In FortiOS 5.2, flow-based AntiVirus has been improved to have the same enhanced performance as flow-based antivirus scanning in FortiOS 5.0 while providing the same accuracy and many of the extended features of proxy-based antivirus.

Flow-based AntiVirus now allows data to accumulate until it detect the end of a file. When the end is reached, traffic is paused and data is sent asynchronously for analysis. When the results are received, the traffic is either allowed to resume or the connection is reset.

Because of this change, the default AntiVirus profile on a FortiGate uses flow-based inspection. Flow-based inspection can also utilize the extended AntiVirus database. Detecting and reporting only occurs when AntiVirus is enabled in the security policy.

Flow-based AntiVirus is also supported for sniffer policies.