilesize <MB_int>
Specify, in MB, the maximum file size to quarantine.
The FortiGate unit keeps any existing quarantined files over the limit. The FortiGate unit does not quarantine any new files larger than this value. The file size range is 0-499 MB. Enter 0 for unlimited file size.
0
quarantine-quota <MB_int>
Set the antivirus quarantine quota in MB, which is the amount of disk space to reserve for quarantining files.
0
store-blocked
{ftp http imap mm1 mm3 mm4 mm7 nntp pop3 smtp}
Quarantine blocked files found in traffic for the specified protocols.
NNTP support for this field will be added in the future.
HTTP, FTP, MM1, MM3, MM4, and MM7 traffic types supported in FortiOS Carrier.
No default.
store-heuristic
{ftp http imap mm1 mm3 mm4 mm7 nntp pop3 smtp}
Quarantine files found by heuristic scanning in traffic for the specified protocols.
NNTP support for this field will be added in the future.
MM1, MM3, MM4, and MM7 traffic types supported in FortiOS Carrier.
No default.
store-infected
{ftp ftps http https imap imaps mm1 mm3 mm4 mm7 nntp pop3 pop3s smtp smtps}
Quarantine virus infected files found in traffic for the specified protocols.
NNTP support for this field will be added in the future.
MM1, MM3, MM4, and MM7 traffic types supported in FortiOS Carrier.
No default.
store-intercepted
{ftp http imap mm1 mm3 mm4 mm7 pop3 smtp}
Quarantine intercepted FortiOS Carrier files found in traffic of the specified protocols.
imap smtp pop3 http ftp mm1 mm3 mm4 mm7