Which antivirus inspection mode must be used to scan SMTP, FTP, POP3 and SMB protocols?

The flow-based antivirus inspection mode is designed for high performance and low latency, making it suitable for scanning multiple protocols, including SMTP, FTP, POP3, and SMB. In flow-based inspection, the FortiGate device reviews the data packets as they pass through the network in real time, which allows for effective antivirus scanning without requiring the connection to be fully established in a session-based manner.

When it comes to scanning protocols that often handle larger amounts of data or are particularly sensitive to delays, flow-based inspection provides a good balance between thorough scanning and maintaining network performance. This method employs a combination of techniques that analyze traffic seamlessly, thereby ensuring that these critical protocols remain functional and efficient while still being protected against malware and other threats.

In contrast, proxy-based inspection involves establishing a full session for the connection, which can introduce delays and is generally more resource-intensive, making it less ideal for high-volume protocols. DNS-based inspection is focused solely on examining DNS traffic, which does not encompass the breadth of protocols mentioned. Man-in-the-middle is more of a concept than a dedicated inspection mode, and while it can involve antivirus scanning, it doesn’t specifically pertain to the protocols listed in the question. Thus, flow-based inspection stands out as the most appropriate method