Page 371 of the Symantec Messaging Gateway (SMG) 10.0 Administration Guide, and page 375 of the Symantec Messaging Gateway (SMG) 10.5 Administration Guide incorrectly state that the file attachment size limit considers only the compressed size of compressed attachments.
The proper statement and functionality of SMG is that the "uncompressed" size of attachments will be used when evaluating content filtering policies based on Attachment Size. Content filtering policies based on Message Size will be evaluated against the message as it is transmitted and therefore the compressed size of the attachments is closer to the true size. Symantec will correct this in a future update of the Admin guide.
When evaluating message size specifically, the SMG is looking at the raw data coming over the wire on port 25. When a message is in this "raw" form, the attachment is in a base64 encoded state which obfuscates the true size of that attachment. The main use case for evaluating this is so outside mail servers are not taking up unnecessary bandwidth transmitting the message.
When evaluating attachment size specifically, our software will completely decompose the message, which includes decompressing the file completely so it is in its most basic form. This is done so that other properties such as content, format and language can be determined as well as the size. The main use cases for this is saving storage space on the mail server, as well as blocking attachments of an unwanted format, such as binary executables, from entering the mail server.