Users are getting "Maximum number of archive layers exceeded" ICAP scanning error page
Article ID: 423894
Updated On:
Products
CAS-VA
Content Analysis Software
ISG Content Analysis
Issue/Introduction
Users report that a file download attempt results in the proxy ICAP error "Maximum number of archive layers exceeded". A sample error page is below:
Environment
- Users access Internet via an Edge SWG appliance
- Edge SWG appliance is set to send HTTP response for scanning to a CAS appliance via ICAP
Cause
Requested file is an archive with number of nested layers/nested archives higher than configured in the CAS AV Scanning Behavior settings. By default CAS allows up to 16 nested layers in archives.
Resolution
There are a few options available:
- Check current Maximum archive layers value in the CAS GUI (Services -> AV Scanning Behavior -> at the bottom if the page under AV engine option tab). By default it is set to 16 and can be increased up to 40 if required.
- Change policy for AV exceptions action for maximum number of archive layers exceeded exception from block to serve. Note: this will allow any archive with number of archive layers higher than configured to be served unscanned.
- Exclude file or URL with the error from ICAP response scanning in the Edge SWG policy
Feedback
Yes
No
Powered by
