fortinet.fortimanager.fmgr_antivirus_profile – Configure AntiVirus profiles.

Note

This plugin is part of the fortinet.fortimanager collection (version 2.1.3).

To install it use: ansible-galaxy collection install fortinet.fortimanager.

To use it in a playbook, specify: fortinet.fortimanager.fmgr_antivirus_profile.

New in version 2.10: of fortinet.fortimanager

Synopsis

  • This module is able to configure a FortiManager device.

  • Examples include all parameters and values which need to be adjusted to data sources before usage.

Parameters

Parameter Choices/Defaults Comments
adom
string / required
the parameter (adom) in requested url
antivirus_profile
dictionary
the top level parameters set
analytics-accept-filetype
string
Only submit files matching this DLP file-pattern to FortiSandbox.
analytics-bl-filetype
string
Only submit files matching this DLP file-pattern to FortiSandbox.
analytics-db
string
    Choices:
  • disable
  • enable
Enable/disable using the FortiSandbox signature database to supplement the AV signature databases.
analytics-ignore-filetype
string
Do not submit files matching this DLP file-pattern to FortiSandbox.
analytics-max-upload
integer
Maximum size of files that can be uploaded to FortiSandbox (1 - 395 MBytes, default = 10).
analytics-wl-filetype
string
Do not submit files matching this DLP file-pattern to FortiSandbox.
av-block-log
string
    Choices:
  • disable
  • enable
Enable/disable logging for AntiVirus file blocking.
av-virus-log
string
    Choices:
  • disable
  • enable
Enable/disable AntiVirus logging.
cifs
dictionary
no description
archive-block
list / elements=string
    Choices:
  • encrypted
  • corrupted
  • multipart
  • nested
  • mailbomb
  • unhandled
  • partiallycorrupted
  • fileslimit
  • timeout
no description
archive-log
list / elements=string
    Choices:
  • encrypted
  • corrupted
  • multipart
  • nested
  • mailbomb
  • unhandled
  • partiallycorrupted
  • fileslimit
  • timeout
no description
av-scan
string
    Choices:
  • disable
  • monitor
  • block
Enable AntiVirus scan service.
emulator
string
    Choices:
  • disable
  • enable
Enable/disable the virus emulator.
external-blocklist
string
    Choices:
  • disable
  • monitor
  • block
Enable external-blocklist.
options
list / elements=string
    Choices:
  • scan
  • quarantine
  • avmonitor
no description
outbreak-prevention
string
    Choices:
  • disabled
  • files
  • full-archive
  • disable
  • block
  • monitor
Enable Virus Outbreak Prevention service.
quarantine
string
    Choices:
  • disable
  • enable
Enable/disable quarantine for infected files.
comment
string
Comment.
content-disarm
dictionary
no description
cover-page
string
    Choices:
  • disable
  • enable
Enable/disable inserting a cover page into the disarmed document.
detect-only
string
    Choices:
  • disable
  • enable
Enable/disable only detect disarmable files, do not alter content.
error-action
string
    Choices:
  • block
  • log-only
  • ignore
Action to be taken if CDR engine encounters an unrecoverable error.
office-action
string
    Choices:
  • disable
  • enable
Enable/disable stripping of PowerPoint action events in Microsoft Office documents.
office-dde
string
    Choices:
  • disable
  • enable
Enable/disable stripping of Dynamic Data Exchange events in Microsoft Office documents.
office-embed
string
    Choices:
  • disable
  • enable
Enable/disable stripping of embedded objects in Microsoft Office documents.
office-hylink
string
    Choices:
  • disable
  • enable
Enable/disable stripping of hyperlinks in Microsoft Office documents.
office-linked
string
    Choices:
  • disable
  • enable
Enable/disable stripping of linked objects in Microsoft Office documents.
office-macro
string
    Choices:
  • disable
  • enable
Enable/disable stripping of macros in Microsoft Office documents.
original-file-destination
string
    Choices:
  • fortisandbox
  • quarantine
  • discard
Destination to send original file if active content is removed.
pdf-act-form
string
    Choices:
  • disable
  • enable
Enable/disable stripping of PDF document actions that submit data to other targets.
pdf-act-gotor
string
    Choices:
  • disable
  • enable
Enable/disable stripping of PDF document actions that access other PDF documents.
pdf-act-java
string
    Choices:
  • disable
  • enable
Enable/disable stripping of PDF document actions that execute JavaScript code.
pdf-act-launch
string
    Choices:
  • disable
  • enable
Enable/disable stripping of PDF document actions that launch other applications.
pdf-act-movie
string
    Choices:
  • disable
  • enable
Enable/disable stripping of PDF document actions that play a movie.
pdf-act-sound
string
    Choices:
  • disable
  • enable
Enable/disable stripping of PDF document actions that play a sound.
pdf-embedfile
string
    Choices:
  • disable
  • enable
Enable/disable stripping of embedded files in PDF documents.
pdf-hyperlink
string
    Choices:
  • disable
  • enable
Enable/disable stripping of hyperlinks from PDF documents.
pdf-javacode
string
    Choices:
  • disable
  • enable
Enable/disable stripping of JavaScript code in PDF documents.
ems-threat-feed
string
    Choices:
  • disable
  • enable
Enable/disable use of EMS threat feed when performing AntiVirus scan.
extended-log
string
    Choices:
  • disable
  • enable
Enable/disable extended logging for antivirus.
external-blocklist
string
One or more external malware block lists.
external-blocklist-archive-scan
string
    Choices:
  • disable
  • enable
Enable/disable external-blocklist archive scanning.
external-blocklist-enable-all
string
    Choices:
  • disable
  • enable
Enable/disable all external blocklists.
feature-set
string
    Choices:
  • proxy
  • flow
Flow/proxy feature set.
ftgd-analytics
string
    Choices:
  • disable
  • suspicious
  • everything
Settings to control which files are uploaded to FortiSandbox.
ftp
dictionary
no description
archive-block
list / elements=string
    Choices:
  • encrypted
  • corrupted
  • multipart
  • nested
  • mailbomb
  • unhandled
  • partiallycorrupted
  • fileslimit
  • timeout
no description
archive-log
list / elements=string
    Choices:
  • encrypted
  • corrupted
  • multipart
  • nested
  • mailbomb
  • unhandled
  • partiallycorrupted
  • fileslimit
  • timeout
no description
av-scan
string
    Choices:
  • disable
  • monitor
  • block
Enable AntiVirus scan service.
emulator
string
    Choices:
  • disable
  • enable
Enable/disable the virus emulator.
external-blocklist
string
    Choices:
  • disable
  • monitor
  • block
Enable external-blocklist.
options
list / elements=string
    Choices:
  • scan
  • file-filter
  • quarantine
  • avquery
  • avmonitor
no description
outbreak-prevention
string
    Choices:
  • disabled
  • files
  • full-archive
  • disable
  • block
  • monitor
Enable Virus Outbreak Prevention service.
quarantine
string
    Choices:
  • disable
  • enable
Enable/disable quarantine for infected files.
http
dictionary
no description
archive-block
list / elements=string
    Choices:
  • encrypted
  • corrupted
  • multipart
  • nested
  • mailbomb
  • unhandled
  • partiallycorrupted
  • fileslimit
  • timeout
no description
archive-log
list / elements=string
    Choices:
  • encrypted
  • corrupted
  • multipart
  • nested
  • mailbomb
  • unhandled
  • partiallycorrupted
  • fileslimit
  • timeout
no description
av-scan
string
    Choices:
  • disable
  • monitor
  • block
Enable AntiVirus scan service.
content-disarm
string
    Choices:
  • disable
  • enable
Enable Content Disarm and Reconstruction for this protocol.
emulator
string
    Choices:
  • disable
  • enable
Enable/disable the virus emulator.
external-blocklist
string
    Choices:
  • disable
  • monitor
  • block
Enable external-blocklist.
options
list / elements=string
    Choices:
  • scan
  • file-filter
  • quarantine
  • avquery
  • avmonitor
  • strict-file
no description
outbreak-prevention
string
    Choices:
  • disabled
  • files
  • full-archive
  • disable
  • block
  • monitor
Enable Virus Outbreak Prevention service.
quarantine
string
    Choices:
  • disable
  • enable
Enable/disable quarantine for infected files.
imap
dictionary
no description
archive-block
list / elements=string
    Choices:
  • encrypted
  • corrupted
  • multipart
  • nested
  • mailbomb
  • unhandled
  • partiallycorrupted
  • fileslimit
  • timeout
no description
archive-log
list / elements=string
    Choices:
  • encrypted
  • corrupted
  • multipart
  • nested
  • mailbomb
  • unhandled
  • partiallycorrupted
  • fileslimit
  • timeout
no description
av-scan
string
    Choices:
  • disable
  • monitor
  • block
Enable AntiVirus scan service.
content-disarm
string
    Choices:
  • disable
  • enable
Enable Content Disarm and Reconstruction for this protocol.
emulator
string
    Choices:
  • disable
  • enable
Enable/disable the virus emulator.
executables
string
    Choices:
  • default
  • virus
Treat Windows executable files as viruses for the purpose of blocking or monitoring.
external-blocklist
string
    Choices:
  • disable
  • monitor
  • block
Enable external-blocklist.
options
list / elements=string
    Choices:
  • scan
  • file-filter
  • quarantine
  • avquery
  • avmonitor
no description
outbreak-prevention
string
    Choices:
  • disabled
  • files
  • full-archive
  • disable
  • block
  • monitor
Enable Virus Outbreak Prevention service.
quarantine
string
    Choices:
  • disable
  • enable
Enable/disable quarantine for infected files.
inspection-mode
string
    Choices:
  • proxy
  • flow-based
Inspection mode.
mapi
dictionary
no description
archive-block
list / elements=string
    Choices:
  • encrypted
  • corrupted
  • multipart
  • nested
  • mailbomb
  • unhandled
  • partiallycorrupted
  • fileslimit
  • timeout
no description
archive-log
list / elements=string
    Choices:
  • encrypted
  • corrupted
  • multipart
  • nested
  • mailbomb
  • unhandled
  • partiallycorrupted
  • fileslimit
  • timeout
no description
av-scan
string
    Choices:
  • disable
  • monitor
  • block
Enable AntiVirus scan service.
emulator
string
    Choices:
  • disable
  • enable
Enable/disable the virus emulator.
executables
string
    Choices:
  • default
  • virus
Treat Windows executable files as viruses for the purpose of blocking or monitoring.
external-blocklist
string
    Choices:
  • disable
  • monitor
  • block
Enable external-blocklist.
options
list / elements=string
    Choices:
  • scan
  • quarantine
  • avquery
  • avmonitor
no description
outbreak-prevention
string
    Choices:
  • disabled
  • files
  • full-archive
  • disable
  • block
  • monitor
Enable Virus Outbreak Prevention service.
quarantine
string
    Choices:
  • disable
  • enable
Enable/disable quarantine for infected files.
mobile-malware-db
string
    Choices:
  • disable
  • enable
Enable/disable using the mobile malware signature database.
nac-quar
dictionary
no description
expiry
string
Duration of quarantine.
infected
string
    Choices:
  • none
  • quar-src-ip
  • quar-interface
Enable/Disable quarantining infected hosts to the banned user list.
log
string
    Choices:
  • disable
  • enable
Enable/disable AntiVirus quarantine logging.
name
string
Profile name.
nntp
dictionary
no description
archive-block
list / elements=string
    Choices:
  • encrypted
  • corrupted
  • multipart
  • nested
  • mailbomb
  • unhandled
  • partiallycorrupted
  • fileslimit
  • timeout
no description
archive-log
list / elements=string
    Choices:
  • encrypted
  • corrupted
  • multipart
  • nested
  • mailbomb
  • unhandled
  • partiallycorrupted
  • fileslimit
  • timeout
no description
av-scan
string
    Choices:
  • disable
  • monitor
  • block
Enable AntiVirus scan service.
emulator
string
    Choices:
  • disable
  • enable
Enable/disable the virus emulator.
external-blocklist
string
    Choices:
  • disable
  • monitor
  • block
Enable external-blocklist.
options
list / elements=string
    Choices:
  • scan
  • file-filter
  • quarantine
  • avquery
  • avmonitor
no description
outbreak-prevention
string
    Choices:
  • disabled
  • files
  • full-archive
  • disable
  • block
  • monitor
Enable Virus Outbreak Prevention service.
quarantine
string
    Choices:
  • disable
  • enable
Enable/disable quarantine for infected files.
outbreak-prevention
dictionary
no description
external-blocklist
string
    Choices:
  • disable
  • enable
Enable/disable external malware blocklist.
ftgd-service
string
    Choices:
  • disable
  • enable
Enable/disable FortiGuard Virus outbreak prevention service.
outbreak-prevention-archive-scan
string
    Choices:
  • disable
  • enable
Enable/disable outbreak-prevention archive scanning.
pop3
dictionary
no description
archive-block
list / elements=string
    Choices:
  • encrypted
  • corrupted
  • multipart
  • nested
  • mailbomb
  • unhandled
  • partiallycorrupted
  • fileslimit
  • timeout
no description
archive-log
list / elements=string
    Choices:
  • encrypted
  • corrupted
  • multipart
  • nested
  • mailbomb
  • unhandled
  • partiallycorrupted
  • fileslimit
  • timeout
no description
av-scan
string
    Choices:
  • disable
  • monitor
  • block
Enable AntiVirus scan service.
content-disarm
string
    Choices:
  • disable
  • enable
Enable Content Disarm and Reconstruction for this protocol.
emulator
string
    Choices:
  • disable
  • enable
Enable/disable the virus emulator.
executables
string
    Choices:
  • default
  • virus
Treat Windows executable files as viruses for the purpose of blocking or monitoring.
external-blocklist
string
    Choices:
  • disable
  • monitor
  • block
Enable external-blocklist.
options
list / elements=string
    Choices:
  • scan
  • file-filter
  • quarantine
  • avquery
  • avmonitor
no description
outbreak-prevention
string
    Choices:
  • disabled
  • files
  • full-archive
  • disable
  • block
  • monitor
Enable Virus Outbreak Prevention service.
quarantine
string
    Choices:
  • disable
  • enable
Enable/disable quarantine for infected files.
replacemsg-group
string
Replacement message group customized for this profile.
scan-mode
string
    Choices:
  • quick
  • full
  • legacy
  • default
Choose between full scan mode and quick scan mode.
smtp
dictionary
no description
archive-block
list / elements=string
    Choices:
  • encrypted
  • corrupted
  • multipart
  • nested
  • mailbomb
  • unhandled
  • partiallycorrupted
  • fileslimit
  • timeout
no description
archive-log
list / elements=string
    Choices:
  • encrypted
  • corrupted
  • multipart
  • nested
  • mailbomb
  • unhandled
  • partiallycorrupted
  • fileslimit
  • timeout
no description
av-scan
string
    Choices:
  • disable
  • monitor
  • block
Enable AntiVirus scan service.
content-disarm
string
    Choices:
  • disable
  • enable
Enable Content Disarm and Reconstruction for this protocol.
emulator
string
    Choices:
  • disable
  • enable
Enable/disable the virus emulator.
executables
string
    Choices:
  • default
  • virus
Treat Windows executable files as viruses for the purpose of blocking or monitoring.
external-blocklist
string
    Choices:
  • disable
  • monitor
  • block
Enable external-blocklist.
options
list / elements=string
    Choices:
  • scan
  • file-filter
  • quarantine
  • avquery
  • avmonitor
no description
outbreak-prevention
string
    Choices:
  • disabled
  • files
  • full-archive
  • disable
  • block
  • monitor
Enable Virus Outbreak Prevention service.
quarantine
string
    Choices:
  • disable
  • enable
Enable/disable quarantine for infected files.
ssh
dictionary
no description
archive-block
list / elements=string
    Choices:
  • encrypted
  • corrupted
  • multipart
  • nested
  • mailbomb
  • unhandled
  • partiallycorrupted
  • fileslimit
  • timeout
no description
archive-log
list / elements=string
    Choices:
  • encrypted
  • corrupted
  • multipart
  • nested
  • mailbomb
  • unhandled
  • partiallycorrupted
  • fileslimit
  • timeout
no description
av-scan
string
    Choices:
  • disable
  • monitor
  • block
Enable AntiVirus scan service.
emulator
string
    Choices:
  • disable
  • enable
Enable/disable the virus emulator.
external-blocklist
string
    Choices:
  • disable
  • monitor
  • block
Enable external-blocklist.
options
list / elements=string
    Choices:
  • avmonitor
  • quarantine
  • scan
no description
outbreak-prevention
string
    Choices:
  • disabled
  • files
  • full-archive
  • disable
  • block
  • monitor
Enable Virus Outbreak Prevention service.
quarantine
string
    Choices:
  • disable
  • enable
Enable/disable quarantine for infected files.
bypass_validation
boolean
    Choices:
  • no ←
  • yes
only set to True when module schema diffs with FortiManager API structure, module continues to execute without validating parameters
enable_log
boolean
    Choices:
  • no ←
  • yes
Enable/Disable logging for task
proposed_method
string
    Choices:
  • update
  • set
  • add
The overridden method for the underlying Json RPC request
rc_failed
list / elements=string
the rc codes list with which the conditions to fail will be overriden
rc_succeeded
list / elements=string
the rc codes list with which the conditions to succeed will be overriden
state
string / required
    Choices:
  • present
  • absent
the directive to create, update or delete an object
workspace_locking_adom
string
the adom to lock for FortiManager running in workspace mode, the value can be global and others including root
workspace_locking_timeout
integer
Default:
300
the maximum time in seconds to wait for other user to release the workspace lock

Notes

Note

  • Running in workspace locking mode is supported in this FortiManager module, the top level parameters workspace_locking_adom and workspace_locking_timeout help do the work.

  • To create or update an object, use state present directive.

  • To delete an object, use state absent directive.

  • Normally, running one module can fail when a non-zero rc is returned. you can also override the conditions to fail or succeed with parameters rc_failed and rc_succeeded

Examples

- hosts: fortimanager-inventory
  collections:
    - fortinet.fortimanager
  connection: httpapi
  vars:
     ansible_httpapi_use_ssl: True
     ansible_httpapi_validate_certs: False
     ansible_httpapi_port: 443
  tasks:
   - name: Configure AntiVirus profiles.
     fmgr_antivirus_profile:
        bypass_validation: False
        workspace_locking_adom: <value in [global, custom adom including root]>
        workspace_locking_timeout: 300
        rc_succeeded: [0, -2, -3, ...]
        rc_failed: [-2, -3, ...]
        adom: <your own value>
        state: <value in [present, absent]>
        antivirus_profile:
           analytics-bl-filetype: <value of string>
           analytics-db: <value in [disable, enable]>
           analytics-max-upload: <value of integer>
           analytics-wl-filetype: <value of string>
           av-block-log: <value in [disable, enable]>
           av-virus-log: <value in [disable, enable]>
           comment: <value of string>
           extended-log: <value in [disable, enable]>
           ftgd-analytics: <value in [disable, suspicious, everything]>
           inspection-mode: <value in [proxy, flow-based]>
           mobile-malware-db: <value in [disable, enable]>
           name: <value of string>
           replacemsg-group: <value of string>
           scan-mode: <value in [quick, full, legacy, ...]>
           feature-set: <value in [proxy, flow]>
           cifs:
              archive-block:
                - encrypted
                - corrupted
                - multipart
                - nested
                - mailbomb
                - unhandled
                - partiallycorrupted
                - fileslimit
                - timeout
              archive-log:
                - encrypted
                - corrupted
                - multipart
                - nested
                - mailbomb
                - unhandled
                - partiallycorrupted
                - fileslimit
                - timeout
              emulator: <value in [disable, enable]>
              options:
                - scan
                - quarantine
                - avmonitor
              outbreak-prevention: <value in [disabled, files, full-archive, ...]>
              av-scan: <value in [disable, monitor, block]>
              external-blocklist: <value in [disable, monitor, block]>
              quarantine: <value in [disable, enable]>
           content-disarm:
              cover-page: <value in [disable, enable]>
              detect-only: <value in [disable, enable]>
              error-action: <value in [block, log-only, ignore]>
              office-action: <value in [disable, enable]>
              office-dde: <value in [disable, enable]>
              office-embed: <value in [disable, enable]>
              office-hylink: <value in [disable, enable]>
              office-linked: <value in [disable, enable]>
              office-macro: <value in [disable, enable]>
              original-file-destination: <value in [fortisandbox, quarantine, discard]>
              pdf-act-form: <value in [disable, enable]>
              pdf-act-gotor: <value in [disable, enable]>
              pdf-act-java: <value in [disable, enable]>
              pdf-act-launch: <value in [disable, enable]>
              pdf-act-movie: <value in [disable, enable]>
              pdf-act-sound: <value in [disable, enable]>
              pdf-embedfile: <value in [disable, enable]>
              pdf-hyperlink: <value in [disable, enable]>
              pdf-javacode: <value in [disable, enable]>
           ftp:
              archive-block:
                - encrypted
                - corrupted
                - multipart
                - nested
                - mailbomb
                - unhandled
                - partiallycorrupted
                - fileslimit
                - timeout
              archive-log:
                - encrypted
                - corrupted
                - multipart
                - nested
                - mailbomb
                - unhandled
                - partiallycorrupted
                - fileslimit
                - timeout
              emulator: <value in [disable, enable]>
              options:
                - scan
                - file-filter
                - quarantine
                - avquery
                - avmonitor
              outbreak-prevention: <value in [disabled, files, full-archive, ...]>
              av-scan: <value in [disable, monitor, block]>
              external-blocklist: <value in [disable, monitor, block]>
              quarantine: <value in [disable, enable]>
           http:
              archive-block:
                - encrypted
                - corrupted
                - multipart
                - nested
                - mailbomb
                - unhandled
                - partiallycorrupted
                - fileslimit
                - timeout
              archive-log:
                - encrypted
                - corrupted
                - multipart
                - nested
                - mailbomb
                - unhandled
                - partiallycorrupted
                - fileslimit
                - timeout
              content-disarm: <value in [disable, enable]>
              emulator: <value in [disable, enable]>
              options:
                - scan
                - file-filter
                - quarantine
                - avquery
                - avmonitor
                - strict-file
              outbreak-prevention: <value in [disabled, files, full-archive, ...]>
              av-scan: <value in [disable, monitor, block]>
              external-blocklist: <value in [disable, monitor, block]>
              quarantine: <value in [disable, enable]>
           imap:
              archive-block:
                - encrypted
                - corrupted
                - multipart
                - nested
                - mailbomb
                - unhandled
                - partiallycorrupted
                - fileslimit
                - timeout
              archive-log:
                - encrypted
                - corrupted
                - multipart
                - nested
                - mailbomb
                - unhandled
                - partiallycorrupted
                - fileslimit
                - timeout
              content-disarm: <value in [disable, enable]>
              emulator: <value in [disable, enable]>
              executables: <value in [default, virus]>
              options:
                - scan
                - file-filter
                - quarantine
                - avquery
                - avmonitor
              outbreak-prevention: <value in [disabled, files, full-archive, ...]>
              av-scan: <value in [disable, monitor, block]>
              external-blocklist: <value in [disable, monitor, block]>
              quarantine: <value in [disable, enable]>
           mapi:
              archive-block:
                - encrypted
                - corrupted
                - multipart
                - nested
                - mailbomb
                - unhandled
                - partiallycorrupted
                - fileslimit
                - timeout
              archive-log:
                - encrypted
                - corrupted
                - multipart
                - nested
                - mailbomb
                - unhandled
                - partiallycorrupted
                - fileslimit
                - timeout
              emulator: <value in [disable, enable]>
              executables: <value in [default, virus]>
              options:
                - scan
                - quarantine
                - avquery
                - avmonitor
              outbreak-prevention: <value in [disabled, files, full-archive, ...]>
              av-scan: <value in [disable, monitor, block]>
              external-blocklist: <value in [disable, monitor, block]>
              quarantine: <value in [disable, enable]>
           nac-quar:
              expiry: <value of string>
              infected: <value in [none, quar-src-ip, quar-interface]>
              log: <value in [disable, enable]>
           nntp:
              archive-block:
                - encrypted
                - corrupted
                - multipart
                - nested
                - mailbomb
                - unhandled
                - partiallycorrupted
                - fileslimit
                - timeout
              archive-log:
                - encrypted
                - corrupted
                - multipart
                - nested
                - mailbomb
                - unhandled
                - partiallycorrupted
                - fileslimit
                - timeout
              emulator: <value in [disable, enable]>
              options:
                - scan
                - file-filter
                - quarantine
                - avquery
                - avmonitor
              outbreak-prevention: <value in [disabled, files, full-archive, ...]>
              av-scan: <value in [disable, monitor, block]>
              external-blocklist: <value in [disable, monitor, block]>
              quarantine: <value in [disable, enable]>
           outbreak-prevention:
              external-blocklist: <value in [disable, enable]>
              ftgd-service: <value in [disable, enable]>
           pop3:
              archive-block:
                - encrypted
                - corrupted
                - multipart
                - nested
                - mailbomb
                - unhandled
                - partiallycorrupted
                - fileslimit
                - timeout
              archive-log:
                - encrypted
                - corrupted
                - multipart
                - nested
                - mailbomb
                - unhandled
                - partiallycorrupted
                - fileslimit
                - timeout
              content-disarm: <value in [disable, enable]>
              emulator: <value in [disable, enable]>
              executables: <value in [default, virus]>
              options:
                - scan
                - file-filter
                - quarantine
                - avquery
                - avmonitor
              outbreak-prevention: <value in [disabled, files, full-archive, ...]>
              av-scan: <value in [disable, monitor, block]>
              external-blocklist: <value in [disable, monitor, block]>
              quarantine: <value in [disable, enable]>
           smtp:
              archive-block:
                - encrypted
                - corrupted
                - multipart
                - nested
                - mailbomb
                - unhandled
                - partiallycorrupted
                - fileslimit
                - timeout
              archive-log:
                - encrypted
                - corrupted
                - multipart
                - nested
                - mailbomb
                - unhandled
                - partiallycorrupted
                - fileslimit
                - timeout
              content-disarm: <value in [disable, enable]>
              emulator: <value in [disable, enable]>
              executables: <value in [default, virus]>
              options:
                - scan
                - file-filter
                - quarantine
                - avquery
                - avmonitor
              outbreak-prevention: <value in [disabled, files, full-archive, ...]>
              av-scan: <value in [disable, monitor, block]>
              external-blocklist: <value in [disable, monitor, block]>
              quarantine: <value in [disable, enable]>
           ssh:
              archive-block:
                - encrypted
                - corrupted
                - multipart
                - nested
                - mailbomb
                - unhandled
                - partiallycorrupted
                - fileslimit
                - timeout
              archive-log:
                - encrypted
                - corrupted
                - multipart
                - nested
                - mailbomb
                - unhandled
                - partiallycorrupted
                - fileslimit
                - timeout
              emulator: <value in [disable, enable]>
              options:
                - avmonitor
                - quarantine
                - scan
              outbreak-prevention: <value in [disabled, files, full-archive, ...]>
              av-scan: <value in [disable, monitor, block]>
              external-blocklist: <value in [disable, monitor, block]>
              quarantine: <value in [disable, enable]>
           analytics-accept-filetype: <value of string>
           analytics-ignore-filetype: <value of string>
           ems-threat-feed: <value in [disable, enable]>
           external-blocklist: <value of string>
           external-blocklist-archive-scan: <value in [disable, enable]>
           external-blocklist-enable-all: <value in [disable, enable]>
           outbreak-prevention-archive-scan: <value in [disable, enable]>

Return Values

Common return values are documented here, the following are the fields unique to this module:

Key Returned Description
request_url
string
always
The full url requested

Sample:
/sys/login/user
response_code
integer
always
The status of api request

response_message
string
always
The descriptive message of the api response

Sample:
OK.


Authors

  • Link Zheng (@chillancezen)

  • Jie Xue (@JieX19)

  • Frank Shen (@fshen01)

  • Hongbin Lu (@fgtdev-hblu)