search cancel

Content Analysis Error: "Content:Sandbox: Failed to Decompress xxx"


Article ID: 169087


Updated On:


Content Analysis Software - CA


You have Malware analysis deployment with Content analysis system and Content Analysis produces ERROR messages during Sandbox analysis. The error message appears as follows:

2016-06-07T16:17:28.088154+09:00 cas_1_3-6-x86_64 avservice[2755]: ERROR : Content::Sandbox: failed to decompress Pug
2016-06-07T17:57:11.504242+09:00 cas_1_3-6-x86_64 avservice[2755]: ERROR : Content::Sandbox: failed to decompress Pug


Content Analysis decompress data when forward suspicious data for Malware analysis.
Content Analysis will be indicate "decompress" error if the data is compressed unsupported compression format.

[Note] Content Analysis introduced support for the deflate algorithm in Content Analysis version
Content_Analysis_1.3.6.1_Release_Notes.pdf P6


Typically this message is harmless, but in this case, the message means that Sandbox analysis is unable to execute that file. See the workaround below.


Content Analysis uses the compression format determined by the OCS (Origin content server; where the file came from).  You can modify the compression with a local policy gesture installed on the ProxySG appliance processing your data: 

Log in to the ProxySG Management Console, go to Configuration > Policy > Policy Files > click Install Local File from: Text Editor > Install".

Replace "" in the policy below with the domain serving the compressed file.

;------------- Sandbox compression correction policy start ----------
url.domain="" http.server.accept_encoding(no) 

; -------------Sandbox compression correction policy end ----------