system : replacemsg alertmail
 
replacemsg alertmail
The FortiGate unit adds the alert mail replacement messages listed to alert email messages sent to administrators. For more information about alert email, see system email-server.
Alert mail replacement messages are text messages.
These are HTML messages with HTTP headers.
Syntax
config system replacemsg alertmail alert_msg_type
set buffer <message>
set format <format>
set header <header_type>
end
Variable 
Description 
Default 
alert_msg_type
FortiGuard replacement alertmail message type. See Table 3.
No default.
buffer <message>
Type a new replacement message to replace the current replacement message. Maximum length 8 192 characters.
Depends on message type.
format <format>
Set the format of the message:
html
text
none
No default.
header <header_type>
Set the format of the message header:
8bit
http
none
Depends on message type.
 
If you enable Send alert email for logs based on severity for alert email, whether or not replacement messages are sent by alert email depends on how you set the alert email Minimum log level.
 
Table 3: alertmail message types
Message Type
Description
alertmail-block
Virus detected must be enabled for alert email. Antivirus File Filter must be enabled in an antivirus profile, and it must block a file that matches an entry in a selected file filter list.
alertmail-crit-event
Whenever a critical level event log message is generated, this replacement message is sent unless you configure alert email to enable Send alert email for logs based on severity and set the Minimum log level to Alert or Emergency.
alertmail-disk-full
Disk usage must be enabled, and disk usage reaches the percent full amount configured for alert email. For more information, see system email-server.
alertmail-nids-event
Intrusion detected must be enabled for alert email. When an IPS Sensor or a DoS Sensor detects an attack, this replacement message will be sent.
alertmail-virus
Virus detected must be enabled for alert email. Antivirus Virus Scan must be enabled in an antivirus profile and detect a virus.
Replacement messages can include replacement message tags. When users receive the replacement message, the replacement message tag is replaced with content relevant to the message.
Table 4: Replacement message tags
Tag
Description
%%FILE%%
The name of a file that has been removed from a content stream. This could be a file that contained a virus or was blocked by antivirus file blocking. %%FILE%% can be used in virus and file block messages.
%%VIRUS%%
The name of a virus that was found in a file by the antivirus system. %%VIRUS%% can be used in virus messages
%%URL%%
The URL of a web page. This can be a web page that is blocked by web filter content or URL blocking. %%URL%% can also be used in http virus and file block messages to be the URL of the web page from which a user attempted to download a file that is blocked.
%%CRITICAL_EVENT%%
Added to alert email critical event email messages. %%CRITICAL_EVENT%% is replaced with the critical event message that triggered the alert email.
%%PROTOCOL%%
The protocol (HTTP, FTP, POP3, IMAP, SMTP) in which a virus was detected. %%PROTOCOL%% is added to alert email virus messages.
%%SOURCE_IP%%
IP address of the email server that sent the email containing the virus.
%%DEST_IP%%
IP address of the user’s computer that attempted to download the message from which the file was removed.
%%EMAIL_FROM%%
The email address of the sender of the message from which the file was removed.
%%EMAIL_TO%%
The email address of the intended receiver of the message from which the file was removed.
%%NIDS_EVENT%%
The IPS attack message. %%NIDS_EVENT%% is added to alert email intrusion messages.