Fortigate AntiVirus and AntiSpam

 

As we all know Fortigate provides a lot a features for only one device.

Let’s see how some of them work:

I. AntiVirus 

This tool scans the traffic and applies the following rules:

1. File size – if a file is large that what you define, then this gets dropped

2. File pattern – if a file matches a pattern, it get dropped

3. Virus scan – it scans a file for virus, if it gets a positive then it gets dropped

4. Grayware – scans for grayware programs

5. Heuristic – scans with an heuristic algorithm

6. File type – you can define some types that gets dropped

 

II. AntiSpam

a. SMTP and SMTPS spam filtering

1. It checks if the IP address that sent the email is in a blacklist

2. DNSBL & ORDBL

3. MIME header check

4. Banned words – word you defined for banned emails

5. IP add BWL chcecks (the IP is extracted from “Recv. header”)

6. Banned work check on the email body

Then it tries the following: DNS check, email checksum, URL check, DNSBL & ORDBL check for IP from header

 

b. IMAP, IMAPS, POP3 and POP3S 

1. MIME header check – it checks if the address is in any blacklist

2. Banned word check – if a banned word is found in the subject

3. IP blacklist check

4. Banned word check – checks in the subject of the email

Then it tries the following: DNS check, email checksum, URL check, DNSBL & ORDBL check for IP from header

Share: