Windows file sharing (CIFS) flow-based antivirus scanning
FortiOS 5.0 now supports virus scanning of Windows file sharing traffic. This includes CIFS, SMB, and SAMBA traffic. This feature is applied by enabling SMB scanning in an antivirus profile and then adding this profile to a security policy that accepts CIFS traffic. CIFS virus scanning is available only through flow-based antivirus scanning.
FortiOS 5.0 flow-based virus scanning can detect the same number of viruses in CIFS/SMB/SAMBA traffic as it can for all supported content protocols.
Use the following command to enable CIFS/SMB/SAMBA virus scanning in an antivirus profile:
config antivirus profile
edit smb-profile
config smb
set options scan
set avdb flow-based
end
Then add this antivirus profile to a security policy that accepts the traffic to be virus scanned. In the security policy the service can be set to ANY, SAMBA, or SMB.
config firewall policy
edit 0
set service ANY
...
set utm-status enable
set av-profile smb-profile
end
Note the following about CFIS/SMB/SAMBA virus scanning:
• Some newer version of SAMBA clients and SMB2 can spread one file across multiple sessions, preventing some viruses from being detected if this occurs.
• Enabling CIFS/SMB/SAMBA virus scanning can affect FortiGate performance.
• SMB2 is a new version of SMB that was first partially implemented in Windows Vista.
• Currently SMB2 is supported by Windows Vista or later, and partly supported by Samba 3.5 and fully support by Samba 3.6.
• The latest version of SMB2.2 will be introduced with Windows 8.
• Most clients still use SMB as default setting.
