Configuring antivirus settings : Using FortiSandbox antivirus inspection
Using FortiSandbox antivirus inspection
The FortiSandbox unit is used for automated sample tracking, or sandboxing. You can send suspicious email attachments to FortiSandbox for inspection when you configure antivirus profiles (see “Managing antivirus profiles”). If the file exhibits risky behavior, or is found to contain a virus, the result will be sent back to FortiMail and a new virus signature is created and added to the FortiGuard antivirus signature database as well. For more information about FortiSandbox, please visit Fortinet’s web site at http://www.fortinet.com.
If you have a contract to use the FortiSandbox cloud service, you will be able to submit the suspicious email attachments to the cloud service. If the file is found virus positive, a new virus signature is created and added to the FortiGuard antivirus database. But this result will not be returned to FortiMail and thus FortiMail will not be able to use the result to do realtime blocking.
To add a FortiSandbox unit
1. Go to AntiVirus > FortiSanbox.
2. Enable the FortiSandbox Inspection and configure the following settings:
GUI item
Description
FortiSandbox type
If you use an appliance, specify the appliance’s host name or IP address; if you use the cloud service, make sure you have a valid contract.
Server name/IP
Enter the FortiSandbox host name or IP address. The port to use is 514. If you have a firewall in between FortiMail and FortiSandbox, make this port is allowed.
Test Connection
Click Test Connection to make sure the connection is successful. If the connection fails, check the network connection.
Notification email
This is the email address that FortiSandbox will use to send out notifications and reports. If you want to receive such email, enter your email address. For details, see the FortiSandbox documentation.
Statistics interval
Specify how long FortiMail should wait to retrieve some high level statistics from FortiSandbox. The default interval is 5 minutes. The statistics include how many malwares are detected and how many files are clean among all the files submitted.
Scan timeout
Specify how long FortiMail will wait to get the results.
Scan result expires in
Specify how long FortiMail will cache the results.
File Scan Settings
File types
Select what types of attachment files will be uploaded to FortiSandbox for scanning.
File patterns
Create your own file pattern that will be uploaded to FortiSandbox, for example, *.txt.
URI Scan Settings
Enable
Enable to scan the URIs to determine if they are malicious or phishing sites.
Email selection
Specify to scan URIs in all email or the suspicious email only.
URI selection
Specify to scan all URIs or the unrated URIs only.
Number of URIs per email
Specify how many URIs will be scanned in one email message.