fortinet.fortimanager.fmgr_antivirus_profile – Configure AntiVirus profiles.

Note

This plugin is part of the fortinet.fortimanager collection (version 2.1.4).

You might already have this collection installed if you are using the ansible package. It is not included in ansible-core. To check whether it is installed, run ansible-galaxy collection list.

To install it, use: ansible-galaxy collection install fortinet.fortimanager.

To use it in a playbook, specify: fortinet.fortimanager.fmgr_antivirus_profile.

New in version 2.10: of fortinet.fortimanager

Synopsis

  • This module is able to configure a FortiManager device.

  • Examples include all parameters and values which need to be adjusted to data sources before usage.

Parameters

Parameter Choices/Defaults Comments
adom
string / required
the parameter (adom) in requested url
antivirus_profile
dictionary
the top level parameters set
analytics-accept-filetype
string
Only submit files matching this DLP file-pattern to FortiSandbox.
analytics-bl-filetype
string
Only submit files matching this DLP file-pattern to FortiSandbox.
analytics-db
string
    Choices:
  • disable
  • enable
Enable/disable using the FortiSandbox signature database to supplement the AV signature databases.
analytics-ignore-filetype
string
Do not submit files matching this DLP file-pattern to FortiSandbox.
analytics-max-upload
integer
Maximum size of files that can be uploaded to FortiSandbox (1 - 395 MBytes, default = 10).
analytics-wl-filetype
string
Do not submit files matching this DLP file-pattern to FortiSandbox.
av-block-log
string
    Choices:
  • disable
  • enable
Enable/disable logging for AntiVirus file blocking.
av-virus-log
string
    Choices:
  • disable
  • enable
Enable/disable AntiVirus logging.
cifs
dictionary
no description
archive-block
list / elements=string
    Choices:
  • encrypted
  • corrupted
  • multipart
  • nested
  • mailbomb
  • unhandled
  • partiallycorrupted
  • fileslimit
  • timeout
Select the archive types to block.
archive-log
list / elements=string
    Choices:
  • encrypted
  • corrupted
  • multipart
  • nested
  • mailbomb
  • unhandled
  • partiallycorrupted
  • fileslimit
  • timeout
Select the archive types to log.
av-scan
string
    Choices:
  • disable
  • monitor
  • block
Enable AntiVirus scan service.
emulator
string
    Choices:
  • disable
  • enable
Enable/disable the virus emulator.
external-blocklist
string
    Choices:
  • disable
  • monitor
  • block
Enable external-blocklist.
options
list / elements=string
    Choices:
  • scan
  • quarantine
  • avmonitor
Enable/disable CIFS AntiVirus scanning, monitoring, and quarantine.
outbreak-prevention
string
    Choices:
  • disabled
  • files
  • full-archive
  • disable
  • block
  • monitor
Enable Virus Outbreak Prevention service.
quarantine
string
    Choices:
  • disable
  • enable
Enable/disable quarantine for infected files.
comment
string
Comment.
content-disarm
dictionary
no description
cover-page
string
    Choices:
  • disable
  • enable
Enable/disable inserting a cover page into the disarmed document.
detect-only
string
    Choices:
  • disable
  • enable
Enable/disable only detect disarmable files, do not alter content.
error-action
string
    Choices:
  • block
  • log-only
  • ignore
Action to be taken if CDR engine encounters an unrecoverable error.
office-action
string
    Choices:
  • disable
  • enable
Enable/disable stripping of PowerPoint action events in Microsoft Office documents.
office-dde
string
    Choices:
  • disable
  • enable
Enable/disable stripping of Dynamic Data Exchange events in Microsoft Office documents.
office-embed
string
    Choices:
  • disable
  • enable
Enable/disable stripping of embedded objects in Microsoft Office documents.
office-hylink
string
    Choices:
  • disable
  • enable
Enable/disable stripping of hyperlinks in Microsoft Office documents.
office-linked
string
    Choices:
  • disable
  • enable
Enable/disable stripping of linked objects in Microsoft Office documents.
office-macro
string
    Choices:
  • disable
  • enable
Enable/disable stripping of macros in Microsoft Office documents.
original-file-destination
string
    Choices:
  • fortisandbox
  • quarantine
  • discard
Destination to send original file if active content is removed.
pdf-act-form
string
    Choices:
  • disable
  • enable
Enable/disable stripping of PDF document actions that submit data to other targets.
pdf-act-gotor
string
    Choices:
  • disable
  • enable
Enable/disable stripping of PDF document actions that access other PDF documents.
pdf-act-java
string
    Choices:
  • disable
  • enable
Enable/disable stripping of PDF document actions that execute JavaScript code.
pdf-act-launch
string
    Choices:
  • disable
  • enable
Enable/disable stripping of PDF document actions that launch other applications.
pdf-act-movie
string
    Choices:
  • disable
  • enable
Enable/disable stripping of PDF document actions that play a movie.
pdf-act-sound
string
    Choices:
  • disable
  • enable
Enable/disable stripping of PDF document actions that play a sound.
pdf-embedfile
string
    Choices:
  • disable
  • enable
Enable/disable stripping of embedded files in PDF documents.
pdf-hyperlink
string
    Choices:
  • disable
  • enable
Enable/disable stripping of hyperlinks from PDF documents.
pdf-javacode
string
    Choices:
  • disable
  • enable
Enable/disable stripping of JavaScript code in PDF documents.
ems-threat-feed
string
    Choices:
  • disable
  • enable
Enable/disable use of EMS threat feed when performing AntiVirus scan.
extended-log
string
    Choices:
  • disable
  • enable
Enable/disable extended logging for antivirus.
external-blocklist
string
One or more external malware block lists.
external-blocklist-archive-scan
string
    Choices:
  • disable
  • enable
Enable/disable external-blocklist archive scanning.
external-blocklist-enable-all
string
    Choices:
  • disable
  • enable
Enable/disable all external blocklists.
feature-set
string
    Choices:
  • proxy
  • flow
Flow/proxy feature set.
ftgd-analytics
string
    Choices:
  • disable
  • suspicious
  • everything
Settings to control which files are uploaded to FortiSandbox.
ftp
dictionary
no description
archive-block
list / elements=string
    Choices:
  • encrypted
  • corrupted
  • multipart
  • nested
  • mailbomb
  • unhandled
  • partiallycorrupted
  • fileslimit
  • timeout
Select the archive types to block.
archive-log
list / elements=string
    Choices:
  • encrypted
  • corrupted
  • multipart
  • nested
  • mailbomb
  • unhandled
  • partiallycorrupted
  • fileslimit
  • timeout
Select the archive types to log.
av-scan
string
    Choices:
  • disable
  • monitor
  • block
Enable AntiVirus scan service.
emulator
string
    Choices:
  • disable
  • enable
Enable/disable the virus emulator.
external-blocklist
string
    Choices:
  • disable
  • monitor
  • block
Enable external-blocklist.
options
list / elements=string
    Choices:
  • scan
  • file-filter
  • quarantine
  • avquery
  • avmonitor
Enable/disable FTP AntiVirus scanning, monitoring, and quarantine.
outbreak-prevention
string
    Choices:
  • disabled
  • files
  • full-archive
  • disable
  • block
  • monitor
Enable Virus Outbreak Prevention service.
quarantine
string
    Choices:
  • disable
  • enable
Enable/disable quarantine for infected files.
http
dictionary
no description
archive-block
list / elements=string
    Choices:
  • encrypted
  • corrupted
  • multipart
  • nested
  • mailbomb
  • unhandled
  • partiallycorrupted
  • fileslimit
  • timeout
Select the archive types to block.
archive-log
list / elements=string
    Choices:
  • encrypted
  • corrupted
  • multipart
  • nested
  • mailbomb
  • unhandled
  • partiallycorrupted
  • fileslimit
  • timeout
Select the archive types to log.
av-scan
string
    Choices:
  • disable
  • monitor
  • block
Enable AntiVirus scan service.
content-disarm
string
    Choices:
  • disable
  • enable
Enable Content Disarm and Reconstruction for this protocol.
emulator
string
    Choices:
  • disable
  • enable
Enable/disable the virus emulator.
external-blocklist
string
    Choices:
  • disable
  • monitor
  • block
Enable external-blocklist.
options
list / elements=string
    Choices:
  • scan
  • file-filter
  • quarantine
  • avquery
  • avmonitor
  • strict-file
Enable/disable HTTP AntiVirus scanning, monitoring, and quarantine.
outbreak-prevention
string
    Choices:
  • disabled
  • files
  • full-archive
  • disable
  • block
  • monitor
Enable Virus Outbreak Prevention service.
quarantine
string
    Choices:
  • disable
  • enable
Enable/disable quarantine for infected files.
imap
dictionary
no description
archive-block
list / elements=string
    Choices:
  • encrypted
  • corrupted
  • multipart
  • nested
  • mailbomb
  • unhandled
  • partiallycorrupted
  • fileslimit
  • timeout
Select the archive types to block.
archive-log
list / elements=string
    Choices:
  • encrypted
  • corrupted
  • multipart
  • nested
  • mailbomb
  • unhandled
  • partiallycorrupted
  • fileslimit
  • timeout
Select the archive types to log.
av-scan
string
    Choices:
  • disable
  • monitor
  • block
Enable AntiVirus scan service.
content-disarm
string
    Choices:
  • disable
  • enable
Enable Content Disarm and Reconstruction for this protocol.
emulator
string
    Choices:
  • disable
  • enable
Enable/disable the virus emulator.
executables
string
    Choices:
  • default
  • virus
Treat Windows executable files as viruses for the purpose of blocking or monitoring.
external-blocklist
string
    Choices:
  • disable
  • monitor
  • block
Enable external-blocklist.
options
list / elements=string
    Choices:
  • scan
  • file-filter
  • quarantine
  • avquery
  • avmonitor
Enable/disable IMAP AntiVirus scanning, monitoring, and quarantine.
outbreak-prevention
string
    Choices:
  • disabled
  • files
  • full-archive
  • disable
  • block
  • monitor
Enable Virus Outbreak Prevention service.
quarantine
string
    Choices:
  • disable
  • enable
Enable/disable quarantine for infected files.
inspection-mode
string
    Choices:
  • proxy
  • flow-based
Inspection mode.
mapi
dictionary
no description
archive-block
list / elements=string
    Choices:
  • encrypted
  • corrupted
  • multipart
  • nested
  • mailbomb
  • unhandled
  • partiallycorrupted
  • fileslimit
  • timeout
Select the archive types to block.
archive-log
list / elements=string
    Choices:
  • encrypted
  • corrupted
  • multipart
  • nested
  • mailbomb
  • unhandled
  • partiallycorrupted
  • fileslimit
  • timeout
Select the archive types to log.
av-scan
string
    Choices:
  • disable
  • monitor
  • block
Enable AntiVirus scan service.
emulator
string
    Choices:
  • disable
  • enable
Enable/disable the virus emulator.
executables
string
    Choices:
  • default
  • virus
Treat Windows executable files as viruses for the purpose of blocking or monitoring.
external-blocklist
string
    Choices:
  • disable
  • monitor
  • block
Enable external-blocklist.
options
list / elements=string
    Choices:
  • scan
  • quarantine
  • avquery
  • avmonitor
Enable/disable MAPI AntiVirus scanning, monitoring, and quarantine.
outbreak-prevention
string
    Choices:
  • disabled
  • files
  • full-archive
  • disable
  • block
  • monitor
Enable Virus Outbreak Prevention service.
quarantine
string
    Choices:
  • disable
  • enable
Enable/disable quarantine for infected files.
mobile-malware-db
string
    Choices:
  • disable
  • enable
Enable/disable using the mobile malware signature database.
nac-quar
dictionary
no description
expiry
string
Duration of quarantine.
infected
string
    Choices:
  • none
  • quar-src-ip
  • quar-interface
Enable/Disable quarantining infected hosts to the banned user list.
log
string
    Choices:
  • disable
  • enable
Enable/disable AntiVirus quarantine logging.
name
string
Profile name.
nntp
dictionary
no description
archive-block
list / elements=string
    Choices:
  • encrypted
  • corrupted
  • multipart
  • nested
  • mailbomb
  • unhandled
  • partiallycorrupted
  • fileslimit
  • timeout
Select the archive types to block.
archive-log
list / elements=string
    Choices:
  • encrypted
  • corrupted
  • multipart
  • nested
  • mailbomb
  • unhandled
  • partiallycorrupted
  • fileslimit
  • timeout
Select the archive types to log.
av-scan
string
    Choices:
  • disable
  • monitor
  • block
Enable AntiVirus scan service.
emulator
string
    Choices:
  • disable
  • enable
Enable/disable the virus emulator.
external-blocklist
string
    Choices:
  • disable
  • monitor
  • block
Enable external-blocklist.
options
list / elements=string
    Choices:
  • scan
  • file-filter
  • quarantine
  • avquery
  • avmonitor
Enable/disable NNTP AntiVirus scanning, monitoring, and quarantine.
outbreak-prevention
string
    Choices:
  • disabled
  • files
  • full-archive
  • disable
  • block
  • monitor
Enable Virus Outbreak Prevention service.
quarantine
string
    Choices:
  • disable
  • enable
Enable/disable quarantine for infected files.
outbreak-prevention
dictionary
no description
external-blocklist
string
    Choices:
  • disable
  • enable
Enable/disable external malware blocklist.
ftgd-service
string
    Choices:
  • disable
  • enable
Enable/disable FortiGuard Virus outbreak prevention service.
outbreak-prevention-archive-scan
string
    Choices:
  • disable
  • enable
Enable/disable outbreak-prevention archive scanning.
pop3
dictionary
no description
archive-block
list / elements=string
    Choices:
  • encrypted
  • corrupted
  • multipart
  • nested
  • mailbomb
  • unhandled
  • partiallycorrupted
  • fileslimit
  • timeout
Select the archive types to block.
archive-log
list / elements=string
    Choices:
  • encrypted
  • corrupted
  • multipart
  • nested
  • mailbomb
  • unhandled
  • partiallycorrupted
  • fileslimit
  • timeout
Select the archive types to log.
av-scan
string
    Choices:
  • disable
  • monitor
  • block
Enable AntiVirus scan service.
content-disarm
string
    Choices:
  • disable
  • enable
Enable Content Disarm and Reconstruction for this protocol.
emulator
string
    Choices:
  • disable
  • enable
Enable/disable the virus emulator.
executables
string
    Choices:
  • default
  • virus
Treat Windows executable files as viruses for the purpose of blocking or monitoring.
external-blocklist
string
    Choices:
  • disable
  • monitor
  • block
Enable external-blocklist.
options
list / elements=string
    Choices:
  • scan
  • file-filter
  • quarantine
  • avquery
  • avmonitor
Enable/disable POP3 AntiVirus scanning, monitoring, and quarantine.
outbreak-prevention
string
    Choices:
  • disabled
  • files
  • full-archive
  • disable
  • block
  • monitor
Enable Virus Outbreak Prevention service.
quarantine
string
    Choices:
  • disable
  • enable
Enable/disable quarantine for infected files.
replacemsg-group
string
Replacement message group customized for this profile.
scan-mode
string
    Choices:
  • quick
  • full
  • legacy
  • default
Choose between full scan mode and quick scan mode.
smtp
dictionary
no description
archive-block
list / elements=string
    Choices:
  • encrypted
  • corrupted
  • multipart
  • nested
  • mailbomb
  • unhandled
  • partiallycorrupted
  • fileslimit
  • timeout
Select the archive types to block.
archive-log
list / elements=string
    Choices:
  • encrypted
  • corrupted
  • multipart
  • nested
  • mailbomb
  • unhandled
  • partiallycorrupted
  • fileslimit
  • timeout
Select the archive types to log.
av-scan
string
    Choices:
  • disable
  • monitor
  • block
Enable AntiVirus scan service.
content-disarm
string
    Choices:
  • disable
  • enable
Enable Content Disarm and Reconstruction for this protocol.
emulator
string
    Choices:
  • disable
  • enable
Enable/disable the virus emulator.
executables
string
    Choices:
  • default
  • virus
Treat Windows executable files as viruses for the purpose of blocking or monitoring.
external-blocklist
string
    Choices:
  • disable
  • monitor
  • block
Enable external-blocklist.
options
list / elements=string
    Choices:
  • scan
  • file-filter
  • quarantine
  • avquery
  • avmonitor
Enable/disable SMTP AntiVirus scanning, monitoring, and quarantine.
outbreak-prevention
string
    Choices:
  • disabled
  • files
  • full-archive
  • disable
  • block
  • monitor
Enable Virus Outbreak Prevention service.
quarantine
string
    Choices:
  • disable
  • enable
Enable/disable quarantine for infected files.
ssh
dictionary
no description
archive-block
list / elements=string
    Choices:
  • encrypted
  • corrupted
  • multipart
  • nested
  • mailbomb
  • unhandled
  • partiallycorrupted
  • fileslimit
  • timeout
Select the archive types to block.
archive-log
list / elements=string
    Choices:
  • encrypted
  • corrupted
  • multipart
  • nested
  • mailbomb
  • unhandled
  • partiallycorrupted
  • fileslimit
  • timeout
Select the archive types to log.
av-scan
string
    Choices:
  • disable
  • monitor
  • block
Enable AntiVirus scan service.
emulator
string
    Choices:
  • disable
  • enable
Enable/disable the virus emulator.
external-blocklist
string
    Choices:
  • disable
  • monitor
  • block
Enable external-blocklist.
options
list / elements=string
    Choices:
  • avmonitor
  • quarantine
  • scan
Enable/disable SFTP and SCP AntiVirus scanning, monitoring, and quarantine.
outbreak-prevention
string
    Choices:
  • disabled
  • files
  • full-archive
  • disable
  • block
  • monitor
Enable Virus Outbreak Prevention service.
quarantine
string
    Choices:
  • disable
  • enable
Enable/disable quarantine for infected files.
bypass_validation
boolean
    Choices:
  • no ←
  • yes
only set to True when module schema diffs with FortiManager API structure, module continues to execute without validating parameters
enable_log
boolean
    Choices:
  • no ←
  • yes
Enable/Disable logging for task
proposed_method
string
    Choices:
  • update
  • set
  • add
The overridden method for the underlying Json RPC request
rc_failed
list / elements=string
the rc codes list with which the conditions to fail will be overriden
rc_succeeded
list / elements=string
the rc codes list with which the conditions to succeed will be overriden
state
string / required
    Choices:
  • present
  • absent
the directive to create, update or delete an object
workspace_locking_adom
string
the adom to lock for FortiManager running in workspace mode, the value can be global and others including root
workspace_locking_timeout
integer
Default:
300
the maximum time in seconds to wait for other user to release the workspace lock

Notes

Note

  • Running in workspace locking mode is supported in this FortiManager module, the top level parameters workspace_locking_adom and workspace_locking_timeout help do the work.

  • To create or update an object, use state present directive.

  • To delete an object, use state absent directive.

  • Normally, running one module can fail when a non-zero rc is returned. you can also override the conditions to fail or succeed with parameters rc_failed and rc_succeeded

Examples

- name: gathering fortimanager facts
  hosts: fortimanager00
  gather_facts: no
  connection: httpapi
  collections:
    - fortinet.fortimanager
  vars:
    ansible_httpapi_use_ssl: True
    ansible_httpapi_validate_certs: False
    ansible_httpapi_port: 443
  tasks:
   - name: retrieve all the antivirus profiles
     fmgr_fact:
       facts:
           selector: 'antivirus_profile'
           params:
               adom: 'ansible'
               profile: ''
- hosts: fortimanager00
  collections:
    - fortinet.fortimanager
  connection: httpapi
  vars:
     ansible_httpapi_use_ssl: True
     ansible_httpapi_validate_certs: False
     ansible_httpapi_port: 443
  tasks:
   - name: Configure AntiVirus profiles.
     fmgr_antivirus_profile:
        adom: ansible
        state: present
        antivirus_profile:
           analytics-db: disable
           analytics-max-upload: 20
           av-block-log: disable
           av-virus-log: disable
           comment: 'test comment'
           extended-log: disable
           ftgd-analytics: disable
           inspection-mode: proxy
           mobile-malware-db: disable
           name: 'antivirus-profile'
           scan-mode: quick

Return Values

Common return values are documented here, the following are the fields unique to this module:

Key Returned Description
request_url
string
always
The full url requested

Sample:
/sys/login/user
response_code
integer
always
The status of api request

response_message
string
always
The descriptive message of the api response

Sample:
OK.


Authors

  • Link Zheng (@chillancezen)

  • Jie Xue (@JieX19)

  • Frank Shen (@fshen01)

  • Hongbin Lu (@fgtdev-hblu)