When attempting to scan files using the ssecls utility in Symantec Protection Engine (SPE) 9.3 on Linux, the process terminates unexpectedly and the following error is displayed in the terminal:

*** buffer overflow detected ***: terminated
Aborted (core dumped)

This issue typically occurs when scanning large archives or files that trigger container violations, while the same file may scan successfully via the RestAPI.

• Product: Symantec Protection Engine (SPE) 9.3
• Platform: Linux
• Tool: ssecls (Command Line Scanner)

The issue is triggered by specific scanning limits when the file being processed contains deeply nested containers or large extracted data that exceeds configured thresholds during command-line scanning.

To resolve this issue, set the Extracted File Size limit to 0 (unlimited) by following these steps:

1. Access the Symantec Protection Engine console or configuration file.
2. Navigate to Policies > Scanning Limits.
3. Locate the field Extracted File Size (MB).
4. Change the value to 0.
5. Save the changes and restart the SPE service if necessary.