FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
This article describes that files with attachments smaller than the oversize file limit are getting blocked or logged as oversized by the FortiGate.
Components
FortiGate Antivirus, FortiOS v2.80.
Explanation
For email scanning, the oversize threshold (or the memfilesizelimit in the CLI) refers to the final size of the email after encoding by the email client, including attachments.
Email clients may use a variety of encoding types and some encodings translate into larger file sizes than the original attachment.
The most common encoding, base64, translates 3 bytes of binary data into 4 bytes of base64 data.
So a file may be blocked or logged as oversized even if the attachment is several megabytes less than the oversize threshold (memfilesizelimit).
Configuration
Web-based manager.
Go to Antivirus -> Config -> Config to set the oversize threshold.
Go to Firewall -> Protection Profile and edit or create a new profile.
Configure whether to pass or block oversize files in the Antivirus settings.
CLI.
Use the config antivirus service http, service ftp, service imap, service pop3, and service smtp commands to set the memfilesizelimit keyword.
Use the config firewall profile http, ftp, imap, pop3, and smtp commands to configure whether to block or pass oversize files for each protocol.
