Cli configuration, Config antivirus heuristic, Command syntax pattern – Fortinet 100A User Manual

Antivirus

config antivirus heuristic

FortiGate-100A Administration Guide

01-28007-0068-20041203

299

CLI configuration

config antivirus heuristic

The FortiGate heuristic antivirus engine performs tests on files to detect virus-like
behavior or known virus indicators. Heuristic scanning is performed last, after file
blocking and virus scanning have found no matches. In this way, heuristic scanning
may detect new viruses, but may also produce some false positive results.

The heuristic engine is enabled by default to pass suspected files to the recipient and
send a copy to quarantine. Once configured in the CLI, heuristic is enabled in a
protection profile when Virus Scan is enabled.

Use the heuristic command to change the heuristic scanning mode.

Command syntax pattern

config antivirus heuristic

set <keyword> <variable>

end

config antivirus heuristic

unset <keyword>

end

get antivirus heuristic

show antivirus heuristic

Example

This example shows how to disable heuristic scanning.

config antivirus heuristic

set mode disable

end

Note: This guide only covers Command Line Interface (CLI) commands that are not
represented in the web-based manager. For complete descriptions and examples of how to use
CLI commands see the FortiGate CLI Reference Guide.

Table 26: antivirus heuristic command keywords and variables

Keywords and variables

Description

Default Availability

mode
{pass | block | disable}

Enter pass to enable heuristics

but pass detected files to the

recipient. Suspicious files are

quarantined if quarantine is

enabled.
Enter block to enable heuristics

and block detected files. A

replacement message is

forwarded to the recipient. Blocked

files are quarantined if quarantine

is enabled.
Enter disable to disable

heuristics.

pass

All models.