Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
theG
New Contributor III

Exclude file from AV scanner

Hi guys, Is there a way to exclude certain files from being scanned by the FGT AV? thanks theG
8 REPLIES 8
Christopher_McMullan

This is based on FortiOS v5.0, but the syntax looks the same in v5.2. It' s reasonably safe to assume the syntax reaches back into 4.3 and beyond. You can configure a blacklist or whitelist per-profile for AV, and apply it based on file pattern or file type: config antivirus profile edit <profile_name> set analytics-wl-filetype <filepattern_list_int> ... end config dlp filepattern edit <filepattern_list_int> set name <list_name_str> config entries edit <filepattern_str> set file-type ... set filter-type {pattern | type} end end File pattern means the file' s name. File type would require the FortiGate to try and determine what kind of file is being scanned based on its contents. In the case of file pattern, the name you give to the entry in quotation marks, i.e., edit " allowedfile.zip" will be what the FortiGate looks for. This is covered in pp. 58 and 77-78 in the CLI Reference Guide for OS 5.0. (http://docs.fortinet.com/uploaded/files/800/fortigate-cli-50.pdf)

Regards, Chris McMullan Fortinet Ottawa

AndreaSoliva
Contributor III

Hi this possibility is under 5.2.1 not anymore given event the command " config dlp filepattern" still exists. The command which was gone is " analytics-[wl | bl[-filetype" . From my point ov view is the command " config dlp filepattern" going to nirvana because the lists are not anymore useable within the dlp sensor! This is for 5.2.1 under 5.2.0 this was still possible! have fun Andrea
Christopher_McMullan

I can confirm the command is still available to me on a FGT60C running 5.2.1. Could you show the CLI output from attempting to add a DLP filepattern as a WL to the A/V profile? Or a screenshot?

Regards, Chris McMullan Fortinet Ottawa

AndreaSoliva
Contributor III

Hi I have a 60D which is still configured or was with this function this means: config antivirus profile edit <profile_name> set analytics-wl-filetype <filepattern_list_int> ... end config dlp filepattern edit <filepattern_list_int> set name <list_name_str> config entries edit <filepattern_str> set file-type ... set filter-type {pattern | type} end end I upgraded to 5.2.1 and no I see the filepatterns which I created under 5.2.0 but under antivirus the command: set analytics-wl-filetype <filepattern_list_int> set analytics-bl-filetype <filepattern_list_int> is not anymore available. This the reason I told not anymore available. It can be a bug under 60D which would not wonder me! hope this helps have fun Andrea
Christopher_McMullan

It looks like something specific to the 60D, you' re right. I can still see the option on my 60C. On the 60D it looks more tightly tied to ftgd-analytics than it had been before, since on my lab 60D running 5.2.1, the analytics-bl... options only appeared after specifying: set ftgd-analytics {suspicious | everything}.

Regards, Chris McMullan Fortinet Ottawa

AndreaSoliva
Contributor III

Hi many thanks for the hint...if I set " ftgd-analytics" so suspicious I see again the two options for bl and wl. It seems that within the upgrade there was something going wroing. From this point of view the options on the 60D are back. Again many thanks for the hint :-) have fun Andrea
hklb

Hi,

 

It's an old topic, but I search how to whitelist an extension for AV scanning (all AV scanning).. Is this feature works or it's only for sandboxing ?

 

The help showss :

analytics-wl-filetype Do not submit files matching this file-pattern table to the FortiSandbox. 

analytics-bl-filetype Only submit files matching this file-pattern table to the FortiSandbox.

 

Lucas

 

Mantiakapra
New Contributor

Hello,

 

Have FortiGate 100E with FortiOS 6.0.2 GA. But there is no command set file-type.

Also have FortiWiFi 90D with 6.0.2 OS, and set file-type is correct comand. Where did we failed?

Attach jpeg with output.

 

Thanks,

Anatoliy Kim

Labels
Top Kudoed Authors