It this post i will talk about the AntiVirus feature of Fortigate. Since the firewall from Fortinet has a lot of features it is normal that AntiVirus is one of them.[singlepic id=5 w=320 h=240 float=]
The processing of the Antivirus application goes as following:
1. File Filter -first it checks if any files match a file filter defined by you. Ex: block any “.exe” files
2. Virus Scan – it then scans the file for known viruses
3. Grayware – it scans the file for grayware applications
4. Heuristics – it scans the file using heuristics algorithms
The File Filter is composed of 3 main tasks:
1. File Pattern (name, extension etc)
2. File Type (pattern checking)
3. Actions (Allow or Block the file)[singlepic id=6 w=320 h=240 float=]
A simple definition of Grayware files = unsolicited software programs that get installed on computers, often without the user approval or knowledge.
If the Antivirus has a HDD and the file that is scanning is matching any of the criteria explained above it will move the file to Quarantine. If the Fortigate does not have a HDD it can move them to a FortiAnalyzer.[singlepic id=7 w=320 h=240 float=]
The AntiVirus feature can have the following options:
a. Proxy Splicing – sends some of the response to the client and so it prevents the client from dropping the packet, as the client does not receive an ACK for the request he sent. This is normally used for FTP, POP3, IMAP and SMTP traffic.
b. Client Comforting – gives info the the user about the process of Proxy Splicing. This is mainly used for FTP and HTTP
Please let me know if you have any questions.