FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
This article describes the multiple log entries such as 'The file is infected with Suspicious..' when downloading POP3 mail and sometimes file downloads from Google.
Components
FortiOS 2.5 and 2.8.
Solution
There are two possible reasons for this type of log message:
- This can occur when the FortiGate cannot scan the file completely, such as a tar file.
- In FortiOS 2.8, the files are potential viruses detected by the FortiGate Heuristics Antivirus engine.
The FortiGate has a auto-submit feature that when used, can automatically send these 'suspicious' viruses to our Antivirus team for study.
By doing this, Fortinet hopes to catch some of the 'day zero' viruses as they appear.
If the Antivirus team deems its real then they will put out a real signature for it in the next update.
