Messages with attached xlsb files deleted as Unscannable for Limits maximum compression
Article ID: 233532
Updated On:
Products
Issue/Introduction
Messaging Gateway deletes some messages with attached xlsb files with the verdict "Unscannable for limits" with the detail "max_compression".
Cause
The Messaging Gateway (SMG) malware and content filtering engines have a number of limits set on archive files which can be scanned including a limit set on the maximum compression ratio for archive files. Compressed archive files with greater than 95% compression will be treated as unscannable as highly compressed archives such as zip bombs may be used to consume system resources in a denial of service attack.
Some Microsoft xlsb files exceed the 95% maximum compression limit and are treated as unscannable.
Resolution
The maximum archive compression limit cannot be modified through configuration.
If your organization makes heavy use of highly compressed archive file types such as Microsoft xlsb, an Unscannable policy can be created via the Malware > Add button and creating a policy for the "Is unscannable for Malware and Content Filtering due to limits exceeded" as shown below:
Broadcom does not recommend that messages with unscannable attachments be delivered directly to end users and unscanned messages should either be Quarantined in the Content Quarantine, have the attachments stripped, or deleted.
Feedback
