system : replacemsg utm
 
replacemsg utm
When data leaks or viruses are detected, these messages are substituted for the blocked item.
Syntax
config system replacemsg utm <message_type>
set buffer <message>
set format <format>
set header <header_type>
end
Variable
Description
Default
buffer <message>
Type a new replacement message to replace the current replacement message. Maximum length 8 192 characters.
Depends on message type.
format <format>
Set the format of the message:
html
text
none
No default
header <header_type>
Set the format of the message header:
8bit
http
none
Depends on message type.
Message Type
Description
dlp-text
An email message is blocked because it appears to contain a data leak.
dlp-html
An HTTP transfer is blocked because it appears to contain a data leak.
virus-html
A virus was detected in a file being downloaded using an HTTP GET.
virus-text
A virus was detected in a file attachment. The file was removed.
Table 23: Replacement message tags
Tag
Description
%%FILE%%
The name of a file that has been removed from a content stream. This could be a file that contained a virus or was blocked by antivirus file blocking. %%FILE%% can be used in virus and file block messages.
%%VIRUS%%
The name of a virus that was found in a file by the antivirus system. %%VIRUS%% can be used in virus messages
%%QUARFILENAME%%
The name of a file that has been removed from a content stream and added to the quarantine. This could be a file that contained a virus or was blocked by antivirus file blocking. %%QUARFILENAME%% can be used in virus and file block messages. Quarantining is only available on FortiGate units with a local disk.
%%PROTOCOL%%
The protocol (HTTP, FTP, POP3, IMAP, SMTP) in which a virus was detected. %%PROTOCOL%% is added to alert email virus messages.