Users accessing websites via Cloud SWG using WSS Agents and Proxy Forwarding access methods.

Advanced malware scanning is enabled, to enable sandboxing of suspicious files.

Cloud SWG policy implemented so that all users can download files of up to 100MB in size; users within a specific group are allowed to download larger files.

Subset of users complain that they get blocked, with ICAP errors, downloading files that are smaller than 100MB e.g. user downloading zip file 30MB in size gets an exception indicating files larger than 100MB are not allowed.

All Cloud SWG access methods.

Cloud SWG Policies blocking based on max_file_size_exceeded ICAP error_code.

File size checks performs check on overall aggregated contents of the file, and simply the file size itself.

Working as designed.

In the example above, the ZIP file included other compressed files such as java JAR files. Many of these JAR files, when uncompressed, included hundreds of files that far exceeded the 100MB limit.

It's important, when verifying either the file size of the total number of files, that the file in question be downloaded locally and analysed for additional files. Since the check is on the aggregated file size, or number of files, the analysis will confirm that the threshold has been exceeded.