The Advatek Blog

FortiOS 6.0: FortiGuard content disarm and reconstruction

Some interesting info here on some of the new features in FortiOS 6.0 – Content Disarm and Reconstruction.

Content Disarm and Reconstruction (CDR) removes exploitable content and replaces it with content that’s known to be safe. As files are processed through an enabled AntiVirus profile, content that’s found to be malicious or unsafe is replaced with content that allows the traffic to continue, but doesn’t put the recipient at risk.

Content that can be scanned includes PDF and Microsoft Office files leaving the network on CDR-supported protocols (such as, HTTP web download, SMTP email send, IMAP and POP3 email retrieval—MAPI isn’t supported).

This feature works even if FortiSandbox is not configured, but only if you want to discard the original file. If FortiSandbox is configured and it responds that the file is clean, it passes the content unmodified.

There’s more detail on this on the Fortinet website, and well worth looking into if you’ve got a Fortigate with the latest FortiOS.

Leave a Reply

Your email address will not be published. Required fields are marked *