With the release of FortiOS 4.0 MR2 there are three Antivirus Databases available: Normal, Extended, and Extreme.

1. Normal Database.

The "wild list" forms the basis of the Normal Antivirus Database. This is  the default Antivirus database on the FortiGate unit. The wild list was first setup in the middle of the 1990's. It provides up to date information pertaining to currently circulating IT threats, it provides a useful, although not exclusive list of viruses reported from around the world.   More information about the wild list and its activities are available on the following URL : www.wildlist.org.

2. Extended Database.

The following pre-requisites are required in order to use the Extended Antivirus Database on the FortiGate:

- The FortiGate device must be running FortiOS 3.0 MR6 and above.
- The FortiGate must have at least 512MB RAM and sufficient storage space (>= 128 MB containing 3 or more partitions).

The following FortiGate Units use the 2nd Shared Data Partition to store the Extended Antivirus Database: FortiGate-50B, FortiGate-60B, FortiWiFi-50B, FortiWiFi-60B.

The following FortiGate Units use the 3rd Shared Data Partition to store the Extended Antivirus Database: FortiGate-51B, FortiGate-80C, FortiGate-80CM, FortiGate-82C, FortiGate-110C, FortiGate-111C, FortiGate-224B, FortiGate-310B, FortiGate-310B-DC, FortiGate-311B, FortiGate-620B, FortiGate-620B-DC, FortiGate-1000A, FortiGate-1000A-LENC, FortiGate-1240B, FortiGate-1000A-AFA2, FortiGate-3016B, FortiGate-3600A, FortiGate-3810A, FortiGate-5001A, FortiGate-5005FA2, FortiWiFi-80C, FortiWiFi-81CM.

The following FortiGate Units use the Extended Antivirus Database by default: FortiGate-3016B, FortiGate-3600A, FortiGate-3810A, FortiGate-5001, FortiGate-5001A, FortiGate-5001FA2, FortiGate-5002FB2, FortiGate-5005FA2.

Note that by default the Normal Antivirus Database is activated on all other FortiGate devices. To activate the Extended Antivirus Database use the following CLI commands:

FGT# config antivirus settings
FGT(settings) # set default-db extended
FGT(settings) # end


3. Extreme Database.

This Antivirus Database requires the most storage. Platforms that have a minimum flash size of 512M and 1Gb of main memory use the Exteme Database.

A virus currently not in circulation has the definition "zoo virus". Zoo virus refer to viruses that can no longer become active as they were written for legacy operating systems.

If the FortiGate detects a zoo entry, the Extreme Antivirus Database can protect the network from this threat.

To enable the Extreme Antivirus Database first ensure that the FortiGate has adequate hardware and software.

The Extreme database needs additional storage capacity not available across all models. The Extreme Database requires 512M of flash storage and 1Gb of main memory.

The following models support the Extreme databases:FortiGate-200B, FortiGate-200B-POE, FortiGate-620B, FortiGate-620B-DC, FortiGate-1240B.

To configure the Extreme database as the default Antivirus Database:
FGT# config antivirus settings
FGT(settings) # set default-db extreme
FGT(settings) # end



Verification steps when changing the virus database

- Enable AV in firewall policy
- Run the CLI command "execute update-av" to trigger the download of the newly selected database.
- Run the followiig CLI commands to verify the status and the DB version number:

# get system fortiguard-service status
# diagnose autoupdate versions

The related article contains additional troubleshooting steps.