fortinet.fortios.fortios_antivirus_profile module – Configure AntiVirus profiles in Fortinet’s FortiOS and FortiGate.
Note
This module is part of the fortinet.fortios collection (version 2.3.9).
You might already have this collection installed if you are using the ansible
package.
It is not included in ansible-core
.
To check whether it is installed, run ansible-galaxy collection list
.
To install it, use: ansible-galaxy collection install fortinet.fortios
.
You need further requirements to be able to use this module,
see Requirements for details.
To use it in a playbook, specify: fortinet.fortios.fortios_antivirus_profile
.
New in fortinet.fortios 2.0.0
Synopsis
This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify antivirus feature and profile category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0
Requirements
The below requirements are needed on the host that executes this module.
ansible>=2.15
Parameters
Parameter |
Comments |
---|---|
Token-based authentication. Generated from GUI of Fortigate. |
|
Configure AntiVirus profiles. |
|
Only submit files matching this DLP file-pattern to FortiSandbox (post-transfer scan only). Source dlp.filepattern.id. |
|
Only submit files matching this DLP file-pattern to FortiSandbox. Source dlp.filepattern.id. |
|
Enable/disable using the FortiSandbox signature database to supplement the AV signature databases. Choices:
|
|
Do not submit files matching this DLP file-pattern to FortiSandbox (post-transfer scan only). Source dlp.filepattern.id. |
|
Maximum size of files that can be uploaded to FortiSandbox. |
|
Do not submit files matching this DLP file-pattern to FortiSandbox. Source dlp.filepattern.id. |
|
Enable/disable logging for AntiVirus file blocking. Choices:
|
|
Enable/disable AntiVirus logging. Choices:
|
|
Configure CIFS AntiVirus options. |
|
Select the archive types to block. Choices:
|
|
Select the archive types to log. Choices:
|
|
Enable AntiVirus scan service. Choices:
|
|
Enable/disable the virus emulator. Choices:
|
|
Enable external-blocklist. Analyzes files including the content of archives. Choices:
|
|
Enable/disable scanning of files by FortiAI. Choices:
|
|
Enable scanning of files by FortiNDR. Choices:
|
|
Enable scanning of files by FortiSandbox. Choices:
|
|
Enable/disable CIFS AntiVirus scanning, monitoring, and quarantine. Choices:
|
|
Enable virus outbreak prevention service. Choices:
|
|
Enable/disable quarantine for infected files. Choices:
|
|
Comment. |
|
AV Content Disarm and Reconstruction settings. |
|
Enable/disable using CDR as a secondary method for determining suspicous files for analytics. Choices:
|
|
Enable/disable inserting a cover page into the disarmed document. Choices:
|
|
Enable/disable only detect disarmable files, do not alter content. Choices:
|
|
Action to be taken if CDR engine encounters an unrecoverable error. Choices:
|
|
Enable/disable stripping of PowerPoint action events in Microsoft Office documents. Choices:
|
|
Enable/disable stripping of Dynamic Data Exchange events in Microsoft Office documents. Choices:
|
|
Enable/disable stripping of embedded objects in Microsoft Office documents. Choices:
|
|
Enable/disable stripping of hyperlinks in Microsoft Office documents. Choices:
|
|
Enable/disable stripping of linked objects in Microsoft Office documents. Choices:
|
|
Enable/disable stripping of macros in Microsoft Office documents. Choices:
|
|
Destination to send original file if active content is removed. Choices:
|
|
Enable/disable stripping of PDF document actions that submit data to other targets. Choices:
|
|
Enable/disable stripping of PDF document actions that access other PDF documents. Choices:
|
|
Enable/disable stripping of PDF document actions that execute JavaScript code. Choices:
|
|
Enable/disable stripping of PDF document actions that launch other applications. Choices:
|
|
Enable/disable stripping of PDF document actions that play a movie. Choices:
|
|
Enable/disable stripping of PDF document actions that play a sound. Choices:
|
|
Enable/disable stripping of embedded files in PDF documents. Choices:
|
|
Enable/disable stripping of hyperlinks from PDF documents. Choices:
|
|
Enable/disable stripping of JavaScript code in PDF documents. Choices:
|
|
Enable/disable use of EMS threat feed when performing AntiVirus scan. Analyzes files including the content of archives. Choices:
|
|
Enable/disable extended logging for antivirus. Choices:
|
|
One or more external malware block lists. |
|
External blocklist. Source system.external-resource.name. |
|
Enable/disable external-blocklist archive scanning. Choices:
|
|
Enable/disable all external blocklists. Choices:
|
|
Flow/proxy feature set. Choices:
|
|
Action to take if FortiAI encounters an error. Choices:
|
|
Action to take if FortiAI encounters a scan timeout. Choices:
|
|
Action to take if FortiNDR encounters an error. Choices:
|
|
Action to take if FortiNDR encounters a scan timeout. Choices:
|
|
Action to take if FortiSandbox inline scan encounters an error. Choices:
|
|
Maximum size of files that can be uploaded to FortiSandbox in Mbytes. |
|
FortiSandbox scan modes. Choices:
|
|
Action to take if FortiSandbox inline scan encounters a scan timeout. Choices:
|
|
Settings to control which files are uploaded to FortiSandbox. Choices:
|
|
Configure FTP AntiVirus options. |
|
Select the archive types to block. Choices:
|
|
Select the archive types to log. Choices:
|
|
Enable AntiVirus scan service. Choices:
|
|
Enable/disable the virus emulator. Choices:
|
|
Enable external-blocklist. Analyzes files including the content of archives. Choices:
|
|
Enable/disable scanning of files by FortiAI. Choices:
|
|
Enable scanning of files by FortiNDR. Choices:
|
|
Enable scanning of files by FortiSandbox. Choices:
|
|
Enable/disable FTP AntiVirus scanning, monitoring, and quarantine. Choices:
|
|
Enable virus outbreak prevention service. Choices:
|
|
Enable/disable quarantine for infected files. Choices:
|
|
Configure HTTP AntiVirus options. |
|
Select the archive types to block. Choices:
|
|
Select the archive types to log. Choices:
|
|
Enable AntiVirus scan service. Choices:
|
|
Enable/disable Content Disarm and Reconstruction when performing AntiVirus scan. Choices:
|
|
Enable/disable the virus emulator. Choices:
|
|
Enable external-blocklist. Analyzes files including the content of archives. Choices:
|
|
Enable/disable scanning of files by FortiAI. Choices:
|
|
Enable scanning of files by FortiNDR. Choices:
|
|
Enable scanning of files by FortiSandbox. Choices:
|
|
Enable/disable HTTP AntiVirus scanning, monitoring, and quarantine. Choices:
|
|
Enable virus outbreak prevention service. Choices:
|
|
Enable/disable quarantine for infected files. Choices:
|
|
Configure the action the FortiGate unit will take on unknown content-encoding. Choices:
|
|
Configure IMAP AntiVirus options. |
|
Select the archive types to block. Choices:
|
|
Select the archive types to log. Choices:
|
|
Enable AntiVirus scan service. Choices:
|
|
Enable/disable Content Disarm and Reconstruction when performing AntiVirus scan. Choices:
|
|
Enable/disable the virus emulator. Choices:
|
|
Treat Windows executable files as viruses for the purpose of blocking or monitoring. Choices:
|
|
Enable external-blocklist. Analyzes files including the content of archives. Choices:
|
|
Enable/disable scanning of files by FortiAI. Choices:
|
|
Enable scanning of files by FortiNDR. Choices:
|
|
Enable scanning of files by FortiSandbox. Choices:
|
|
Enable/disable IMAP AntiVirus scanning, monitoring, and quarantine. Choices:
|
|
Enable virus outbreak prevention service. Choices:
|
|
Enable/disable quarantine for infected files. Choices:
|
|
Inspection mode. Choices:
|
|
Configure MAPI AntiVirus options. |
|
Select the archive types to block. Choices:
|
|
Select the archive types to log. Choices:
|
|
Enable AntiVirus scan service. Choices:
|
|
Enable/disable the virus emulator. Choices:
|
|
Treat Windows executable files as viruses for the purpose of blocking or monitoring. Choices:
|
|
Enable external-blocklist. Analyzes files including the content of archives. Choices:
|
|
Enable/disable scanning of files by FortiAI. Choices:
|
|
Enable scanning of files by FortiNDR. Choices:
|
|
Enable scanning of files by FortiSandbox. Choices:
|
|
Enable/disable MAPI AntiVirus scanning, monitoring, and quarantine. Choices:
|
|
Enable virus outbreak prevention service. Choices:
|
|
Enable/disable quarantine for infected files. Choices:
|
|
Enable/disable using the mobile malware signature database. Choices:
|
|
Configure AntiVirus quarantine settings. |
|
Duration of quarantine. |
|
Enable/Disable quarantining infected hosts to the banned user list. Choices:
|
|
Enable/disable AntiVirus quarantine logging. Choices:
|
|
Profile name. |
|
Configure NNTP AntiVirus options. |
|
Select the archive types to block. Choices:
|
|
Select the archive types to log. Choices:
|
|
Enable AntiVirus scan service. Choices:
|
|
Enable/disable the virus emulator. Choices:
|
|
Enable external-blocklist. Analyzes files including the content of archives. Choices:
|
|
Enable/disable scanning of files by FortiAI. Choices:
|
|
Enable scanning of files by FortiNDR. Choices:
|
|
Enable scanning of files by FortiSandbox. Choices:
|
|
Enable/disable NNTP AntiVirus scanning, monitoring, and quarantine. Choices:
|
|
Enable virus outbreak prevention service. Choices:
|
|
Enable/disable quarantine for infected files. Choices:
|
|
Configure Virus Outbreak Prevention settings. |
|
Enable/disable external malware blocklist. Choices:
|
|
Enable/disable FortiGuard Virus outbreak prevention service. Choices:
|
|
Enable/disable outbreak-prevention archive scanning. Choices:
|
|
Configure POP3 AntiVirus options. |
|
Select the archive types to block. Choices:
|
|
Select the archive types to log. Choices:
|
|
Enable AntiVirus scan service. Choices:
|
|
Enable/disable Content Disarm and Reconstruction when performing AntiVirus scan. Choices:
|
|
Enable/disable the virus emulator. Choices:
|
|
Treat Windows executable files as viruses for the purpose of blocking or monitoring. Choices:
|
|
Enable external-blocklist. Analyzes files including the content of archives. Choices:
|
|
Enable/disable scanning of files by FortiAI. Choices:
|
|
Enable scanning of files by FortiNDR. Choices:
|
|
Enable scanning of files by FortiSandbox. Choices:
|
|
Enable/disable POP3 AntiVirus scanning, monitoring, and quarantine. Choices:
|
|
Enable virus outbreak prevention service. Choices:
|
|
Enable/disable quarantine for infected files. Choices:
|
|
Replacement message group customized for this profile. Source system.replacemsg-group.name. |
|
Configure scan mode . Choices:
|
|
Configure SMB AntiVirus options. |
|
Select the archive types to block. Choices:
|
|
Select the archive types to log. Choices:
|
|
Enable/disable the virus emulator. Choices:
|
|
Enable/disable SMB AntiVirus scanning, monitoring, and quarantine. Choices:
|
|
Enable FortiGuard Virus Outbreak Prevention service. Choices:
|
|
Configure SMTP AntiVirus options. |
|
Select the archive types to block. Choices:
|
|
Select the archive types to log. Choices:
|
|
Enable AntiVirus scan service. Choices:
|
|
Enable/disable Content Disarm and Reconstruction when performing AntiVirus scan. Choices:
|
|
Enable/disable the virus emulator. Choices:
|
|
Treat Windows executable files as viruses for the purpose of blocking or monitoring. Choices:
|
|
Enable external-blocklist. Analyzes files including the content of archives. Choices:
|
|
Enable/disable scanning of files by FortiAI. Choices:
|
|
Enable scanning of files by FortiNDR. Choices:
|
|
Enable scanning of files by FortiSandbox. Choices:
|
|
Enable/disable SMTP AntiVirus scanning, monitoring, and quarantine. Choices:
|
|
Enable virus outbreak prevention service. Choices:
|
|
Enable/disable quarantine for infected files. Choices:
|
|
Configure SFTP and SCP AntiVirus options. |
|
Select the archive types to block. Choices:
|
|
Select the archive types to log. Choices:
|
|
Enable AntiVirus scan service. Choices:
|
|
Enable/disable the virus emulator. Choices:
|
|
Enable external-blocklist. Analyzes files including the content of archives. Choices:
|
|
Enable/disable scanning of files by FortiAI. Choices:
|
|
Enable scanning of files by FortiNDR. Choices:
|
|
Enable scanning of files by FortiSandbox. Choices:
|
|
Enable/disable SFTP and SCP AntiVirus scanning, monitoring, and quarantine. Choices:
|
|
Enable virus outbreak prevention service. Choices:
|
|
Enable/disable quarantine for infected files. Choices:
|
|
Enable/Disable logging for task. Choices:
|
|
Member attribute path to operate on. Delimited by a slash character if there are more than one attribute. Parameter marked with member_path is legitimate for doing member operation. |
|
Add or delete a member under specified attribute path. When member_state is specified, the state option is ignored. Choices:
|
|
Indicates whether to create or remove the object. Choices:
|
|
Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. Default: |
Notes
Note
Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks
The module supports check_mode.
Examples
- name: Configure AntiVirus profiles.
fortinet.fortios.fortios_antivirus_profile:
vdom: "{{ vdom }}"
state: "present"
access_token: "<your_own_value>"
antivirus_profile:
analytics_accept_filetype: "0"
analytics_bl_filetype: "2147483647"
analytics_db: "disable"
analytics_ignore_filetype: "0"
analytics_max_upload: "10"
analytics_wl_filetype: "2147483647"
av_block_log: "enable"
av_virus_log: "enable"
cifs:
archive_block: "encrypted"
archive_log: "encrypted"
av_scan: "disable"
emulator: "enable"
external_blocklist: "disable"
fortiai: "disable"
fortindr: "disable"
fortisandbox: "disable"
options: "scan"
outbreak_prevention: "disable"
quarantine: "disable"
comment: "Comment."
content_disarm:
analytics_suspicious: "disable"
cover_page: "disable"
detect_only: "disable"
error_action: "block"
office_action: "disable"
office_dde: "disable"
office_embed: "disable"
office_hylink: "disable"
office_linked: "disable"
office_macro: "disable"
original_file_destination: "fortisandbox"
pdf_act_form: "disable"
pdf_act_gotor: "disable"
pdf_act_java: "disable"
pdf_act_launch: "disable"
pdf_act_movie: "disable"
pdf_act_sound: "disable"
pdf_embedfile: "disable"
pdf_hyperlink: "disable"
pdf_javacode: "disable"
ems_threat_feed: "disable"
extended_log: "enable"
external_blocklist:
-
name: "default_name_48 (source system.external-resource.name)"
external_blocklist_archive_scan: "disable"
external_blocklist_enable_all: "disable"
feature_set: "flow"
fortiai_error_action: "log-only"
fortiai_timeout_action: "log-only"
fortindr_error_action: "log-only"
fortindr_timeout_action: "log-only"
fortisandbox_error_action: "log-only"
fortisandbox_max_upload: "10"
fortisandbox_mode: "inline"
fortisandbox_timeout_action: "log-only"
ftgd_analytics: "disable"
ftp:
archive_block: "encrypted"
archive_log: "encrypted"
av_scan: "disable"
emulator: "enable"
external_blocklist: "disable"
fortiai: "disable"
fortindr: "disable"
fortisandbox: "disable"
options: "scan"
outbreak_prevention: "disable"
quarantine: "disable"
http:
archive_block: "encrypted"
archive_log: "encrypted"
av_scan: "disable"
content_disarm: "disable"
emulator: "enable"
external_blocklist: "disable"
fortiai: "disable"
fortindr: "disable"
fortisandbox: "disable"
options: "scan"
outbreak_prevention: "disable"
quarantine: "disable"
unknown_content_encoding: "block"
imap:
archive_block: "encrypted"
archive_log: "encrypted"
av_scan: "disable"
content_disarm: "disable"
emulator: "enable"
executables: "default"
external_blocklist: "disable"
fortiai: "disable"
fortindr: "disable"
fortisandbox: "disable"
options: "scan"
outbreak_prevention: "disable"
quarantine: "disable"
inspection_mode: "proxy"
mapi:
archive_block: "encrypted"
archive_log: "encrypted"
av_scan: "disable"
emulator: "enable"
executables: "default"
external_blocklist: "disable"
fortiai: "disable"
fortindr: "disable"
fortisandbox: "disable"
options: "scan"
outbreak_prevention: "disable"
quarantine: "disable"
mobile_malware_db: "disable"
nac_quar:
expiry: "<your_own_value>"
infected: "none"
log: "enable"
name: "default_name_120"
nntp:
archive_block: "encrypted"
archive_log: "encrypted"
av_scan: "disable"
emulator: "enable"
external_blocklist: "disable"
fortiai: "disable"
fortindr: "disable"
fortisandbox: "disable"
options: "scan"
outbreak_prevention: "disable"
quarantine: "disable"
outbreak_prevention:
external_blocklist: "disable"
ftgd_service: "disable"
outbreak_prevention_archive_scan: "disable"
pop3:
archive_block: "encrypted"
archive_log: "encrypted"
av_scan: "disable"
content_disarm: "disable"
emulator: "enable"
executables: "default"
external_blocklist: "disable"
fortiai: "disable"
fortindr: "disable"
fortisandbox: "disable"
options: "scan"
outbreak_prevention: "disable"
quarantine: "disable"
replacemsg_group: "<your_own_value> (source system.replacemsg-group.name)"
scan_mode: "default"
smb:
archive_block: "encrypted"
archive_log: "encrypted"
emulator: "enable"
options: "scan"
outbreak_prevention: "disabled"
smtp:
archive_block: "encrypted"
archive_log: "encrypted"
av_scan: "disable"
content_disarm: "disable"
emulator: "enable"
executables: "default"
external_blocklist: "disable"
fortiai: "disable"
fortindr: "disable"
fortisandbox: "disable"
options: "scan"
outbreak_prevention: "disable"
quarantine: "disable"
ssh:
archive_block: "encrypted"
archive_log: "encrypted"
av_scan: "disable"
emulator: "enable"
external_blocklist: "disable"
fortiai: "disable"
fortindr: "disable"
fortisandbox: "disable"
options: "scan"
outbreak_prevention: "disable"
quarantine: "disable"
Return Values
Common return values are documented here, the following are the fields unique to this module:
Key |
Description |
---|---|
Build number of the fortigate image Returned: always Sample: |
|
Last method used to provision the content into FortiGate Returned: always Sample: |
|
Last result given by FortiGate on last operation applied Returned: always Sample: |
|
Master key (id) used in the last call to FortiGate Returned: success Sample: |
|
Name of the table used to fulfill the request Returned: always Sample: |
|
Path of the table used to fulfill the request Returned: always Sample: |
|
Internal revision number Returned: always Sample: |
|
Serial number of the unit Returned: always Sample: |
|
Indication of the operation’s result Returned: always Sample: |
|
Virtual domain used Returned: always Sample: |
|
Version of the FortiGate Returned: always Sample: |