fortios_antivirus_profile – Configure AntiVirus profiles in Fortinet’s FortiOS and FortiGate
New in version 2.8.
Synopsis
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify antivirus feature and profile category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.5
Requirements
The below requirements are needed on the host that executes this module.
- fortiosapi>=0.9.8
Parameters
| Parameter | Choices/Defaults | Comments | ||
|---|---|---|---|---|
| antivirus_profile
dictionary
|
Default:
null
|
Configure AntiVirus profiles.
|
||
| analytics_bl_filetype
integer
|
Only submit files matching this DLP file-pattern to FortiSandbox. Source dlp.filepattern.id.
|
|||
| analytics_db
string
|
|
Enable/disable using the FortiSandbox signature database to supplement the AV signature databases.
|
||
| analytics_max_upload
integer
|
Maximum size of files that can be uploaded to FortiSandbox (1 - 395 MBytes).
|
|||
| analytics_wl_filetype
integer
|
Do not submit files matching this DLP file-pattern to FortiSandbox. Source dlp.filepattern.id.
|
|||
| av_block_log
string
|
|
Enable/disable logging for AntiVirus file blocking.
|
||
| av_virus_log
string
|
|
Enable/disable AntiVirus logging.
|
||
| comment
string
|
Comment.
|
|||
| content_disarm
dictionary
|
AV Content Disarm and Reconstruction settings.
|
|||
| cover_page
string
|
|
Enable/disable inserting a cover page into the disarmed document.
|
||
| detect_only
string
|
|
Enable/disable only detect disarmable files, do not alter content.
|
||
| office_embed
string
|
|
Enable/disable stripping of embedded objects in Microsoft Office documents.
|
||
| office_hylink
string
|
|
Enable/disable stripping of hyperlinks in Microsoft Office documents.
|
||
| office_linked
string
|
|
Enable/disable stripping of linked objects in Microsoft Office documents.
|
||
| office_macro
string
|
|
Enable/disable stripping of macros in Microsoft Office documents.
|
||
| original_file_destination
string
|
|
Destination to send original file if active content is removed.
|
||
| pdf_act_form
string
|
|
Enable/disable stripping of actions that submit data to other targets in PDF documents.
|
||
| pdf_act_gotor
string
|
|
Enable/disable stripping of links to other PDFs in PDF documents.
|
||
| pdf_act_java
string
|
|
Enable/disable stripping of actions that execute JavaScript code in PDF documents.
|
||
| pdf_act_launch
string
|
|
Enable/disable stripping of links to external applications in PDF documents.
|
||
| pdf_act_movie
string
|
|
Enable/disable stripping of embedded movies in PDF documents.
|
||
| pdf_act_sound
string
|
|
Enable/disable stripping of embedded sound files in PDF documents.
|
||
| pdf_embedfile
string
|
|
Enable/disable stripping of embedded files in PDF documents.
|
||
| pdf_hyperlink
string
|
|
Enable/disable stripping of hyperlinks from PDF documents.
|
||
| pdf_javacode
string
|
|
Enable/disable stripping of JavaScript code in PDF documents.
|
||
| extended_log
string
|
|
Enable/disable extended logging for antivirus.
|
||
| ftgd_analytics
string
|
|
Settings to control which files are uploaded to FortiSandbox.
|
||
| ftp
dictionary
|
Configure FTP AntiVirus options.
|
|||
| archive_block
string
|
|
Select the archive types to block.
|
||
| archive_log
string
|
|
Select the archive types to log.
|
||
| emulator
string
|
|
Enable/disable the virus emulator.
|
||
| options
string
|
|
Enable/disable FTP AntiVirus scanning, monitoring, and quarantine.
|
||
| outbreak_prevention
string
|
|
Enable FortiGuard Virus Outbreak Prevention service.
|
||
| http
dictionary
|
Configure HTTP AntiVirus options.
|
|||
| archive_block
string
|
|
Select the archive types to block.
|
||
| archive_log
string
|
|
Select the archive types to log.
|
||
| content_disarm
string
|
|
Enable Content Disarm and Reconstruction for this protocol.
|
||
| emulator
string
|
|
Enable/disable the virus emulator.
|
||
| options
string
|
|
Enable/disable HTTP AntiVirus scanning, monitoring, and quarantine.
|
||
| outbreak_prevention
string
|
|
Enable FortiGuard Virus Outbreak Prevention service.
|
||
| imap
dictionary
|
Configure IMAP AntiVirus options.
|
|||
| archive_block
string
|
|
Select the archive types to block.
|
||
| archive_log
string
|
|
Select the archive types to log.
|
||
| content_disarm
string
|
|
Enable Content Disarm and Reconstruction for this protocol.
|
||
| emulator
string
|
|
Enable/disable the virus emulator.
|
||
| executables
string
|
|
Treat Windows executable files as viruses for the purpose of blocking or monitoring.
|
||
| options
string
|
|
Enable/disable IMAP AntiVirus scanning, monitoring, and quarantine.
|
||
| outbreak_prevention
string
|
|
Enable FortiGuard Virus Outbreak Prevention service.
|
||
| inspection_mode
string
|
|
Inspection mode.
|
||
| mapi
dictionary
|
Configure MAPI AntiVirus options.
|
|||
| archive_block
string
|
|
Select the archive types to block.
|
||
| archive_log
string
|
|
Select the archive types to log.
|
||
| emulator
string
|
|
Enable/disable the virus emulator.
|
||
| executables
string
|
|
Treat Windows executable files as viruses for the purpose of blocking or monitoring.
|
||
| options
string
|
|
Enable/disable MAPI AntiVirus scanning, monitoring, and quarantine.
|
||
| outbreak_prevention
string
|
|
Enable FortiGuard Virus Outbreak Prevention service.
|
||
| mobile_malware_db
string
|
|
Enable/disable using the mobile malware signature database.
|
||
| nac_quar
dictionary
|
Configure AntiVirus quarantine settings.
|
|||
| expiry
string
|
Duration of quarantine.
|
|||
| infected
string
|
|
Enable/Disable quarantining infected hosts to the banned user list.
|
||
| log
string
|
|
Enable/disable AntiVirus quarantine logging.
|
||
| name
string / required
|
Profile name.
|
|||
| nntp
dictionary
|
Configure NNTP AntiVirus options.
|
|||
| archive_block
string
|
|
Select the archive types to block.
|
||
| archive_log
string
|
|
Select the archive types to log.
|
||
| emulator
string
|
|
Enable/disable the virus emulator.
|
||
| options
string
|
|
Enable/disable NNTP AntiVirus scanning, monitoring, and quarantine.
|
||
| outbreak_prevention
string
|
|
Enable FortiGuard Virus Outbreak Prevention service.
|
||
| pop3
dictionary
|
Configure POP3 AntiVirus options.
|
|||
| archive_block
string
|
|
Select the archive types to block.
|
||
| archive_log
string
|
|
Select the archive types to log.
|
||
| content_disarm
string
|
|
Enable Content Disarm and Reconstruction for this protocol.
|
||
| emulator
string
|
|
Enable/disable the virus emulator.
|
||
| executables
string
|
|
Treat Windows executable files as viruses for the purpose of blocking or monitoring.
|
||
| options
string
|
|
Enable/disable POP3 AntiVirus scanning, monitoring, and quarantine.
|
||
| outbreak_prevention
string
|
|
Enable FortiGuard Virus Outbreak Prevention service.
|
||
| replacemsg_group
string
|
Replacement message group customized for this profile. Source system.replacemsg-group.name.
|
|||
| scan_mode
string
|
|
Choose between full scan mode and quick scan mode.
|
||
| smb
dictionary
|
Configure SMB AntiVirus options.
|
|||
| archive_block
string
|
|
Select the archive types to block.
|
||
| archive_log
string
|
|
Select the archive types to log.
|
||
| emulator
string
|
|
Enable/disable the virus emulator.
|
||
| options
string
|
|
Enable/disable SMB AntiVirus scanning, monitoring, and quarantine.
|
||
| outbreak_prevention
string
|
|
Enable FortiGuard Virus Outbreak Prevention service.
|
||
| smtp
dictionary
|
Configure SMTP AntiVirus options.
|
|||
| archive_block
string
|
|
Select the archive types to block.
|
||
| archive_log
string
|
|
Select the archive types to log.
|
||
| content_disarm
string
|
|
Enable Content Disarm and Reconstruction for this protocol.
|
||
| emulator
string
|
|
Enable/disable the virus emulator.
|
||
| executables
string
|
|
Treat Windows executable files as viruses for the purpose of blocking or monitoring.
|
||
| options
string
|
|
Enable/disable SMTP AntiVirus scanning, monitoring, and quarantine.
|
||
| outbreak_prevention
string
|
|
Enable FortiGuard Virus Outbreak Prevention service.
|
||
| state
string
|
|
Deprecated
Starting with Ansible 2.9 we recommend using the top-level 'state' parameter.
Indicates whether to create or remove the object.
|
||
| host
string
|
FortiOS or FortiGate IP address.
|
|||
| https
boolean
|
|
Indicates if the requests towards FortiGate must use HTTPS protocol.
|
||
| password
string
|
Default:
""
|
FortiOS or FortiGate password.
|
||
| ssl_verify
boolean
added in 2.9
|
|
Ensures FortiGate certificate must be verified by a proper CA.
|
||
| state
string
added in 2.9
|
|
Indicates whether to create or remove the object. This attribute was present already in previous version in a deeper level. It has been moved out to this outer level.
|
||
| username
string
|
FortiOS or FortiGate username.
|
|||
| vdom
string
|
Default:
"root"
|
Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit.
|
||
Notes
Note
- Requires fortiosapi library developed by Fortinet
- Run as a local_action in your playbook
Examples
- hosts: localhost
vars:
host: "192.168.122.40"
username: "admin"
password: ""
vdom: "root"
ssl_verify: "False"
tasks:
- name: Configure AntiVirus profiles.
fortios_antivirus_profile:
host: "{{ host }}"
username: "{{ username }}"
password: "{{ password }}"
vdom: "{{ vdom }}"
https: "False"
state: "present"
antivirus_profile:
analytics_bl_filetype: "3 (source dlp.filepattern.id)"
analytics_db: "disable"
analytics_max_upload: "5"
analytics_wl_filetype: "6 (source dlp.filepattern.id)"
av_block_log: "enable"
av_virus_log: "enable"
comment: "Comment."
content_disarm:
cover_page: "disable"
detect_only: "disable"
office_embed: "disable"
office_hylink: "disable"
office_linked: "disable"
office_macro: "disable"
original_file_destination: "fortisandbox"
pdf_act_form: "disable"
pdf_act_gotor: "disable"
pdf_act_java: "disable"
pdf_act_launch: "disable"
pdf_act_movie: "disable"
pdf_act_sound: "disable"
pdf_embedfile: "disable"
pdf_hyperlink: "disable"
pdf_javacode: "disable"
extended_log: "enable"
ftgd_analytics: "disable"
ftp:
archive_block: "encrypted"
archive_log: "encrypted"
emulator: "enable"
options: "scan"
outbreak_prevention: "disabled"
http:
archive_block: "encrypted"
archive_log: "encrypted"
content_disarm: "disable"
emulator: "enable"
options: "scan"
outbreak_prevention: "disabled"
imap:
archive_block: "encrypted"
archive_log: "encrypted"
content_disarm: "disable"
emulator: "enable"
executables: "default"
options: "scan"
outbreak_prevention: "disabled"
inspection_mode: "proxy"
mapi:
archive_block: "encrypted"
archive_log: "encrypted"
emulator: "enable"
executables: "default"
options: "scan"
outbreak_prevention: "disabled"
mobile_malware_db: "disable"
nac_quar:
expiry: "<your_own_value>"
infected: "none"
log: "enable"
name: "default_name_63"
nntp:
archive_block: "encrypted"
archive_log: "encrypted"
emulator: "enable"
options: "scan"
outbreak_prevention: "disabled"
pop3:
archive_block: "encrypted"
archive_log: "encrypted"
content_disarm: "disable"
emulator: "enable"
executables: "default"
options: "scan"
outbreak_prevention: "disabled"
replacemsg_group: "<your_own_value> (source system.replacemsg-group.name)"
scan_mode: "quick"
smb:
archive_block: "encrypted"
archive_log: "encrypted"
emulator: "enable"
options: "scan"
outbreak_prevention: "disabled"
smtp:
archive_block: "encrypted"
archive_log: "encrypted"
content_disarm: "disable"
emulator: "enable"
executables: "default"
options: "scan"
outbreak_prevention: "disabled"
Return Values
Common return values are documented here, the following are the fields unique to this module:
| Key | Returned | Description |
|---|---|---|
| build
string
|
always |
Build number of the fortigate image
Sample:
1547
|
| http_method
string
|
always |
Last method used to provision the content into FortiGate
Sample:
PUT
|
| http_status
string
|
always |
Last result given by FortiGate on last operation applied
Sample:
200
|
| mkey
string
|
success |
Master key (id) used in the last call to FortiGate
Sample:
id
|
| name
string
|
always |
Name of the table used to fulfill the request
Sample:
urlfilter
|
| path
string
|
always |
Path of the table used to fulfill the request
Sample:
webfilter
|
| revision
string
|
always |
Internal revision number
Sample:
17.0.2.10658
|
| serial
string
|
always |
Serial number of the unit
Sample:
FGVMEVYYQT3AB5352
|
| status
string
|
always |
Indication of the operation's result
Sample:
success
|
| vdom
string
|
always |
Virtual domain used
Sample:
root
|
| version
string
|
always |
Version of the FortiGate
Sample:
v5.6.3
|
Status
- This module is not guaranteed to have a backwards compatible interface. [preview]
- This module is maintained by the Ansible Community. [community]
Authors
- Miguel Angel Munoz (@mamunozgonzalez)
- Nicolas Thomas (@thomnico)
Hint
If you notice any issues in this documentation, you can edit this document to improve it.
© 2012–2018 Michael DeHaan
© 2018–2019 Red Hat, Inc.
Licensed under the GNU General Public License version 3.
https://docs.ansible.com/ansible/2.9/modules/fortios_antivirus_profile_module.html