Mail Security imposes limits on file extraction. These limits protect against denial-of-service attacks that are associated with the overly large or complex container files that take a long time to decompose. These limits also enhance scanning performance.
Mail Security contains a decomposer that extracts container files so that they can be scanned for risks. The decomposer continues to extract container files until it reaches the base file. When a container file reaches a set limit, the scanning process stops, the violation is logged to the specified logging destinations, and the file is handled according to Unscannable File Rule.
To configure file scanning limits
In the console on the primary navigation bar, click Policies.
In the sidebar under General, click Scanning Limits.
In the content area, in the Maximum scan time (in seconds) box, type the maximum time that Mail Security can spend extracting a single container file.
You can enter a value from 20 to 500000. The default value is 300.
In the Maximum archive scan depth (number of levels) box, type the maximum number of nested levels of files that are decomposed within a container file.
You can enter a value from 1 to 50. The default value is 10.
In the Maximum size of one extracted file (in MB) box, type the maximum file size, in megabytes, for individual files in a container file.
You can enter a value from 1 to 1024. The default value is 100.
In the Maximum total size of all extracted files (in MB) box, type the maximum size, in megabytes, of all extracted files.
You can enter a value from 1 to 1024. The default value is 200.
In the Maximum number of files extracted box, type the maximum allowable number of files to be extracted.
You can enter a value from 1 to 1000000. The default value is 5000.
On the toolbar, click Deploy changes to apply your changes.