Fortinet FortiGate 4000 Switch User Manual


 
Antivirus protection Blocking oversized files and emails
FortiGate-4000 Installation and Configuration Guide 285
Blocking oversized files and emails
You can configure the FortiGate unit to buffer 1 to 15 percent of available memory to
store oversized files and email. The FortiGate unit then blocks a file or email that
exceeds this limit instead of bypassing antivirus scanning and sending the file or email
directly to the server or receiver. The FortiGate unit sends a replacement message for
an oversized file or email attachment to the HTTP or email proxy client.
Configuring limits for oversized files and email
To configure limits for oversized files and email
1 Go to Anti-Virus > Config > Config.
2 Type the size limit, in MB.
3 Select Apply.
Exempting fragmented email from blocking
A fragmented email is a large email message that has been split into smaller
messages that are sent individually and recombined when they are received. By
default, when antivirus protection is enabled, the FortiGate unit blocks fragmented
emails and replaces them with an email block message that is forwarded to the
receiver. It is recommended that you disable the fragmenting of email messages in the
client email software.
To exempt fragmented emails from automatic antivirus blocking
1 Enable Pass Fragmented Emails for IMAP, POP3, and SMTP traffic in a content
profile.
2 Select Anti-Virus & Web filter in a firewall policy. For example, to pass fragmented
emails that internal users send to the external network, select an internal to external
policy.
3 Select a content profile that has Pass Fragmented Emails enabled for the traffic that
you want the FortiGate unit to scan.
!
Caution: The FortiGate unit cannot scan fragmented emails for viruses or use file pattern
blocking to remove files from these email messages.