How can I set container limits in Symantec Scan Engine 5.x?
WARNING: If you allow access to a file that has not been fully scanned, you can expose your network to risks. If you allow access and Symantec Scan Engine detects a risk, Symantec Scan Engine will not repair the file, even if under normal circumstances it could be repaired. In this case, the file is handled as though the file is unrepairable.
To set container limits to block denial-of-service attacks
This information was taken from the "Symantec™ Scan Engine Implementation Guide"
This Implementation guide can be found here:
Why set a container limit in SSE 5.x?
Symantec Scan Engine protects your network from file attachments that can overload the system and cause denial-of-service.
This includes container files that are overly large, that contain large numbers of embedded, compressed files, or that are designed to maliciously use resources and degrade performance.
To reduce your exposure to denial-of-service attacks, you can impose limits to control how Symantec Scan Engine handles container files.
You can specify the following limits for handling container files:
Symantec Scan Engine scans a file and its contents until it reaches the maximum depth that you specify.
Symantec Scan Engine stops scanning any file that meets the maximum file size limit or that exceeds the maximum amount of time to decompose.
It then generates a log entry. Symantec Scan Engine resumes scanning any remaining files.
This process continues until Symantec Scan Engine scans all of the files to the maximum depth (that do not meet any of the processing limits).
You can specify whether to allow or deny access to files for which an established limit is met or exceeded and for which processing has stopped.