MMS virus scanning

MMS virus scanning

You can use MMS virus scanning to scan content contained within MMS messages for viruses. FortiOS Carrier virus scanning can be applied to the MM1, MM3, MM4, and MM7 interfaces to detect and remove content containing viruses at many points in an MMS network. Perhaps the most useful interface to apply virus scanning would be the MM1 interface to block viruses sent by mobile users before they get into the service provider network.

To go to MMS virus scanning, go to Security Profiles MMS Profile, select an existing or create a new profile, and expand MMS Scanning. See MMS scanning options.

This section includes:

  • MMS virus monitoring
  • MMS virus scanning blocks messages (not just attachments)
  • Scanning MM1 retrieval messages
  • Configuring MMS virus scanning
  • Removing or replacing blocked messages
  • Carrier Endpoint Block
  • MMS Content Checksum
  • Passing or blocking fragmented messages
  • Client comforting
  • Server comforting
  • Handling oversized MMS messages

 

MMS virus monitoring

To enable MMS virus monitoring, expand MMS Scanning and enable Monitor only for the selected MMS types.

This feature causes the FortiOS Carrier unit to record log messages when MMS scanning options find a virus, match a file name, or match content using any of the other MMS scanning options. Selecting this option enables reporting on viruses and other problems in MMS traffic without affecting users.

 

MMS virus scanning blocks messages (not just attachments)

To enable MMS virus scanning, expand MMS Scanning and enable Virus Scan for the selected MMS types.

Because MM1 and MM7 use HTTP, the oversize limits for HTTP and the HTTP antivirus port configurations also apply to MM1 and MM7 scanning. See

MM3 and MM4 use SMTP and the oversize limits for SMTP and the SMTP antivirus port configurations also apply to MM3 and MM4 scanning.

The message contents will be scanned for viruses, matched against the file extension blocking lists and scanned for banned words. All these items will be configured via the standard GUI interfaces available for the other protocols and will be controlled at the protection profile level with new options specifically for the MM1 messages.

The FortiOS Carrier unit extracts the sender’s Mobile Subscriber Integrated Services Digital Network Number (MSISDN) from the HTTP headers if available. The POST payload will be sent to the scanunits which will parse the MMS content and scan each message data section. If any part of the data is to be blocked, the proxy will be informed, the connection to the MMSC will be reset and the Carrier-enabled FortiGate unit will return an HTTP 200 OK message with an m-send-conf payload to the client to prevent a retry. Finally the appropriate logging, alert, and replacement message events will be triggered.

For client notification, the  x-mms-response-status and x-mms-response-text fields can also be customized as required.

Scanning MM1 retrieval messages

To scan MM1 retrieval messages, expand MMS Scanning and select Scan MM1 message retrieval.

Select to scan message retrievals that use MM1. If you enable Virus Scan for all MMS interfaces, messages are also scanned while being sent. In this case, you can disable MM1 message retrieval scanning to improve performance.

 

Configuring MMS virus scanning

To configure MMS virus scanning, expand MMS Scanning and enable Virus Scan.

Once applied to a security policy, the MMS protection profile will then perform virus scans on all traffic accepted by that policy.

 

Removing or replacing blocked messages

To remove blocked messages, expand MMS Scanning and select Remove Blocked for the selected MMS types.

Select Remove Blocked remove blocked content from each protocol and replace it with the replacement message. If FortiOS Carrier is to preserve the length of the message when removing blocked content, as may occur when billing is affected by the length of the message, select Constant.

If you only want to monitor blocked content, select Monitor Only.

This entry was posted in FortiOS 5.4 Handbook on by .

About Mike

Michael Pruett, CISSP has a wide range of cyber-security and network engineering expertise. The plethora of vendors that resell hardware but have zero engineering knowledge resulting in the wrong hardware or configuration being deployed is a major pet peeve of Michael's. This site was started in an effort to spread information while providing the option of quality consulting services at a much lower price than Fortinet Professional Services. Owns PacketLlama.Com (Fortinet Hardware Sales) and Office Of The CISO, LLC (Cybersecurity consulting firm).

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.