Content Disarm and reconstruction | Fortinet Technical Discussion Forums

Join us now!

Username
Password
Verification
	Stay logged in

Forgot Your Password? Forgot your Username? Haven't received registration validation E-mail?

User Control Panel Log out

Forums
Posts

Latest Posts

Active Posts

Recently Visited

Search Results

View More
Blog

Recent Blog Posts

View More
Photos

Recent Photos

My Favorites

View More Photo Galleries
PMs

Unread PMs

Inbox

Send New PM View More
Page Extras
Menu
- Forum Themes
- Member List
- Online User List
- User Groups

Videos, Docs Library, KB

Mark Thread UnreadFlat Reading Mode ❐

Hot!Content Disarm and reconstruction

Author Post Essentials Only Full Version
Mohammed Khan New Member Total Posts : 7 Scores: 0 Reward points: 0 Joined: 2019/02/25 06:41:14 Status: offline 2019/04/08 09:50:06 (permalink) 0 Content Disarm and reconstruction when we enable content and disarm in antivirus getting error when applied to a policy "value conflicts with system settings" with fortiOS 6.0.4 and 6.2 #1 10 Replies Related Threads
Markus Platinum Member Total Posts : 263 Scores: 45 Reward points: 0 Joined: 2015/03/19 07:30:23 Location: Switzerland Status: offline Re: Content Disarm and reconstruction 2019/04/08 22:49:16 (permalink) 0 This has helped me https://cookbook.fortinet.com/content-disarm-reconstruction-60/ Good Luck #2
Alivo_ FTNT Expert Member Total Posts : 94 Scores: 46 Reward points: 0 Joined: 2013/04/30 12:42:47 Location: Fortinet TAC Prague Status: offline Re: Content Disarm and reconstruction 2019/04/14 08:03:18 (permalink) 0 Hello, The message you receive when attempting to enable Content Disarm and Reconstruction on the AntiVirus profile, is because the Proxy Options settings in the CLI Console have splice and clientcomfort on CDR-supported protocols enabled. To fix it please do: config firewall profile-protocol-options edit custom-default config smtp unset options splice next config http unset options clientcomfort next end end You should also confirm the AntiVirus profile’s protocol settings under config antivirus profile: ensure that set options scan is enabled on CDR-supported protocols if set options av-monitor is configured on a CDR-supported protocol , it overrides the config content-disarm detect-only setting (and CDR will not occur) CDR supported protocols are: http smtp imap pop3 I hope this helps Alivo #3
dbaddorf New Member Total Posts : 1 Scores: 0 Reward points: 0 Joined: 2017/02/09 08:45:21 Status: offline Re: Content Disarm and reconstruction 2019/07/03 12:14:58 (permalink) 0 With 6.0.4 I too am having the problem where when I try to enable "Content Disarm and Reconstruction" in the Security Profiles - AntiVirus, I get the message: "Value conflicts with system settings". This is when logged into the Global VDOM. (The root VDOM didn't give me an Apply button to save changes so I'm assuming that I need to be in the Global VDOM). I tried to follow the instructions from Alivo which didn't work exactly. I can't use the "config firewall profile-protocol-options" for the "config global". I need to be in my root VDOM. But even from here after I removed splice from SMTP (and I didn't see clientcomfort anywhere) I couldn't enable the "Content Disarm and Reconstruction" in the GUI. Here are my settings for the root VDOM: config firewall profile-protocol-options edit "default" set comment "All services." config http set ports 80 unset options unset post-lang end config ftp set ports 21 set options splice end config imap set ports 143 set options fragmail end config mapi set ports 135 set options fragmail end config pop3 set ports 110 set options fragmail end config smtp set ports 25 set options fragmail splice end config nntp set ports 119 set options splice end config dns set ports 53 end next edit "custom-default" set comment "All default services." config http set ports 80 unset options unset post-lang end config ftp set ports 21 set options splice end config imap set ports 143 set options fragmail end config mapi set ports 135 set options fragmail end config pop3 set ports 110 set options fragmail end config smtp set ports 25 set options fragmail end config nntp set ports 119 set options splice end config dns set ports 53 end next end Any idea of how I can enable "Content Disarm and Reconstruction" for my root VDOM? Thanks! #4
PeterKiarie New Member Total Posts : 2 Scores: 0 Reward points: 0 Joined: 2019/07/13 03:02:55 Status: offline Re: Content Disarm and reconstruction 2019/07/15 23:11:34 (permalink) 0 Thanks for sharing this solution. I am sure other users will benefit from you. #5
jasont230 New Member Total Posts : 1 Scores: 0 Reward points: 0 Joined: 2019/09/07 19:25:59 Status: offline Re: Content Disarm and reconstruction 2019/09/07 19:33:54 (permalink) 0 I'm also having this same issue. When I run the command "unset options splice" it gives the error - "command parse error before 'splice'. command fail. return code -61" Any ideas? #6
JayL New Member Total Posts : 9 Scores: 0 Reward points: 0 Joined: 2019/09/02 12:54:45 Status: offline Re: Content Disarm and reconstruction 2019/09/16 06:04:35 (permalink) 0 jasont230 I'm also having this same issue. When I run the command "unset options splice" it gives the error - "command parse error before 'splice'. command fail. return code -61" Any ideas? If you type unset options ?, you will see there is nothing supposed to be after the options. I guess the syntax has been changed in 6.2, you just need to type unset options. #7
walvis New Member Total Posts : 5 Scores: 0 Reward points: 0 Joined: 2018/07/30 06:49:39 Status: offline Re: Content Disarm and reconstruction 2019/10/16 03:12:40 (permalink) 0 Hello, same configuration that dbaddorf and same error. Version 6.0.6. I created a new profile protocol with all options disabled and same result. Did you figure out how to enabled it? #8
jim3cantos Bronze Member Total Posts : 25 Scores: 0 Reward points: 0 Joined: 2016/12/07 02:09:44 Location: Madrid. Spain Status: offline Re: Content Disarm and reconstruction 2019/12/20 01:39:32 (permalink) 0 walvis Hello, same configuration that dbaddorf and same error. Version 6.0.6. I created a new profile protocol with all options disabled and same result. Did you figure out how to enabled it? In our case, with FortiOS 6.0.7, after getting the the error indicated by the OP, we also tried to disable CDR completely. We didn't receive any error and all CDR options are disabled in active AV profile (checking from CLI) but still the Fortigate keeps scanning the files with the option "detected-only". Ticket opened in Fortinet Support. post edited by jim3cantos - 2019/12/20 01:43:32 Attached Image(s) #9
JulJameson New Member Total Posts : 2 Scores: 0 Reward points: 0 Joined: 2019/12/27 04:27:12 Status: offline Re: Content Disarm and reconstruction 2019/12/27 04:31:45 (permalink) 0 most likely you need to add an exception #10
jim3cantos Bronze Member Total Posts : 25 Scores: 0 Reward points: 0 Joined: 2016/12/07 02:09:44 Location: Madrid. Spain Status: offline Re: Content Disarm and reconstruction 2019/12/31 00:15:57 (permalink) 0 JulJameson most likely you need to add an exception Add an exception where? It seems that CDR is not production ready (at least in 6.0.7). The problem I indicated above is indeed a bug (confirmed by Support) and there are more. For example, if you activate CDR only for Office files, it keeps disarming PDF files (or at least it says so in the log). #11

Jump to:

© 2020 APG vNext Commercial Version 5.5