MMS Content Checksum
The MMS content checksum feature attempts to match checksums of known malicious MMS messages, and on a successful match it will be blocked. The checksums are applied to each part of the message—attached files and message body have separate checksums. These checksums are created with CRC-32, the same method as FortiAnalyzer checksums.
For example, if an MMS message contains a browser exploit in the message body, you can add the checksum for that message body to the list, and future occurrences of that exact message will be blocked. Content will be replaced by the content checksum block notification replacement message for that type of MMS message, and if it is enabled the event will be logged.
One possible implementation would to configure all .sis files to be intercepted. When one is found to be infected or malicious it would be added to the MMS content checksum list.
To use this feature a list of one or more malicious checksums must be created and then the feature is enabled using that list. For a detailed list of options, see
“MMS Content Checksum”.
To configure an MMS content checksum list
1. Go to Security Profiles > Carrier > MMS Content Checksum.
2. Select Create New.
3. Enter a name for the list of checksums, and select OK.
You are taken to the edit screen for that new list.
4. Select Create New to add a checksum.
5. Enter the Name and Checksum, and select OK.
The checksum is added to the list.
To add more checksums to the list, repeat steps
4 and
5.
To to remove a checksum from the list you can either delete the checksum or simply disable it and leave it in the list.
To enable MMS content checksums, expand MMS Scanning and select MMS Content Checksum for the selected MMS types. Select the checksum list to match.