fortios_antivirus_profile – Configure AntiVirus profiles in Fortinet’s FortiOS and FortiGate

From Get docs
Ansible/docs/2.8/modules/fortios antivirus profile module


fortios_antivirus_profile – Configure AntiVirus profiles in Fortinet’s FortiOS and FortiGate

New in version 2.8.


Synopsis

  • This module is able to configure a FortiGate or FortiOS by allowing the user to configure antivirus feature and profile category. Examples includes all options and need to be adjusted to datasources before usage. Tested with FOS v6.0.2

Requirements

The below requirements are needed on the host that executes this module.

  • fortiosapi>=0.9.8

Parameters

Parameter Choices/Defaults Comments

antivirus_profile

-

Default:

null

Configure AntiVirus profiles.

analytics-bl-filetype

-

Only submit files matching this DLP file-pattern to FortiSandbox. Source dlp.filepattern.id.

analytics-db

-

  • disable
  • enable

Enable/disable using the FortiSandbox signature database to supplement the AV signature databases.

analytics-max-upload

-

Maximum size of files that can be uploaded to FortiSandbox (1 - 395 MBytes, default = 10).

analytics-wl-filetype

-

Do not submit files matching this DLP file-pattern to FortiSandbox. Source dlp.filepattern.id.

av-block-log

-

  • enable
  • disable

Enable/disable logging for AntiVirus file blocking.

av-virus-log

-

  • enable
  • disable

Enable/disable AntiVirus logging.

comment

-

Comment.

content-disarm

-

AV Content Disarm and Reconstruction settings.

cover-page

-

  • disable
  • enable

Enable/disable inserting a cover page into the disarmed document.

detect-only

-

  • disable
  • enable

Enable/disable only detect disarmable files, do not alter content.

office-embed

-

  • disable
  • enable

Enable/disable stripping of embedded objects in Microsoft Office documents.

office-hylink

-

  • disable
  • enable

Enable/disable stripping of hyperlinks in Microsoft Office documents.

office-linked

-

  • disable
  • enable

Enable/disable stripping of linked objects in Microsoft Office documents.

office-macro

-

  • disable
  • enable

Enable/disable stripping of macros in Microsoft Office documents.

original-file-destination

-

  • fortisandbox
  • quarantine
  • discard

Destination to send original file if active content is removed.

pdf-act-form

-

  • disable
  • enable

Enable/disable stripping of actions that submit data to other targets in PDF documents.

pdf-act-gotor

-

  • disable
  • enable

Enable/disable stripping of links to other PDFs in PDF documents.

pdf-act-java

-

  • disable
  • enable

Enable/disable stripping of actions that execute JavaScript code in PDF documents.

pdf-act-launch

-

  • disable
  • enable

Enable/disable stripping of links to external applications in PDF documents.

pdf-act-movie

-

  • disable
  • enable

Enable/disable stripping of embedded movies in PDF documents.

pdf-act-sound

-

  • disable
  • enable

Enable/disable stripping of embedded sound files in PDF documents.

pdf-embedfile

-

  • disable
  • enable

Enable/disable stripping of embedded files in PDF documents.

pdf-hyperlink

-

  • disable
  • enable

Enable/disable stripping of hyperlinks from PDF documents.

pdf-javacode

-

  • disable
  • enable

Enable/disable stripping of JavaScript code in PDF documents.

extended-log

-

  • enable
  • disable

Enable/disable extended logging for antivirus.

ftgd-analytics

-

  • disable
  • suspicious
  • everything

Settings to control which files are uploaded to FortiSandbox.

ftp

-

Configure FTP AntiVirus options.

archive-block

-

  • encrypted
  • corrupted
  • partiallycorrupted
  • multipart
  • nested
  • mailbomb
  • fileslimit
  • timeout
  • unhandled

Select the archive types to block.

archive-log

-

  • encrypted
  • corrupted
  • partiallycorrupted
  • multipart
  • nested
  • mailbomb
  • fileslimit
  • timeout
  • unhandled

Select the archive types to log.

emulator

-

  • enable
  • disable

Enable/disable the virus emulator.

options

-

  • scan
  • avmonitor
  • quarantine

Enable/disable FTP AntiVirus scanning, monitoring, and quarantine.

outbreak-prevention

-

  • disabled
  • files
  • full-archive

Enable FortiGuard Virus Outbreak Prevention service.

http

-

Configure HTTP AntiVirus options.

archive-block

-

  • encrypted
  • corrupted
  • partiallycorrupted
  • multipart
  • nested
  • mailbomb
  • fileslimit
  • timeout
  • unhandled

Select the archive types to block.

archive-log

-

  • encrypted
  • corrupted
  • partiallycorrupted
  • multipart
  • nested
  • mailbomb
  • fileslimit
  • timeout
  • unhandled

Select the archive types to log.

content-disarm

-

  • disable
  • enable

Enable Content Disarm and Reconstruction for this protocol.

emulator

-

  • enable
  • disable

Enable/disable the virus emulator.

options

-

  • scan
  • avmonitor
  • quarantine

Enable/disable HTTP AntiVirus scanning, monitoring, and quarantine.

outbreak-prevention

-

  • disabled
  • files
  • full-archive

Enable FortiGuard Virus Outbreak Prevention service.

imap

-

Configure IMAP AntiVirus options.

archive-block

-

  • encrypted
  • corrupted
  • partiallycorrupted
  • multipart
  • nested
  • mailbomb
  • fileslimit
  • timeout
  • unhandled

Select the archive types to block.

archive-log

-

  • encrypted
  • corrupted
  • partiallycorrupted
  • multipart
  • nested
  • mailbomb
  • fileslimit
  • timeout
  • unhandled

Select the archive types to log.

content-disarm

-

  • disable
  • enable

Enable Content Disarm and Reconstruction for this protocol.

emulator

-

  • enable
  • disable

Enable/disable the virus emulator.

executables

-

  • default
  • virus

Treat Windows executable files as viruses for the purpose of blocking or monitoring.

options

-

  • scan
  • avmonitor
  • quarantine

Enable/disable IMAP AntiVirus scanning, monitoring, and quarantine.

outbreak-prevention

-

  • disabled
  • files
  • full-archive

Enable FortiGuard Virus Outbreak Prevention service.

inspection-mode

-

  • proxy
  • flow-based

Inspection mode.

mapi

-

Configure MAPI AntiVirus options.

archive-block

-

  • encrypted
  • corrupted
  • partiallycorrupted
  • multipart
  • nested
  • mailbomb
  • fileslimit
  • timeout
  • unhandled

Select the archive types to block.

archive-log

-

  • encrypted
  • corrupted
  • partiallycorrupted
  • multipart
  • nested
  • mailbomb
  • fileslimit
  • timeout
  • unhandled

Select the archive types to log.

emulator

-

  • enable
  • disable

Enable/disable the virus emulator.

executables

-

  • default
  • virus

Treat Windows executable files as viruses for the purpose of blocking or monitoring.

options

-

  • scan
  • avmonitor
  • quarantine

Enable/disable MAPI AntiVirus scanning, monitoring, and quarantine.

outbreak-prevention

-

  • disabled
  • files
  • full-archive

Enable FortiGuard Virus Outbreak Prevention service.

mobile-malware-db

-

  • disable
  • enable

Enable/disable using the mobile malware signature database.

nac-quar

-

Configure AntiVirus quarantine settings.

expiry

-

Duration of quarantine.

infected

-

  • none
  • quar-src-ip

Enable/Disable quarantining infected hosts to the banned user list.

log

-

  • enable
  • disable

Enable/disable AntiVirus quarantine logging.

name

- / required

Profile name.

nntp

-

Configure NNTP AntiVirus options.

archive-block

-

  • encrypted
  • corrupted
  • partiallycorrupted
  • multipart
  • nested
  • mailbomb
  • fileslimit
  • timeout
  • unhandled

Select the archive types to block.

archive-log

-

  • encrypted
  • corrupted
  • partiallycorrupted
  • multipart
  • nested
  • mailbomb
  • fileslimit
  • timeout
  • unhandled

Select the archive types to log.

emulator

-

  • enable
  • disable

Enable/disable the virus emulator.

options

-

  • scan
  • avmonitor
  • quarantine

Enable/disable NNTP AntiVirus scanning, monitoring, and quarantine.

outbreak-prevention

-

  • disabled
  • files
  • full-archive

Enable FortiGuard Virus Outbreak Prevention service.

pop3

-

Configure POP3 AntiVirus options.

archive-block

-

  • encrypted
  • corrupted
  • partiallycorrupted
  • multipart
  • nested
  • mailbomb
  • fileslimit
  • timeout
  • unhandled

Select the archive types to block.

archive-log

-

  • encrypted
  • corrupted
  • partiallycorrupted
  • multipart
  • nested
  • mailbomb
  • fileslimit
  • timeout
  • unhandled

Select the archive types to log.

content-disarm

-

  • disable
  • enable

Enable Content Disarm and Reconstruction for this protocol.

emulator

-

  • enable
  • disable

Enable/disable the virus emulator.

executables

-

  • default
  • virus

Treat Windows executable files as viruses for the purpose of blocking or monitoring.

options

-

  • scan
  • avmonitor
  • quarantine

Enable/disable POP3 AntiVirus scanning, monitoring, and quarantine.

outbreak-prevention

-

  • disabled
  • files
  • full-archive

Enable FortiGuard Virus Outbreak Prevention service.

replacemsg-group

-

Replacement message group customized for this profile. Source system.replacemsg-group.name.

scan-mode

-

  • quick
  • full

Choose between full scan mode and quick scan mode.

smb

-

Configure SMB AntiVirus options.

archive-block

-

  • encrypted
  • corrupted
  • partiallycorrupted
  • multipart
  • nested
  • mailbomb
  • fileslimit
  • timeout
  • unhandled

Select the archive types to block.

archive-log

-

  • encrypted
  • corrupted
  • partiallycorrupted
  • multipart
  • nested
  • mailbomb
  • fileslimit
  • timeout
  • unhandled

Select the archive types to log.

emulator

-

  • enable
  • disable

Enable/disable the virus emulator.

options

-

  • scan
  • avmonitor
  • quarantine

Enable/disable SMB AntiVirus scanning, monitoring, and quarantine.

outbreak-prevention

-

  • disabled
  • files
  • full-archive

Enable FortiGuard Virus Outbreak Prevention service.

smtp

-

Configure SMTP AntiVirus options.

archive-block

-

  • encrypted
  • corrupted
  • partiallycorrupted
  • multipart
  • nested
  • mailbomb
  • fileslimit
  • timeout
  • unhandled

Select the archive types to block.

archive-log

-

  • encrypted
  • corrupted
  • partiallycorrupted
  • multipart
  • nested
  • mailbomb
  • fileslimit
  • timeout
  • unhandled

Select the archive types to log.

content-disarm

-

  • disable
  • enable

Enable Content Disarm and Reconstruction for this protocol.

emulator

-

  • enable
  • disable

Enable/disable the virus emulator.

executables

-

  • default
  • virus

Treat Windows executable files as viruses for the purpose of blocking or monitoring.

options

-

  • scan
  • avmonitor
  • quarantine

Enable/disable SMTP AntiVirus scanning, monitoring, and quarantine.

outbreak-prevention

-

  • disabled
  • files
  • full-archive

Enable FortiGuard Virus Outbreak Prevention service.

state

-

  • present
  • absent

Indicates whether to create or remove the object

host

- / required

FortiOS or FortiGate ip address.

https

boolean

  • no

  • yes

Indicates if the requests towards FortiGate must use HTTPS protocol

password

-

Default:

""

FortiOS or FortiGate password.

username

- / required

FortiOS or FortiGate username.

vdom

-

Default:

"root"

Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit.



Notes

Note

  • Requires fortiosapi library developed by Fortinet
  • Run as a local_action in your playbook


Examples

- hosts: localhost
  vars:
   host: "192.168.122.40"
   username: "admin"
   password: ""
   vdom: "root"
  tasks:
  - name: Configure AntiVirus profiles.
    fortios_antivirus_profile:
      host:  "{{ host }}"
      username: "{{ username }}"
      password: "{{ password }}"
      vdom:  "{{ vdom }}"
      antivirus_profile:
        state: "present"
        analytics-bl-filetype: "3 (source dlp.filepattern.id)"
        analytics-db: "disable"
        analytics-max-upload: "5"
        analytics-wl-filetype: "6 (source dlp.filepattern.id)"
        av-block-log: "enable"
        av-virus-log: "enable"
        comment: "Comment."
        content-disarm:
            cover-page: "disable"
            detect-only: "disable"
            office-embed: "disable"
            office-hylink: "disable"
            office-linked: "disable"
            office-macro: "disable"
            original-file-destination: "fortisandbox"
            pdf-act-form: "disable"
            pdf-act-gotor: "disable"
            pdf-act-java: "disable"
            pdf-act-launch: "disable"
            pdf-act-movie: "disable"
            pdf-act-sound: "disable"
            pdf-embedfile: "disable"
            pdf-hyperlink: "disable"
            pdf-javacode: "disable"
        extended-log: "enable"
        ftgd-analytics: "disable"
        ftp:
            archive-block: "encrypted"
            archive-log: "encrypted"
            emulator: "enable"
            options: "scan"
            outbreak-prevention: "disabled"
        http:
            archive-block: "encrypted"
            archive-log: "encrypted"
            content-disarm: "disable"
            emulator: "enable"
            options: "scan"
            outbreak-prevention: "disabled"
        imap:
            archive-block: "encrypted"
            archive-log: "encrypted"
            content-disarm: "disable"
            emulator: "enable"
            executables: "default"
            options: "scan"
            outbreak-prevention: "disabled"
        inspection-mode: "proxy"
        mapi:
            archive-block: "encrypted"
            archive-log: "encrypted"
            emulator: "enable"
            executables: "default"
            options: "scan"
            outbreak-prevention: "disabled"
        mobile-malware-db: "disable"
        nac-quar:
            expiry: "<your_own_value>"
            infected: "none"
            log: "enable"
        name: "default_name_63"
        nntp:
            archive-block: "encrypted"
            archive-log: "encrypted"
            emulator: "enable"
            options: "scan"
            outbreak-prevention: "disabled"
        pop3:
            archive-block: "encrypted"
            archive-log: "encrypted"
            content-disarm: "disable"
            emulator: "enable"
            executables: "default"
            options: "scan"
            outbreak-prevention: "disabled"
        replacemsg-group: "<your_own_value> (source system.replacemsg-group.name)"
        scan-mode: "quick"
        smb:
            archive-block: "encrypted"
            archive-log: "encrypted"
            emulator: "enable"
            options: "scan"
            outbreak-prevention: "disabled"
        smtp:
            archive-block: "encrypted"
            archive-log: "encrypted"
            content-disarm: "disable"
            emulator: "enable"
            executables: "default"
            options: "scan"
            outbreak-prevention: "disabled"

Return Values

Common return values are documented here, the following are the fields unique to this module:

Key Returned Description

build

string

always

Build number of the fortigate image


Sample:

1547

http_method

string

always

Last method used to provision the content into FortiGate


Sample:

PUT

http_status

string

always

Last result given by FortiGate on last operation applied


Sample:

200

mkey

string

success

Master key (id) used in the last call to FortiGate


Sample:

id

name

string

always

Name of the table used to fulfill the request


Sample:

urlfilter

path

string

always

Path of the table used to fulfill the request


Sample:

webfilter

revision

string

always

Internal revision number


Sample:

17.0.2.10658

serial

string

always

Serial number of the unit


Sample:

FGVMEVYYQT3AB5352

status

string

always

Indication of the operation's result


Sample:

success

vdom

string

always

Virtual domain used


Sample:

root

version

string

always

Version of the FortiGate


Sample:

v5.6.3




Status

Authors

  • Miguel Angel Munoz (@mamunozgonzalez)
  • Nicolas Thomas (@thomnico)

Hint

If you notice any issues in this documentation you can edit this document to improve it.


© 2012–2018 Michael DeHaan
© 2018–2019 Red Hat, Inc.
Licensed under the GNU General Public License version 3.
https://docs.ansible.com/ansible/2.8/modules/fortios_antivirus_profile_module.html