Heuristics
After an incoming file has passed the grayware scan, it is subjected to the heuristics scan. The FortiGate heuristic antivirus engine, if enabled, performs tests on the file to detect virus-like behavior or known virus indicators. In this way, heuristic scanning may detect new viruses, but may also produce some false positive results. You configure heuristics from the CLI.
To set heuristics, enter the following in the CLI:
config antivirus heuristic
set mode {pass |block |disable}
end
• “block” enables heuristics and any files determined to be malware are blocked from entering the network.
• “pass” enables heuristics but any files determined to be malware are still allowed to pass through to the recipient.
• “disable” turns off heuristics.