Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
Jonathan_Body_FTNT
Staff
Staff

Created on ‎03-31-2010 07:06 AM Edited on ‎06-02-2022 10:00 AM By Anonymous

Article Id 192570

Technical Note : FortiOS 4.0MR2 Antivirus database support and activation procedure

Description

This article explains the AntiVirus Databases available to FortiGate units following the release of FortiOS 4.0 MR2.


Scope

FortiOS 4.0 MR2 and above


Solution

With the release of FortiOS 4.0 MR2 there are three Antivirus Databases available: Normal, Extended, and Extreme.

1. Normal Database.

The "wild list" forms the basis of the Normal Antivirus Database. This is  the default Antivirus database on the FortiGate unit. The wild list was first setup in the middle of the 1990's. It provides up to date information pertaining to currently circulating IT threats, it provides a useful, although not exclusive list of viruses reported from around the world.   More information about the wild list and its activities are available on the following URL : www.wildlist.org.

2. Extended Database.

The following pre-requisites are required in order to use the Extended Antivirus Database on the FortiGate:

- The FortiGate device must be running FortiOS 3.0 MR6 and above.
- The FortiGate must have at least 512MB RAM and sufficient storage space (>= 128 MB containing 3 or more partitions).

The following FortiGate Units use the 2nd Shared Data Partition to store the Extended Antivirus Database: FortiGate-50B, FortiGate-60B, FortiWiFi-50B, FortiWiFi-60B.

The following FortiGate Units use the 3rd Shared Data Partition to store the Extended Antivirus Database: FortiGate-51B, FortiGate-80C, FortiGate-80CM, FortiGate-82C, FortiGate-110C, FortiGate-111C, FortiGate-224B, FortiGate-310B, FortiGate-310B-DC, FortiGate-311B, FortiGate-620B, FortiGate-620B-DC, FortiGate-1000A, FortiGate-1000A-LENC, FortiGate-1240B, FortiGate-1000A-AFA2, FortiGate-3016B, FortiGate-3600A, FortiGate-3810A, FortiGate-5001A, FortiGate-5005FA2, FortiWiFi-80C, FortiWiFi-81CM.

The following FortiGate Units use the Extended Antivirus Database by default: FortiGate-3016B, FortiGate-3600A, FortiGate-3810A, FortiGate-5001, FortiGate-5001A, FortiGate-5001FA2, FortiGate-5002FB2, FortiGate-5005FA2.

Note that by default the Normal Antivirus Database is activated on all other FortiGate devices. To activate the Extended Antivirus Database use the following CLI commands:
FGT# config antivirus settings
FGT(settings) # set default-db extended
FGT(settings) # end

3. Extreme Database.

This Antivirus Database requires the most storage. Platforms that have a minimum flash size of 512M and 1Gb of main memory use the Exteme Database.

A virus currently not in circulation has the definition "zoo virus". Zoo virus refer to viruses that can no longer become active as they were written for legacy operating systems.

If the FortiGate detects a zoo entry, the Extreme Antivirus Database can protect the network from this threat.

To enable the Extreme Antivirus Database first ensure that the FortiGate has adequate hardware and software.

The Extreme database needs additional storage capacity not available across all models. The Extreme Database requires 512M of flash storage and 1Gb of main memory.

The following models support the Extreme databases:FortiGate-200B, FortiGate-200B-POE, FortiGate-620B, FortiGate-620B-DC, FortiGate-1240B.

To configure the Extreme database as the default Antivirus Database:
FGT# config antivirus settings
FGT(settings) # set default-db extreme
FGT(settings) # end



Verification steps when changing the virus database

- Enable AV in firewall policy
- Run the CLI command "execute update-av" to trigger the download of the newly selected database.
- Run the followiig CLI commands to verify the status and the DB version number:

# get system fortiguard-service status
# diagnose autoupdate versions

The related article contains additional troubleshooting steps.

 

ETDB will be stored like this (this is FGT-60C). virext is ETDB

# fnsysctl ls -l /data2
drwx------ 2 0 0 Thu Jul 22 00:01:51 2010 12288 lost+found
Preview Document http://author.kb.fortinet.com/contactcenter/authoring/preview.do?met...
1 of 2 11/9/2010 2:27 PM
-rw-rw-rw- 1 0 0 Thu Oct 21 10:32:09 2010 1114632 vir
-rw-r--r-- 1 0 0 Thu Oct 21 10:37:51 2010 16341216 virext

When it install ETDB, you can see this log in "diag debug app update -1"
updatepkg.c[719] installUpdObjRest-Step 5:No need to back /data2/virext
updatepkg.c[724] installUpdObjRest-Step 6:Copy new object /tmp/upd9odhZ1->/data2/virext
 

 

Related Articles

Technical Tip: Verifying and troubleshooting FortiGuard updates status and versions

Troubleshooting Tip : Resolving FDS Communication Issues (FortiGuard Distribution Servers)

Troubleshooting Tip : Connectivity to FDS servers is impossible when specific firewall policy set to...

Labels:
6917
0 Kudos
Submit Article Idea
Contributors
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.