Content Analysis Error: "Content:Sandbox: Failed to Decompress xxx"
book
Article ID: 169087
calendar_today
Updated On:
Products
Content Analysis Software - CA
Issue/Introduction
You have Malware analysis deployment with Content analysis system and Content Analysis produces ERROR messages during Sandbox analysis. The error message appears as follows:
2016-06-07T16:17:28.088154+09:00 cas_1_3-6-x86_64 avservice[2755]: ERROR : Content::Sandbox: failed to decompress Pug 2016-06-07T17:57:11.504242+09:00 cas_1_3-6-x86_64 avservice[2755]: ERROR : Content::Sandbox: failed to decompress Pug
Cause
Content Analysis decompress data when forward suspicious data for Malware analysis. Content Analysis will be indicate "decompress" error if the data is compressed unsupported compression format.
Typically this message is harmless, but in this case, the message means that Sandbox analysis is unable to execute that file. See the workaround below.
Workaround
Content Analysis uses the compression format determined by the OCS (Origin content server; where the file came from). You can modify the compression with a local policy gesture installed on the ProxySG appliance processing your data:
Log in to the ProxySG Management Console, go to Configuration > Policy > Policy Files > click Install Local File from: Text Editor > Install".
Replace "example.net" in the policy below with the domain serving the compressed file.