fortinet.fortios.fortios_antivirus_profile – Configure AntiVirus profiles in Fortinet’s FortiOS and FortiGate.

Note

This plugin is part of the fortinet.fortios collection (version 2.1.3).

You might already have this collection installed if you are using the ansible package. It is not included in ansible-core. To check whether it is installed, run ansible-galaxy collection list.

To install it, use: ansible-galaxy collection install fortinet.fortios.

To use it in a playbook, specify: fortinet.fortios.fortios_antivirus_profile.

New in version 2.10: of fortinet.fortios

Synopsis

  • This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify antivirus feature and profile category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0

Requirements

The below requirements are needed on the host that executes this module.

  • ansible>=2.9.0

Parameters

Parameter

Comments

access_token

string

Token-based authentication. Generated from GUI of Fortigate.

antivirus_profile

dictionary

Configure AntiVirus profiles.

analytics_accept_filetype

integer

Only submit files matching this DLP file-pattern to FortiSandbox. Source dlp.filepattern.id.

analytics_bl_filetype

integer

Only submit files matching this DLP file-pattern to FortiSandbox. Source dlp.filepattern.id.

analytics_db

string

Enable/disable using the FortiSandbox signature database to supplement the AV signature databases.

Choices:

  • disable

  • enable

analytics_ignore_filetype

integer

Do not submit files matching this DLP file-pattern to FortiSandbox. Source dlp.filepattern.id.

analytics_max_upload

integer

Maximum size of files that can be uploaded to FortiSandbox (1 - 395 MBytes).

analytics_wl_filetype

integer

Do not submit files matching this DLP file-pattern to FortiSandbox. Source dlp.filepattern.id.

av_block_log

string

Enable/disable logging for AntiVirus file blocking.

Choices:

  • enable

  • disable

av_virus_log

string

Enable/disable AntiVirus logging.

Choices:

  • enable

  • disable

cifs

dictionary

Configure CIFS AntiVirus options.

archive_block

list / elements=string

Select the archive types to block.

Choices:

  • encrypted

  • corrupted

  • partiallycorrupted

  • multipart

  • nested

  • mailbomb

  • fileslimit

  • timeout

  • unhandled

archive_log

list / elements=string

Select the archive types to log.

Choices:

  • encrypted

  • corrupted

  • partiallycorrupted

  • multipart

  • nested

  • mailbomb

  • fileslimit

  • timeout

  • unhandled

av_scan

string

Enable AntiVirus scan service.

Choices:

  • disable

  • block

  • monitor

emulator

string

Enable/disable the virus emulator.

Choices:

  • enable

  • disable

external_blocklist

string

Enable external-blocklist.

Choices:

  • disable

  • block

  • monitor

fortiai

string

Enable/disable scanning of files by FortiAI server.

Choices:

  • disable

  • block

  • monitor

options

list / elements=string

Enable/disable CIFS AntiVirus scanning, monitoring, and quarantine.

Choices:

  • scan

  • avmonitor

  • quarantine

outbreak_prevention

string

Enable Virus Outbreak Prevention service.

Choices:

  • disabled

  • files

  • full-archive

  • disable

  • block

  • monitor

quarantine

string

Enable/disable quarantine for infected files.

Choices:

  • disable

  • enable

comment

string

Comment.

content_disarm

dictionary

AV Content Disarm and Reconstruction settings.

cover_page

string

Enable/disable inserting a cover page into the disarmed document.

Choices:

  • disable

  • enable

detect_only

string

Enable/disable only detect disarmable files, do not alter content.

Choices:

  • disable

  • enable

error_action

string

Action to be taken if CDR engine encounters an unrecoverable error.

Choices:

  • block

  • log-only

  • ignore

office_action

string

Enable/disable stripping of PowerPoint action events in Microsoft Office documents.

Choices:

  • disable

  • enable

office_dde

string

Enable/disable stripping of Dynamic Data Exchange events in Microsoft Office documents.

Choices:

  • disable

  • enable

office_embed

string

Enable/disable stripping of embedded objects in Microsoft Office documents.

Choices:

  • disable

  • enable

string

Enable/disable stripping of hyperlinks in Microsoft Office documents.

Choices:

  • disable

  • enable

office_linked

string

Enable/disable stripping of linked objects in Microsoft Office documents.

Choices:

  • disable

  • enable

office_macro

string

Enable/disable stripping of macros in Microsoft Office documents.

Choices:

  • disable

  • enable

original_file_destination

string

Destination to send original file if active content is removed.

Choices:

  • fortisandbox

  • quarantine

  • discard

pdf_act_form

string

Enable/disable stripping of actions that submit data to other targets in PDF documents.

Choices:

  • disable

  • enable

pdf_act_gotor

string

Enable/disable stripping of links to other PDFs in PDF documents.

Choices:

  • disable

  • enable

pdf_act_java

string

Enable/disable stripping of actions that execute JavaScript code in PDF documents.

Choices:

  • disable

  • enable

pdf_act_launch

string

Enable/disable stripping of links to external applications in PDF documents.

Choices:

  • disable

  • enable

pdf_act_movie

string

Enable/disable stripping of embedded movies in PDF documents.

Choices:

  • disable

  • enable

pdf_act_sound

string

Enable/disable stripping of embedded sound files in PDF documents.

Choices:

  • disable

  • enable

pdf_embedfile

string

Enable/disable stripping of embedded files in PDF documents.

Choices:

  • disable

  • enable

string

Enable/disable stripping of hyperlinks from PDF documents.

Choices:

  • disable

  • enable

pdf_javacode

string

Enable/disable stripping of JavaScript code in PDF documents.

Choices:

  • disable

  • enable

ems_threat_feed

string

Enable/disable use of EMS threat feed when performing AntiVirus scan.

Choices:

  • disable

  • enable

extended_log

string

Enable/disable extended logging for antivirus.

Choices:

  • enable

  • disable

external_blocklist

list / elements=string

One or more external malware block lists.

name

string / required

External blocklist. Source system.external-resource.name.

external_blocklist_archive_scan

string

Enable/disable external-blocklist archive scanning.

Choices:

  • disable

  • enable

external_blocklist_enable_all

string

Enable/disable all external blocklists.

Choices:

  • disable

  • enable

feature_set

string

Flow/proxy feature set.

Choices:

  • flow

  • proxy

fortiai_error_action

string

Action to take if FortiAI encounters an error.

Choices:

  • log-only

  • block

  • ignore

ftgd_analytics

string

Settings to control which files are uploaded to FortiSandbox.

Choices:

  • disable

  • suspicious

  • everything

ftp

dictionary

Configure FTP AntiVirus options.

archive_block

list / elements=string

Select the archive types to block.

Choices:

  • encrypted

  • corrupted

  • partiallycorrupted

  • multipart

  • nested

  • mailbomb

  • fileslimit

  • timeout

  • unhandled

archive_log

list / elements=string

Select the archive types to log.

Choices:

  • encrypted

  • corrupted

  • partiallycorrupted

  • multipart

  • nested

  • mailbomb

  • fileslimit

  • timeout

  • unhandled

av_scan

string

Enable AntiVirus scan service.

Choices:

  • disable

  • block

  • monitor

emulator

string

Enable/disable the virus emulator.

Choices:

  • enable

  • disable

external_blocklist

string

Enable external-blocklist.

Choices:

  • disable

  • block

  • monitor

fortiai

string

Enable/disable scanning of files by FortiAI server.

Choices:

  • disable

  • block

  • monitor

options

list / elements=string

Enable/disable FTP AntiVirus scanning, monitoring, and quarantine.

Choices:

  • scan

  • avmonitor

  • quarantine

outbreak_prevention

string

Enable FortiGuard Virus Outbreak Prevention service.

Choices:

  • disabled

  • files

  • full-archive

  • disable

  • block

  • monitor

quarantine

string

Enable/disable quarantine for infected files.

Choices:

  • disable

  • enable

http

dictionary

Configure HTTP AntiVirus options.

archive_block

list / elements=string

Select the archive types to block.

Choices:

  • encrypted

  • corrupted

  • partiallycorrupted

  • multipart

  • nested

  • mailbomb

  • fileslimit

  • timeout

  • unhandled

archive_log

list / elements=string

Select the archive types to log.

Choices:

  • encrypted

  • corrupted

  • partiallycorrupted

  • multipart

  • nested

  • mailbomb

  • fileslimit

  • timeout

  • unhandled

av_scan

string

Enable AntiVirus scan service.

Choices:

  • disable

  • block

  • monitor

content_disarm

string

Enable Content Disarm and Reconstruction for this protocol.

Choices:

  • disable

  • enable

emulator

string

Enable/disable the virus emulator.

Choices:

  • enable

  • disable

external_blocklist

string

Enable external-blocklist.

Choices:

  • disable

  • block

  • monitor

fortiai

string

Enable/disable scanning of files by FortiAI server.

Choices:

  • disable

  • block

  • monitor

options

list / elements=string

Enable/disable HTTP AntiVirus scanning, monitoring, and quarantine.

Choices:

  • scan

  • avmonitor

  • quarantine

outbreak_prevention

string

Enable FortiGuard Virus Outbreak Prevention service.

Choices:

  • disabled

  • files

  • full-archive

  • disable

  • block

  • monitor

quarantine

string

Enable/disable quarantine for infected files.

Choices:

  • disable

  • enable

imap

dictionary

Configure IMAP AntiVirus options.

archive_block

list / elements=string

Select the archive types to block.

Choices:

  • encrypted

  • corrupted

  • partiallycorrupted

  • multipart

  • nested

  • mailbomb

  • fileslimit

  • timeout

  • unhandled

archive_log

list / elements=string

Select the archive types to log.

Choices:

  • encrypted

  • corrupted

  • partiallycorrupted

  • multipart

  • nested

  • mailbomb

  • fileslimit

  • timeout

  • unhandled

av_scan

string

Enable AntiVirus scan service.

Choices:

  • disable

  • block

  • monitor

content_disarm

string

Enable Content Disarm and Reconstruction for this protocol.

Choices:

  • disable

  • enable

emulator

string

Enable/disable the virus emulator.

Choices:

  • enable

  • disable

executables

string

Treat Windows executable files as viruses for the purpose of blocking or monitoring.

Choices:

  • default

  • virus

external_blocklist

string

Enable external-blocklist.

Choices:

  • disable

  • block

  • monitor

fortiai

string

Enable/disable scanning of files by FortiAI server.

Choices:

  • disable

  • block

  • monitor

options

list / elements=string

Enable/disable IMAP AntiVirus scanning, monitoring, and quarantine.

Choices:

  • scan

  • avmonitor

  • quarantine

outbreak_prevention

string

Enable FortiGuard Virus Outbreak Prevention service.

Choices:

  • disabled

  • files

  • full-archive

  • disable

  • block

  • monitor

quarantine

string

Enable/disable quarantine for infected files.

Choices:

  • disable

  • enable

inspection_mode

string

Inspection mode.

Choices:

  • proxy

  • flow-based

mapi

dictionary

Configure MAPI AntiVirus options.

archive_block

list / elements=string

Select the archive types to block.

Choices:

  • encrypted

  • corrupted

  • partiallycorrupted

  • multipart

  • nested

  • mailbomb

  • fileslimit

  • timeout

  • unhandled

archive_log

list / elements=string

Select the archive types to log.

Choices:

  • encrypted

  • corrupted

  • partiallycorrupted

  • multipart

  • nested

  • mailbomb

  • fileslimit

  • timeout

  • unhandled

av_scan

string

Enable AntiVirus scan service.

Choices:

  • disable

  • block

  • monitor

emulator

string

Enable/disable the virus emulator.

Choices:

  • enable

  • disable

executables

string

Treat Windows executable files as viruses for the purpose of blocking or monitoring.

Choices:

  • default

  • virus

external_blocklist

string

Enable external-blocklist.

Choices:

  • disable

  • block

  • monitor

fortiai

string

Enable/disable scanning of files by FortiAI server.

Choices:

  • disable

  • block

  • monitor

options

list / elements=string

Enable/disable MAPI AntiVirus scanning, monitoring, and quarantine.

Choices:

  • scan

  • avmonitor

  • quarantine

outbreak_prevention

string

Enable FortiGuard Virus Outbreak Prevention service.

Choices:

  • disabled

  • files

  • full-archive

  • disable

  • block

  • monitor

quarantine

string

Enable/disable quarantine for infected files.

Choices:

  • disable

  • enable

mobile_malware_db

string

Enable/disable using the mobile malware signature database.

Choices:

  • disable

  • enable

nac_quar

dictionary

Configure AntiVirus quarantine settings.

expiry

string

Duration of quarantine.

infected

string

Enable/Disable quarantining infected hosts to the banned user list.

Choices:

  • none

  • quar-src-ip

log

string

Enable/disable AntiVirus quarantine logging.

Choices:

  • enable

  • disable

name

string / required

Profile name.

nntp

dictionary

Configure NNTP AntiVirus options.

archive_block

list / elements=string

Select the archive types to block.

Choices:

  • encrypted

  • corrupted

  • partiallycorrupted

  • multipart

  • nested

  • mailbomb

  • fileslimit

  • timeout

  • unhandled

archive_log

list / elements=string

Select the archive types to log.

Choices:

  • encrypted

  • corrupted

  • partiallycorrupted

  • multipart

  • nested

  • mailbomb

  • fileslimit

  • timeout

  • unhandled

av_scan

string

Enable AntiVirus scan service.

Choices:

  • disable

  • block

  • monitor

emulator

string

Enable/disable the virus emulator.

Choices:

  • enable

  • disable

external_blocklist

string

Enable external-blocklist.

Choices:

  • disable

  • block

  • monitor

fortiai

string

Enable/disable scanning of files by FortiAI server.

Choices:

  • disable

  • block

  • monitor

options

list / elements=string

Enable/disable NNTP AntiVirus scanning, monitoring, and quarantine.

Choices:

  • scan

  • avmonitor

  • quarantine

outbreak_prevention

string

Enable FortiGuard Virus Outbreak Prevention service.

Choices:

  • disabled

  • files

  • full-archive

  • disable

  • block

  • monitor

quarantine

string

Enable/disable quarantine for infected files.

Choices:

  • disable

  • enable

outbreak_prevention

dictionary

Configure Virus Outbreak Prevention settings.

external_blocklist

string

Enable/disable external malware blocklist.

Choices:

  • disable

  • enable

ftgd_service

string

Enable/disable FortiGuard Virus outbreak prevention service.

Choices:

  • disable

  • enable

outbreak_prevention_archive_scan

string

Enable/disable outbreak-prevention archive scanning.

Choices:

  • disable

  • enable

pop3

dictionary

Configure POP3 AntiVirus options.

archive_block

list / elements=string

Select the archive types to block.

Choices:

  • encrypted

  • corrupted

  • partiallycorrupted

  • multipart

  • nested

  • mailbomb

  • fileslimit

  • timeout

  • unhandled

archive_log

list / elements=string

Select the archive types to log.

Choices:

  • encrypted

  • corrupted

  • partiallycorrupted

  • multipart

  • nested

  • mailbomb

  • fileslimit

  • timeout

  • unhandled

av_scan

string

Enable AntiVirus scan service.

Choices:

  • disable

  • block

  • monitor

content_disarm

string

Enable Content Disarm and Reconstruction for this protocol.

Choices:

  • disable

  • enable

emulator

string

Enable/disable the virus emulator.

Choices:

  • enable

  • disable

executables

string

Treat Windows executable files as viruses for the purpose of blocking or monitoring.

Choices:

  • default

  • virus

external_blocklist

string

Enable external-blocklist.

Choices:

  • disable

  • block

  • monitor

fortiai

string

Enable/disable scanning of files by FortiAI server.

Choices:

  • disable

  • block

  • monitor

options

list / elements=string

Enable/disable POP3 AntiVirus scanning, monitoring, and quarantine.

Choices:

  • scan

  • avmonitor

  • quarantine

outbreak_prevention

string

Enable FortiGuard Virus Outbreak Prevention service.

Choices:

  • disabled

  • files

  • full-archive

  • disable

  • block

  • monitor

quarantine

string

Enable/disable quarantine for infected files.

Choices:

  • disable

  • enable

replacemsg_group

string

Replacement message group customized for this profile. Source system.replacemsg-group.name.

scan_mode

string

Choose between full scan mode and quick scan mode.

Choices:

  • quick

  • full

  • default

  • legacy

smb

dictionary

Configure SMB AntiVirus options.

archive_block

string

Select the archive types to block.

Choices:

  • encrypted

  • corrupted

  • partiallycorrupted

  • multipart

  • nested

  • mailbomb

  • fileslimit

  • timeout

  • unhandled

archive_log

string

Select the archive types to log.

Choices:

  • encrypted

  • corrupted

  • partiallycorrupted

  • multipart

  • nested

  • mailbomb

  • fileslimit

  • timeout

  • unhandled

emulator

string

Enable/disable the virus emulator.

Choices:

  • enable

  • disable

options

string

Enable/disable SMB AntiVirus scanning, monitoring, and quarantine.

Choices:

  • scan

  • avmonitor

  • quarantine

outbreak_prevention

string

Enable FortiGuard Virus Outbreak Prevention service.

Choices:

  • disabled

  • files

  • full-archive

smtp

dictionary

Configure SMTP AntiVirus options.

archive_block

list / elements=string

Select the archive types to block.

Choices:

  • encrypted

  • corrupted

  • partiallycorrupted

  • multipart

  • nested

  • mailbomb

  • fileslimit

  • timeout

  • unhandled

archive_log

list / elements=string

Select the archive types to log.

Choices:

  • encrypted

  • corrupted

  • partiallycorrupted

  • multipart

  • nested

  • mailbomb

  • fileslimit

  • timeout

  • unhandled

av_scan

string

Enable AntiVirus scan service.

Choices:

  • disable

  • block

  • monitor

content_disarm

string

Enable Content Disarm and Reconstruction for this protocol.

Choices:

  • disable

  • enable

emulator

string

Enable/disable the virus emulator.

Choices:

  • enable

  • disable

executables

string

Treat Windows executable files as viruses for the purpose of blocking or monitoring.

Choices:

  • default

  • virus

external_blocklist

string

Enable external-blocklist.

Choices:

  • disable

  • block

  • monitor

fortiai

string

Enable/disable scanning of files by FortiAI server.

Choices:

  • disable

  • block

  • monitor

options

list / elements=string

Enable/disable SMTP AntiVirus scanning, monitoring, and quarantine.

Choices:

  • scan

  • avmonitor

  • quarantine

outbreak_prevention

string

Enable FortiGuard Virus Outbreak Prevention service.

Choices:

  • disabled

  • files

  • full-archive

  • disable

  • block

  • monitor

quarantine

string

Enable/disable quarantine for infected files.

Choices:

  • disable

  • enable

ssh

dictionary

Configure SFTP and SCP AntiVirus options.

archive_block

list / elements=string

Select the archive types to block.

Choices:

  • encrypted

  • corrupted

  • partiallycorrupted

  • multipart

  • nested

  • mailbomb

  • fileslimit

  • timeout

  • unhandled

archive_log

list / elements=string

Select the archive types to log.

Choices:

  • encrypted

  • corrupted

  • partiallycorrupted

  • multipart

  • nested

  • mailbomb

  • fileslimit

  • timeout

  • unhandled

av_scan

string

Enable AntiVirus scan service.

Choices:

  • disable

  • block

  • monitor

emulator

string

Enable/disable the virus emulator.

Choices:

  • enable

  • disable

external_blocklist

string

Enable external-blocklist.

Choices:

  • disable

  • block

  • monitor

fortiai

string

Enable/disable scanning of files by FortiAI server.

Choices:

  • disable

  • block

  • monitor

options

list / elements=string

Enable/disable SFTP and SCP AntiVirus scanning, monitoring, and quarantine.

Choices:

  • scan

  • avmonitor

  • quarantine

outbreak_prevention

string

Enable Virus Outbreak Prevention service.

Choices:

  • disabled

  • files

  • full-archive

  • disable

  • block

  • monitor

quarantine

string

Enable/disable quarantine for infected files.

Choices:

  • disable

  • enable

enable_log

boolean

Enable/Disable logging for task.

Choices:

  • no ← (default)

  • yes

member_path

string

Member attribute path to operate on.

Delimited by a slash character if there are more than one attribute.

Parameter marked with member_path is legitimate for doing member operation.

member_state

string

Add or delete a member under specified attribute path.

When member_state is specified, the state option is ignored.

Choices:

  • present

  • absent

state

string / required

Indicates whether to create or remove the object.

Choices:

  • present

  • absent

vdom

string

Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit.

Default: “root”

Notes

Note

  • Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks

Examples

- collections:
  - fortinet.fortios
  connection: httpapi
  hosts: fortigate01
  vars:
    ansible_httpapi_port: 443
    ansible_httpapi_use_ssl: true
    ansible_httpapi_validate_certs: false
    vdom: root
  tasks:
  - name: fortios_antivirus_profile
    fortios_antivirus_profile:
      vdom: root
      state: present
      antivirus_profile:
        analytics_bl_filetype: 0
        analytics_db: disable
        analytics_max_upload: 10
        analytics_wl_filetype: 0
        av_block_log: enable
        av_virus_log: enable
        extended_log: disable
        feature_set: flow
        ftgd_analytics: disable
        mobile_malware_db: enable
        name: terr-anti-profile
        scan_mode: default

Return Values

Common return values are documented here, the following are the fields unique to this module:

Key

Description

build

string

Build number of the fortigate image

Returned: always

Sample: “1547”

http_method

string

Last method used to provision the content into FortiGate

Returned: always

Sample: “PUT”

http_status

string

Last result given by FortiGate on last operation applied

Returned: always

Sample: “200”

mkey

string

Master key (id) used in the last call to FortiGate

Returned: success

Sample: “id”

name

string

Name of the table used to fulfill the request

Returned: always

Sample: “urlfilter”

path

string

Path of the table used to fulfill the request

Returned: always

Sample: “webfilter”

revision

string

Internal revision number

Returned: always

Sample: “17.0.2.10658”

serial

string

Serial number of the unit

Returned: always

Sample: “FGVMEVYYQT3AB5352”

status

string

Indication of the operation’s result

Returned: always

Sample: “success”

vdom

string

Virtual domain used

Returned: always

Sample: “root”

version

string

Version of the FortiGate

Returned: always

Sample: “v5.6.3”

Authors

  • Link Zheng (@chillancezen)

  • Jie Xue (@JieX19)

  • Hongbin Lu (@fgtdev-hblu)

  • Frank Shen (@frankshen01)

  • Miguel Angel Munoz (@mamunozgonzalez)

  • Nicolas Thomas (@thomnico)