https://community.fortinet.com/t5/FortiGate/Technical-Note-AV-scanning-on-SMTP-traffic/ta-p/194862?externalID=FD37727

https://www.eicar.com/download-anti-malware-testfile/

./swaks --server mail.firma.cz -tls -from pm@nekde.cz --to pm@firma.cz -tls --attach ./eicar.com -n
*** DEPRECATION WARNING: Inferring a filename from the argument to --attach will be removed in the future.  Prefix filenames with '@' instead.
=== Trying mail.firma.cz:25...
=== Connected to mail.firma.cz.
<-  220 mail.firma.cz ESMTP Sendmail 8.16.1/8.16.1; Tue, 11 Jan 2022 14:15:31 +0100 (CET)
 -> EHLO mail.nekde.cz
<-  250-mail.firma.cz Hello mail.nekde.cz [1.2.6.139], pleased to meet you
<-  250-ENHANCEDSTATUSCODES
<-  250-PIPELINING
<-  250-8BITMIME
<-  250-SIZE
<-  250-DSN
<-  250-ETRN
<-  250-AUTH LOGIN PLAIN
<-  250-STARTTLS
<-  250-DELIVERBY
<-  250 HELP
 -> STARTTLS
<-  220 2.0.0 Ready to start TLS
=== TLS started with cipher TLSv1.3:TLS_AES_256_GCM_SHA384:256
=== TLS no local certificate set
=== TLS peer DN="/CN=mail.firma.cz"
 ~> EHLO mail.bvspedice.cz
<~  250-mail.firma.cz Hello mail.nekde.cz [1.2.6.139], pleased to meet you
<~  250-ENHANCEDSTATUSCODES
<~  250-PIPELINING
<~  250-8BITMIME
<~  250-SIZE
<~  250-DSN
<~  250-ETRN
<~  250-AUTH LOGIN PLAIN
<~  250-DELIVERBY
<~  250 HELP
 ~> MAIL FROM:<pm@nekde.cz>
<~  250 2.1.0 <pm@nekde.cz>... Sender ok
 ~> RCPT TO:<pm@firma.cz>
<~  250 2.1.5 <pm@firma.cz>... Recipient ok
 ~> DATA
<~  354 Enter mail, end with "." on a line by itself
 ~> 26 lines sent
<~* 554 5.7.1 Dangerous attachment removed.  The file "eicar.com" was infected with the "EICAR_TEST_FILE" virus. It has been removed and quarantined as: "[disabled]"."http://www.fortinet.com/ve?vn=EICAR_TEST_FILE".
 ~> QUIT
 

 

Zmínka o utilitě swaks, ta se bude hodit stáhneme i vir eicar.com Lze vynechat příznak -tls pro nešifrovanou variantu. Lze testovat třeba i zakázané přílohy, třeba *.bat. Výsledek je pak: > 25 lines sent <** 554 5.7.1 This email has been blocked. The file neco.bat was blocked due to its file type or properties. -> QUIT Pro antispamm se může použít toto: fetch https://spamassassin.apache.org/gtube/gtube.txt ./swaks --server mail.firma.cz -from pm@nekde.cz --to pm@firma.cz --body gtube.txt

diag sys top    top
diag sys process pidof sslvpnd   zjištění pidu procesu
fnsysctl killall sslvpnd    restart vpn

fnsysctl ls /data/lib/

diagnose user quarantine list
 src-ip-addr       created                  expires                  cause            
172.25.9.130      Fri Dec 16 12:09:05 2022 Fri Dec 16 14:09:05 2022 IPS      
 

Povi duvod, treba jako tady IPS, pak uz staci jit jen do IPS logu a dohledat

Fortigate# config system global
Fortigate (global)# set gui-XXXX enable
Fortigate (global)# end