fortios_antivirus_profile – Configure AntiVirus profiles in Fortinet’s FortiOS and FortiGate¶
New in version 2.8.
Synopsis¶
This module is able to configure a FortiGate or FortiOS by allowing the user to configure antivirus feature and profile category. Examples includes all options and need to be adjusted to datasources before usage. Tested with FOS v6.0.2
Requirements¶
The below requirements are needed on the host that executes this module.
fortiosapi>=0.9.8
Parameters¶
| Parameter | Choices/Defaults | Comments | ||
|---|---|---|---|---|
|
antivirus_profile
-
|
Default: null
|
Configure AntiVirus profiles.
|
||
|
analytics-bl-filetype
-
|
Only submit files matching this DLP file-pattern to FortiSandbox. Source dlp.filepattern.id.
|
|||
|
analytics-db
-
|
|
Enable/disable using the FortiSandbox signature database to supplement the AV signature databases.
|
||
|
analytics-max-upload
-
|
Maximum size of files that can be uploaded to FortiSandbox (1 - 395 MBytes, default = 10).
|
|||
|
analytics-wl-filetype
-
|
Do not submit files matching this DLP file-pattern to FortiSandbox. Source dlp.filepattern.id.
|
|||
|
av-block-log
-
|
|
Enable/disable logging for AntiVirus file blocking.
|
||
|
av-virus-log
-
|
|
Enable/disable AntiVirus logging.
|
||
|
comment
-
|
Comment.
|
|||
|
content-disarm
-
|
AV Content Disarm and Reconstruction settings.
|
|||
|
cover-page
-
|
|
Enable/disable inserting a cover page into the disarmed document.
|
||
|
detect-only
-
|
|
Enable/disable only detect disarmable files, do not alter content.
|
||
|
office-embed
-
|
|
Enable/disable stripping of embedded objects in Microsoft Office documents.
|
||
|
office-hylink
-
|
|
Enable/disable stripping of hyperlinks in Microsoft Office documents.
|
||
|
office-linked
-
|
|
Enable/disable stripping of linked objects in Microsoft Office documents.
|
||
|
office-macro
-
|
|
Enable/disable stripping of macros in Microsoft Office documents.
|
||
|
original-file-destination
-
|
|
Destination to send original file if active content is removed.
|
||
|
pdf-act-form
-
|
|
Enable/disable stripping of actions that submit data to other targets in PDF documents.
|
||
|
pdf-act-gotor
-
|
|
Enable/disable stripping of links to other PDFs in PDF documents.
|
||
|
pdf-act-java
-
|
|
Enable/disable stripping of actions that execute JavaScript code in PDF documents.
|
||
|
pdf-act-launch
-
|
|
Enable/disable stripping of links to external applications in PDF documents.
|
||
|
pdf-act-movie
-
|
|
Enable/disable stripping of embedded movies in PDF documents.
|
||
|
pdf-act-sound
-
|
|
Enable/disable stripping of embedded sound files in PDF documents.
|
||
|
pdf-embedfile
-
|
|
Enable/disable stripping of embedded files in PDF documents.
|
||
|
pdf-hyperlink
-
|
|
Enable/disable stripping of hyperlinks from PDF documents.
|
||
|
pdf-javacode
-
|
|
Enable/disable stripping of JavaScript code in PDF documents.
|
||
|
extended-log
-
|
|
Enable/disable extended logging for antivirus.
|
||
|
ftgd-analytics
-
|
|
Settings to control which files are uploaded to FortiSandbox.
|
||
|
ftp
-
|
Configure FTP AntiVirus options.
|
|||
|
archive-block
-
|
|
Select the archive types to block.
|
||
|
archive-log
-
|
|
Select the archive types to log.
|
||
|
emulator
-
|
|
Enable/disable the virus emulator.
|
||
|
options
-
|
|
Enable/disable FTP AntiVirus scanning, monitoring, and quarantine.
|
||
|
outbreak-prevention
-
|
|
Enable FortiGuard Virus Outbreak Prevention service.
|
||
|
http
-
|
Configure HTTP AntiVirus options.
|
|||
|
archive-block
-
|
|
Select the archive types to block.
|
||
|
archive-log
-
|
|
Select the archive types to log.
|
||
|
content-disarm
-
|
|
Enable Content Disarm and Reconstruction for this protocol.
|
||
|
emulator
-
|
|
Enable/disable the virus emulator.
|
||
|
options
-
|
|
Enable/disable HTTP AntiVirus scanning, monitoring, and quarantine.
|
||
|
outbreak-prevention
-
|
|
Enable FortiGuard Virus Outbreak Prevention service.
|
||
|
imap
-
|
Configure IMAP AntiVirus options.
|
|||
|
archive-block
-
|
|
Select the archive types to block.
|
||
|
archive-log
-
|
|
Select the archive types to log.
|
||
|
content-disarm
-
|
|
Enable Content Disarm and Reconstruction for this protocol.
|
||
|
emulator
-
|
|
Enable/disable the virus emulator.
|
||
|
executables
-
|
|
Treat Windows executable files as viruses for the purpose of blocking or monitoring.
|
||
|
options
-
|
|
Enable/disable IMAP AntiVirus scanning, monitoring, and quarantine.
|
||
|
outbreak-prevention
-
|
|
Enable FortiGuard Virus Outbreak Prevention service.
|
||
|
inspection-mode
-
|
|
Inspection mode.
|
||
|
mapi
-
|
Configure MAPI AntiVirus options.
|
|||
|
archive-block
-
|
|
Select the archive types to block.
|
||
|
archive-log
-
|
|
Select the archive types to log.
|
||
|
emulator
-
|
|
Enable/disable the virus emulator.
|
||
|
executables
-
|
|
Treat Windows executable files as viruses for the purpose of blocking or monitoring.
|
||
|
options
-
|
|
Enable/disable MAPI AntiVirus scanning, monitoring, and quarantine.
|
||
|
outbreak-prevention
-
|
|
Enable FortiGuard Virus Outbreak Prevention service.
|
||
|
mobile-malware-db
-
|
|
Enable/disable using the mobile malware signature database.
|
||
|
nac-quar
-
|
Configure AntiVirus quarantine settings.
|
|||
|
expiry
-
|
Duration of quarantine.
|
|||
|
infected
-
|
|
Enable/Disable quarantining infected hosts to the banned user list.
|
||
|
log
-
|
|
Enable/disable AntiVirus quarantine logging.
|
||
|
name
-
/ required
|
Profile name.
|
|||
|
nntp
-
|
Configure NNTP AntiVirus options.
|
|||
|
archive-block
-
|
|
Select the archive types to block.
|
||
|
archive-log
-
|
|
Select the archive types to log.
|
||
|
emulator
-
|
|
Enable/disable the virus emulator.
|
||
|
options
-
|
|
Enable/disable NNTP AntiVirus scanning, monitoring, and quarantine.
|
||
|
outbreak-prevention
-
|
|
Enable FortiGuard Virus Outbreak Prevention service.
|
||
|
pop3
-
|
Configure POP3 AntiVirus options.
|
|||
|
archive-block
-
|
|
Select the archive types to block.
|
||
|
archive-log
-
|
|
Select the archive types to log.
|
||
|
content-disarm
-
|
|
Enable Content Disarm and Reconstruction for this protocol.
|
||
|
emulator
-
|
|
Enable/disable the virus emulator.
|
||
|
executables
-
|
|
Treat Windows executable files as viruses for the purpose of blocking or monitoring.
|
||
|
options
-
|
|
Enable/disable POP3 AntiVirus scanning, monitoring, and quarantine.
|
||
|
outbreak-prevention
-
|
|
Enable FortiGuard Virus Outbreak Prevention service.
|
||
|
replacemsg-group
-
|
Replacement message group customized for this profile. Source system.replacemsg-group.name.
|
|||
|
scan-mode
-
|
|
Choose between full scan mode and quick scan mode.
|
||
|
smb
-
|
Configure SMB AntiVirus options.
|
|||
|
archive-block
-
|
|
Select the archive types to block.
|
||
|
archive-log
-
|
|
Select the archive types to log.
|
||
|
emulator
-
|
|
Enable/disable the virus emulator.
|
||
|
options
-
|
|
Enable/disable SMB AntiVirus scanning, monitoring, and quarantine.
|
||
|
outbreak-prevention
-
|
|
Enable FortiGuard Virus Outbreak Prevention service.
|
||
|
smtp
-
|
Configure SMTP AntiVirus options.
|
|||
|
archive-block
-
|
|
Select the archive types to block.
|
||
|
archive-log
-
|
|
Select the archive types to log.
|
||
|
content-disarm
-
|
|
Enable Content Disarm and Reconstruction for this protocol.
|
||
|
emulator
-
|
|
Enable/disable the virus emulator.
|
||
|
executables
-
|
|
Treat Windows executable files as viruses for the purpose of blocking or monitoring.
|
||
|
options
-
|
|
Enable/disable SMTP AntiVirus scanning, monitoring, and quarantine.
|
||
|
outbreak-prevention
-
|
|
Enable FortiGuard Virus Outbreak Prevention service.
|
||
|
state
-
|
|
Indicates whether to create or remove the object
|
||
|
host
-
/ required
|
FortiOS or FortiGate ip address.
|
|||
|
https
boolean
|
|
Indicates if the requests towards FortiGate must use HTTPS protocol
|
||
|
password
-
|
Default: ""
|
FortiOS or FortiGate password.
|
||
|
username
-
/ required
|
FortiOS or FortiGate username.
|
|||
|
vdom
-
|
Default: "root"
|
Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit.
|
||
Notes¶
Note
Requires fortiosapi library developed by Fortinet
Run as a local_action in your playbook
Examples¶
- hosts: localhost
vars:
host: "192.168.122.40"
username: "admin"
password: ""
vdom: "root"
tasks:
- name: Configure AntiVirus profiles.
fortios_antivirus_profile:
host: "{{ host }}"
username: "{{ username }}"
password: "{{ password }}"
vdom: "{{ vdom }}"
antivirus_profile:
state: "present"
analytics-bl-filetype: "3 (source dlp.filepattern.id)"
analytics-db: "disable"
analytics-max-upload: "5"
analytics-wl-filetype: "6 (source dlp.filepattern.id)"
av-block-log: "enable"
av-virus-log: "enable"
comment: "Comment."
content-disarm:
cover-page: "disable"
detect-only: "disable"
office-embed: "disable"
office-hylink: "disable"
office-linked: "disable"
office-macro: "disable"
original-file-destination: "fortisandbox"
pdf-act-form: "disable"
pdf-act-gotor: "disable"
pdf-act-java: "disable"
pdf-act-launch: "disable"
pdf-act-movie: "disable"
pdf-act-sound: "disable"
pdf-embedfile: "disable"
pdf-hyperlink: "disable"
pdf-javacode: "disable"
extended-log: "enable"
ftgd-analytics: "disable"
ftp:
archive-block: "encrypted"
archive-log: "encrypted"
emulator: "enable"
options: "scan"
outbreak-prevention: "disabled"
http:
archive-block: "encrypted"
archive-log: "encrypted"
content-disarm: "disable"
emulator: "enable"
options: "scan"
outbreak-prevention: "disabled"
imap:
archive-block: "encrypted"
archive-log: "encrypted"
content-disarm: "disable"
emulator: "enable"
executables: "default"
options: "scan"
outbreak-prevention: "disabled"
inspection-mode: "proxy"
mapi:
archive-block: "encrypted"
archive-log: "encrypted"
emulator: "enable"
executables: "default"
options: "scan"
outbreak-prevention: "disabled"
mobile-malware-db: "disable"
nac-quar:
expiry: "<your_own_value>"
infected: "none"
log: "enable"
name: "default_name_63"
nntp:
archive-block: "encrypted"
archive-log: "encrypted"
emulator: "enable"
options: "scan"
outbreak-prevention: "disabled"
pop3:
archive-block: "encrypted"
archive-log: "encrypted"
content-disarm: "disable"
emulator: "enable"
executables: "default"
options: "scan"
outbreak-prevention: "disabled"
replacemsg-group: "<your_own_value> (source system.replacemsg-group.name)"
scan-mode: "quick"
smb:
archive-block: "encrypted"
archive-log: "encrypted"
emulator: "enable"
options: "scan"
outbreak-prevention: "disabled"
smtp:
archive-block: "encrypted"
archive-log: "encrypted"
content-disarm: "disable"
emulator: "enable"
executables: "default"
options: "scan"
outbreak-prevention: "disabled"
Return Values¶
Common return values are documented here, the following are the fields unique to this module:
| Key | Returned | Description |
|---|---|---|
|
build
string
|
always |
Build number of the fortigate image
Sample:
1547
|
|
http_method
string
|
always |
Last method used to provision the content into FortiGate
Sample:
PUT
|
|
http_status
string
|
always |
Last result given by FortiGate on last operation applied
Sample:
200
|
|
mkey
string
|
success |
Master key (id) used in the last call to FortiGate
Sample:
id
|
|
name
string
|
always |
Name of the table used to fulfill the request
Sample:
urlfilter
|
|
path
string
|
always |
Path of the table used to fulfill the request
Sample:
webfilter
|
|
revision
string
|
always |
Internal revision number
Sample:
17.0.2.10658
|
|
serial
string
|
always |
Serial number of the unit
Sample:
FGVMEVYYQT3AB5352
|
|
status
string
|
always |
Indication of the operation's result
Sample:
success
|
|
vdom
string
|
always |
Virtual domain used
Sample:
root
|
|
version
string
|
always |
Version of the FortiGate
Sample:
v5.6.3
|
Status¶
This module is not guaranteed to have a backwards compatible interface. [preview]
This module is maintained by the Ansible Community. [community]