Antivirus Engine and Database Update

On August 2, 2005, Fortinet released a new version of the Antivirus (AV) Engine and AV database. The AV Engine has a version number of 1.077 and the AV database has a version of 6.001. The version numbers can be confirmed through the web-based manager by going to System>Maintenance>Update Center or through the CLI using the diagnose sys autoupdate versions command.

New Features from Previous AV Engines

This AV Engine is considerably different from past AV Engines. The most notable difference is that this AV Engine is common between FortiOS v2.50 and v2.80 - before a separate engine was maintained for FortiOS v2.50 and v2.80. Also, new features to the AV signature database make the database incompatible with older AV Engines. Listed below are other features:

• Addition of Signature ID and Virus ID to AV database
• Modified Macro checksum routines to not checksum line by line to prevent collision
• Minor detection loss and crash fixes for lha, zip, UPX, cab, macro dumping, PE and NE binary files, rar, VBA, COM typing
• Improved MIME parsing
• Addition of new Packed executable modules: ASPack, Petite
• Addition of 16-bit emulation to handle DOS and Com Polymorphic viruses
• format version to engine and avdb to ensure syncronization
• Support for incremental updates with FortiOS v2.80 MR10 B456 and later (please see the FortiOS v2.80 MR10 B456 Release Notes for more details)