System config Changing replacement messages
FortiGate-100A Administration Guide 01-28007-0068-20041203 107
Changing replacement messages
Figure 37: Sample HTTP virus replacement message
Replacement messages can be text or HTML messages. You can add HTML code to
HTML messages. In addition, replacement messages can include replacement
message tags. When users receive the replacement message, the replacement
message tag is replaced with content relevant to the message. Table 20 lists the
replacement message tags that you can add.
Table 20: Replacement message tags
Tag Description
%%FILE%% The name of a file that has been removed from a content stream.
This could be a file that contained a virus or was blocked by
antivirus file blocking. %%FILE%% can be used in virus and file block
messages.
%%VIRUS%% The name of a virus that was found in a file by the antivirus system.
%%VIRUS%% can be used virus messages
%%QUARFILENAME%% The name of a file that has been removed from a content stream
and added to the quarantine. This could be a file that contained a
virus or was blocked by antivirus file blocking.
%%QUARFILENAME%% can be used in virus and file block messages.
Quarantining is only available on FortiGate units with a local disk.
%%URL%% The URL of a web page. This can be a web page that is blocked by
web filter content or URL blocking. %%URL%% can also be used in
http virus and file block messages to be the URL of the web page
from which a user attempted to download a file that is blocked.
%%CRITICAL_EVENT%% Added to alert email critical event email messages.
%%CRITICAL_EVENT%% is replaced with the critical event message
that triggered the alert email.
%%PROTOCOL%% The protocol (http, ftp, pop3, imap, or smtp) in which a virus was
detected. %%PROTOCOL%% is added to alert email virus messages.
%%SOURCE_IP%% The IP address of the request originator who would have received
the blocked file. For email this is the IP address of the user’s
computer that attempted to download the message from which the
file was removed.
%%DEST_IP%% The IP address of the request destination from which a virus was
received. For email this is the IP address of the email server that
sent the email containing the virus. For HTTP this is the IP address
of web page that sent the virus.