Decomposition too deep (the message is deeper than the configured $depth levels)
Last Updated February 08, 2013
 Decomposition too deep (the message is deeper than the configured $depth levels)
Error code: 27226
Error text: Decomposition too deep (the message is deeper than the configured $depth levels)
Where $depth is the Maximum container scan depth you have configured on the following page in the Control Center:
Protocols > SMTP > Settings
Affected module: brightmail_engine
Product version: Symantec Brightmail Gateway 9.0 and later versions
Following are the symptoms of this issue:
Error in logs
If you have enabled virus filtering, a message being processed receives an Unscannable verdict and will be processed according to your configured unscannable policy (deletion by default).
Containers that are nested further below the Maximum container scan depth setting are not scanned for content filtering rules or viruses.
A message being processed by the Symantec Messaging Gateway has a container file attachment that has a series of nested container files whose cumulative depth is greater than the currently configured maximum container scan depth setting.
To efficiently manage processing resources and to protect your mail scanners from some denial-of-service attacks, there are configured limits to the depth of container files that are processed. Container files are compressed archives of one or more files such as a zip file that can expand to take up a large amount of memory. Archives can also contain other nested archives that themselves can contain other archives. By default, the deepest container depth for any container file is limited to 20 containers deep. Container files whose depth exceeds this setting throws this error and return an unscannable verdict.
Such messages will then be processed according to your configured Unscannable policy (Virus: Policies: Email), which in a default installation is set to delete the message.
If your normal mail traffic necessitates processing mail with very deep container file attachments, you can increase the Maximum container scan depth: setting (20 by default). Log into the Control Center, select Protocols > SMTP > Settings > Scanning. Increase the size value for the Maximum container scan depth setting to one that accommodates the deepest nested archive your business legitimately processes.
The higher this setting, the more memory and processing resources such mail will consume and you may end up processing mail slower. Or, in cases where the memory configuration of your appliance is inadequate to your mail stream, may lead to memory allocation errors. In extreme cases, a setting too large may cause the Brightmail filtering engine or MTA to crash. If this is a regular occurrence, you must correctly size your installation to your mail stream by using a more capable physical appliance with more memory or by allocating more memory and CPU resources to your virtual installation. Symantec recommends that this setting never be raised above a value of 40.
If you are unsure whether mail bearing these deeply nested container file attachments has a legitimate business purpose and are concerned with their potential deletion, you can temporarily change the unscannable policy action to hold these messages in an informational quarantine so that their legitimacy can be determined. If they prove to be legitimate, you can change the policy action permanently. Or, if the specific user audience who wants to work with such large files is limited, you can define a limited policy group and apply a specific unscannable policy for that group.
Use the delete policy for the default group and a deliver normally policy for your system administrators.
The following is an example of the error message as it appears in the bmserver_log:
<date>T<time> (WARNING:27171.2616159152): 
Decomposition too deep (the message is deeper than the configured
Imported Document ID: HOWTO77003
Subscribing will provide email updates when this Article is updated. Login is required to Subscribe