[rancid] fortigate 100E hourly changes not filtered

Tim McIntire Tim.McIntire at infinite.com
Tue Apr 28 20:42:55 UTC 2020

Thanks John.. that clears it up.


-----Original Message-----
From: john heasley [mailto:heas at shrubbery.net] 
Sent: Tuesday, April 28, 2020 3:29 PM
To: Tim McIntire <Tim.McIntire at infinite.com>
Cc: Rancid-discuss at www.shrubbery.net
Subject: Re: [rancid] fortigate 100E hourly changes not filtered

Tue, Apr 28, 2020 at 08:24:01PM +0000, Tim McIntire:
> Hi All,
> Having a problem with Rancid 3.9 with Fortigate 100E firewall.  Each hour, the config is updated with new Virus files and it is triggering an update/email for the change.
> Here is the delta:
> @@ -1,12 +1,12 @@
>   #RANCID-CONTENT-TYPE: fortigate
>   #
>   #Version: FortiGate-100E v6.2.3,build1066,191218 (GA)
> - #Virus-DB: 77.00033(2020-04-28 08:20)
> - #Extended DB: 77.00033(2020-04-28 08:20)
> - #IPS-DB: 15.00828(2020-04-25 01:28)
> + #Virus-DB: 77.00035(2020-04-28 10:20) #Extended DB: 
> + 77.00035(2020-04-28 10:20)
> + #IPS-DB: 15.00829(2020-04-28 00:39)
>   #IPS-ETDB: 0.00000(2001-01-01 00:00)
> - #APP-DB: 15.00828(2020-04-25 01:28)
> + #APP-DB: 15.00829(2020-04-28 00:39)
>   #INDUSTRIAL-DB: 6.00741(2015-12-01 02:30)
>   #Serial-Number: FG100ETK19022626
>   #IPS Malicious URL Database: 2.00627(2020-04-28 05:33)
>   #Botnet DB: 1.00000(2012-05-28 22:51)
> I can see in the lib/fortigate.pm file where it tries to filter this out, but it still showing up.   Has anyone else seen this?
> Thanks for a really useful product, it has saved us on a number of occasions.

rancid.conf:FILTER_OSC=ALL (or in <group>/rancid.conf) must be set to filter these.  It defaults to YES.  Also see rancid.conf(5).
This e-mail contains PRIVILEGED AND CONFIDENTIAL INFORMATION intended solely for the use of the addressee(s). If you are not the intended recipient, please notify so to the sender by e-mail and delete the original message. In such cases, please notify us immediately at info at infinite.com . Further, you are not to copy, disclose, or distribute this e-mail or its contents to any unauthorized person(s). Any such actions are considered unlawful. This e-mail may contain viruses. Infinite has taken every reasonable precaution to minimize this risk, but is not liable for any damage you may sustain as a result of any virus in this e-mail. You should carry out your own virus checks before opening the e-mail or attachments. Infinite reserves the right to monitor and review the content of all messages sent to or from this e-mail address. Messages sent to or from this e-mail address may be stored on the Infinite e-mail system. 


***INFINITE******** End of Disclaimer********INFINITE********

More information about the Rancid-discuss mailing list