Skip to Content

Validating common FortiGuard update package objects signature

By: Author Alex Lim

Posted on

Categories Networking

This article highlights common FortiGuard database objects and their corresponding acronyms and how to validate their signature.

Scope

FortiGate.

Solution

SBCL – Sandbox Cloud.
SBCL – Sandbox Cloud.
AVDB – Advanced Malware Protection
DLDB – DLP Signature
MUDB – Malicious URL DB
ETDB – IPS Extended DB
EXDB – AV Extreme DB
FLDB – Flow Based VirusDB
MMDB – Mobile Malware DB
AVAI – AI/Machine Learning Malware DB
APDB – Application DB
MADB – MAC Address DB
AFDB – Antiphish DB
DBDB – Botnet Domain DB
FFDB/ISDB – Internet Service DB
MCDB – Malicious Certificate DataBase
UWDB – URL Whitelist DB
ICDB – Inline CASB DB
CIDB – Device and OS Identification DB
AFAC – FortiAnalyzer Cloud
FCSS – FortiConverter Service
FMGC – FortiManager Cloud
FMWP – Firmware Virtual Patch
FMWR – Firmware & General Updates
FURL – FortiGuard URL, DNS & Video Filtering Service
IOTH/IOTD – IoT Detection
PBDS – FortiGuard IOC
SOAR – FortiAnalyzer Security Automation
SOCA – SOCaaS
SPAM – AntiSpam
ZHVO – FortiGuard Virus Outbreak Protection Service
NIDS – FortiGuard IPS Service
SFAS – Security Rating Data Package

Below is an example output of the command which can be used to validate the signature of FortiGuard database objects.

diagnose autoupdate signature check-all

aven(7,33) signature is valid.
virdb(2,2) signature is valid.
etdb(2,7) signature is valid.
exdb(2,4) signature is valid.
avai(2,19) signature is valid.
fcni(9,0) signature N/A.
contract(10,0) signature N/A.
idsen(30,80) signature is valid.
fldb(34,2) signature is valid.
idsdb(4,24) signature is valid.
idsetdb(4,26) signature is valid.
idsurldb(5,1) signature is valid.
appdb(38,1) signature is valid.
fmwpdb(54,1) signature is valid.
isdb(39,1) signature is valid.
iot_detec(40,1) signature is valid.
geoip(28,0) signature N/A.
ffdb_mini(31,21) signature is valid.
ffdb_std(31,19) signature is valid.
ffdb_full(31,20) signature is valid.
uwdb(32,1) signature N/A.
certdb(33,0) signature N/A.
mmdb(35,1) signature is valid.
dnsbot(36,1) signature is valid.
sfas(41,0) signature N/A.
mcdb(43,1) signature N/A.
alci(48,0) signature N/A.
anphipats(50,1) signature N/A.
incasb(51,1) signature is valid.
update objects signature check finished.

Note:

  • Only signed and validated packages will be accepted during automatic updates.
  • In case of manual package updates, signed and validated packages will be accepted.
  • In case a package is not signed, the following would apply:
    • Level-0: accept the new package even if it is unsigned.
    • Level-1: display a warning and request a user confirmation to accept.
    • Level-2: display an error and reject the image.
  • Security levels are pre-configured on the BIOS.

To verify the BIOS security level:

get system status
Version: FortiGate-VM64-KVM v7.2.8,build1639,240313 (GA.M)
Security Level: 1
Firmware Signature: certified