The scan engine log has an entry stating Container Violation = Container depth limit exceeded, you want to know what to do.
Symptoms A container violation has been logged with the error as stated, files are being blocked or deleted on the basis of the verdict.
The option under Policies | Filtering | Container Handling | maximum extract depth of file meets or exceeds [ X ] levels, where X is a value greater than 0, is set too low for the environment.
The value needs to be increased to a value that fits with the day to day activities of the environment in question, a good base value for this is to set it to 10 levels as this will allow a reasonable amount of file nesting within containers.
It is good to know that the reason for the container limit is primarily to stop attacks such as a "zip of death" or "zip bomb" denial of service type attacks.
The log entry which appears should be similar to the following: A container violation has been found Date/time of event = 2009-05-20 10:01:03 Event Severity Level = Warning File name = \\
File status = NOT REPAIRED
Component name = *.PPT/PowerPoint Document
Component disposition = NOT REPAIRED
Container Violation = Container depth limit exceeded
Client IP = 127.0.0.1
Scan Duration (sec) = 0.578
Connect Duration (sec) = 0.594
Imported Document Id
This is machine translated content
Login to Subscribe
Please login to set up your
For security reasons, your link to this document has expired. Please click on the attachment link to access this file.
The attachment that you are looking for no longer exists.
There has been an issue retrieving your attachment. Please try again.
Didn't find the article you were looking for? Try these resources.