Chapter 4 FortiOS Carrier : MMS Security features : MMS file filtering
  
MMS file filtering
Use MMS file filtering to apply antivirus file filtering to MMS traffic. Select a file filter list to apply. To configure MMS file filtering, go to Security Profiles > Carrier > MMS Profile, select an existing or create a new profile, and expand MMS Scanning.
Configure the FortiGate file filter to block files by:
File pattern: Files can be blocked by name, extension, or any other pattern. File pattern blocking provides the flexibility to block potentially harmful content.
File pattern entries are not case sensitive. For example, adding *.exe to the file pattern list also blocks any files ending in .EXE.
In addition to the built-in patterns, you can specify more file patterns to block.
File type: Files can be blocked by type, without relying on the file name to indicate what type of files they are. When blocking by file type, the FortiGate unit analyzes the file and determines the file type regardless of the file name.
For standard operation, you can choose to disable file filter in the protection profile, and enable it temporarily to block specific threats as they occur.
The FortiGate unit can take either of these actions toward files that match a configured file pattern or type:
Allow: the file is allowed to pass.
Block: the file is blocked and a replacement messages will be sent to the user. If both file filter and virus scan are enabled, the Carrier-enabled FortiGate unit blocks files that match the enabled file filter and does not scan these files for viruses.
Intercept: the file will be archived to the local hard disk or the FortiAnalyzer unit.
The Carrier-enabled FortiGate unit also writes a message to the virus log and sends an alert email message if configured to do so.
Files are compared to the enabled file patterns and then the file types from top to bottom. If a file does not match any specified patterns or types, it is passed along to antivirus scanning (if enabled). In effect, files are passed if not explicitly blocked.
Using the allow action, this behavior can be reversed with all files being blocked unless explicitly passed. Simply enter all the file patterns or types to be passed with the allow attribute. At the end of the list, add an all-inclusive wildcard (*.*) with a block action. Allowed files continue to antivirus scanning (if enabled) while files not matching any allowed patterns are blocked by the wildcard at the end.