system : replacemsg im
 
replacemsg im
Use this command to change default replacement messages added to instant messaging and peer-to-peer sessions when either file-transfer or voice-chat is blocked.
By default, these are text messages with an 8-bit header.
Syntax
config system replacemsg im <message-type>
set buffer <message>
set format <format>
set header <header_type>
end
Variable
Description
Default
<message-type>
im replacement message type. See Table 13.
No default.
buffer <message>
Type a new replacement message to replace the current replacement message. Maximum length 8 192 characters.
Depends on message type.
format <format>
Set the format of the message:
html
text
none
No default
header <header_type>
Set the format of the message header:
8bit
http
none
Depends on message type.
Table 13: Instant messaging (IM) and peer to peer (P2P) message types
Message name
Description
im-dlp
 
In a DLP sensor, a rule with action set to Block replaces a blocked IM or P2P message with this message.
im-dlp-ban
 
In a DLP sensor, a rule with action set to Ban replaces a blocked IM or P2P message with this message. This message also replaces any additional messages that the banned user sends until they are removed from the banned user list.
im-file-xfer-block
 
Antivirus File Filter enabled for IM deletes a file that matches an entry in the selected file filter list and replaces it with this message.
im-file-xfer-infected
 
Antivirus Virus Scan enabled for IM deletes an infected file from and replaces the file with this message.
im-file-xfer-name
 
Antivirus File Filter enabled for IM deletes a file with a name that matches an entry in the selected file filter list and replaces it with this message.
im-file-xfer-size
 
Antivirus Oversized File/Email set to Block for IM removes an oversized file and replaces the file with this message.
im-long-chat-block
In an Application Control list, the block-long-chat CLI field is enabled for AIM, ICQ, MSN, or Yahoo. You enable blocking oversized chat messages from the CLI.
im-photo-share-block
 
In an Application Control list, the block-photo CLI field is enabled for MSN, or Yahoo. You enable photo blocking from the CLI.
im-voice-chat-block
 
In an Application Control list, the Block Audio option is selected for AIM, ICQ, MSN, or Yahoo!.
im-video-chat-block
 
In an Application Control list, the block-video CLI field is enabled for MSN. You enable video chat blocking from the CLI.
Replacement messages can include replacement message tags. When users receive the replacement message, the replacement message tag is replaced with content relevant to the message.
Table 14: Replacement message tags
Tag
Description
%%FILE%%
The name of a file that has been removed from a content stream. This could be a file that contained a virus or was blocked by antivirus file blocking. %%FILE%% can be used in virus and file block messages.
%%VIRUS%%
The name of a virus that was found in a file by the antivirus system. %%VIRUS%% can be used in virus messages
%%QUARFILENAME%%
The name of a file that has been removed from a content stream and added to the quarantine. This could be a file that contained a virus or was blocked by antivirus file blocking. %%QUARFILENAME%% can be used in virus and file block messages. Quarantining is only available on FortiGate units with a local disk.
%%PROTOCOL%%
The protocol (HTTP, FTP, POP3, IMAP, SMTP) in which a virus was detected. %%PROTOCOL%% is added to alert email virus messages.
%%SOURCE_IP%%
The IP address from which a virus was received. For email this is the IP address of the email server that sent the email containing the virus. For HTTP this is the IP address of the web page that sent the virus.
%%DEST_IP%%
The IP address of the computer that would have received the blocked file. For email this is the IP address of the user’s computer that attempted to download the message from which the file was removed.