The scan engine log has an entry stating Container Violation = Container depth limit exceeded, you want to know what to do.
Symptoms A container violation has been logged with the error as stated, files are being blocked or deleted on the basis of the verdict.
The option under Policies | Filtering | Container Handling | maximum extract depth of file meets or exceeds [ X ] levels, where X is a value greater than 0, is set too low for the environment.
The value needs to be increased to a value that fits with the day to day activities of the environment in question, a good base value for this is to set it to 10 levels as this will allow a reasonable amount of file nesting within containers.
It is good to know that the reason for the container limit is primarily to stop attacks such as a "zip of death" or "zip bomb" denial of service type attacks.
The log entry which appears should be similar to the following:
A container violation has been found
Date/time of event = 2009-05-20 10:01:03
Event Severity Level = Warning
File name = \\\CHECK$\\*.PPT
File status = NOT REPAIRED
Component name = *.PPT/PowerPoint Document
Component disposition = NOT REPAIRED
Container Violation = Container depth limit exceeded
Client IP = 127.0.0.1
Scan Duration (sec) = 0.578
Connect Duration (sec) = 0.594
This is machine translated content
Login to Subscribe
Please login to set up your subscription.
Didn't find the article you were looking for? Try these resources.