Configuring system settings : Configuring FortiGuard services : Configuring FortiGuard antivirus service
Configuring FortiGuard antivirus service
You can configure the FortiMail unit to periodically request updates from the FDN or override servers for the FortiGuard antivirus engine and antivirus definitions.
You can use push updates or manually initiate updates as alternatives or in conjunction with scheduled updates. If protection from the latest viral threats is a high priority, you could configure both scheduled updates and push updates, using scheduled updates as a failover method to increase the likelihood that the FortiMail unit always retrieves periodic updates if connectivity is interrupted during a push notification. While using only scheduled updates could potentially leave your network vulnerable to a new virus, it minimizes short disruptions to antivirus scans that can occur if the FortiMail unit applies push updates during peak volume times.
For example, you might schedule updates every night at 2 AM or weekly on Sunday, when email traffic volume is light.
Before configuring scheduled updates, first verify that the FortiMail unit can connect to the FDN or override server. For details, see “Verifying connectivity with FortiGuard services”.
To configure FortiGuard antivirus options
1. Go to System > FortiGuard > AntiVirus.
2. Configure the following and then click Apply.
Use override server address
Enable to override the default FDN server to which the FortiMail unit connects for updates, then enter the IP address of the override public or private FDN server.
Allow push update
Enable to allow the FortiMail unit to accept push notifications (UDP 9443). If the FortiMail unit is behind a NAT device, you may also need to enable and configure Use override push IP.
Push notifications only notify the FortiMail unit that an update is available. They do not transmit the update itself. After receiving a push notification, the FortiMail unit then initiates a separate TCP 443 connection, similar to scheduled updates, in order to the FDN to download the update.
Use override push IP
Enable to override the IP address and default port number to which the FDN sends push notifications.
When enabled, the FortiMail unit notifies the FDN to send push updates to the IP address and port number that you enter (for example, a virtual IP/port forward on a NAT device that will forward push notifications to the FortiMail unit).
When disabled, the FortiMail unit notifies the FDN to send push updates to the FortiMail unit’s IP address, using the default port number (UDP 9443). This is useful only if the FortiMail unit has a public network IP address.
This option is available only if Allow push update is enabled.
Virus outbreak protection
When a virus outbreak occurs, the FortiGuard antivirus database may need some time to get updated. Therefore, you can choose to defer the delivery of the suspicious email messages and scan them for the second time.
Disable: Do not query FortiGuard antivirus service.
Enable: Query FortiGuard antivirus service.
Enable with Defer: If the first query returns no results, defer the email for the specified time and do the second query.
Virus outbreak protection period
If you specify Enable with Defer in the above field, specify how many minutes later a second query will be done.
Virus database
Depending on your models, FortiMail supports three types of antivirus databases:
Default: The default FortiMail virus database contains most commonly seen viruses and should be sufficient enough for regular antivirus protection.
Extended: Some high-end FortiMail models support the usage of an extended virus database, which contains viruses that are not active any more.
Extreme: Some high-end models also support the usage of an extreme virus database, which contains more virus signatures than the default and extended databases.
To use the extended and extreme virus databases, you must enable them with the following CLI command:
config system fortiguard antivirus
set virus-db {default | extended | extreme}
Scheduled update
Enable to perform updates according to a schedule, then select one of the following as the frequency of update requests. When the FortiMail unit requests an update at the scheduled time, results appear in Last Update Status.
Every: Select to request to update once every 1 to 23 hours, then select the number of hours between each update request.
Daily: Select to request to update once a day, then select the hour of the day to check for updates.
Weekly: Select to request to update once a week, then select the day of the week, the hour, and the minute of the day to check for updates.
If you select 00 minutes, the update request occurs at a randomly determined time within the selected hour.