When Symantec Messaging Gateway processes certain compressed files, these files can expand to the point where they deplete system memory. Such container files are often referred to as "zip bombs." Symantec Messaging Gateway can handle such situations by automatically sidelining large attachments and stripping the attachments. It assumes that such a file can be a zip bomb and should not be allowed to deplete system resources. Action is taken on the file only because of its size, not because of any indication that it contains a virus or other violation.
You can specify this size threshold and the maximum extraction level that Symantec Messaging Gateway processes in memory. You can also specify a time limit for scanning containers. If a configured limit is reached, Symantec Messaging Gateway performs the action that you specify for the Unscannable for malware and content filtering category.
The following table describes at what threshold a container is unscannable for each option that you can configure:
Maximum container scan depth
The nested depth in a container file (such as a .zip file or email message) exceeds the number specified.
Do not set this value too high. You can be vulnerable to denial-of-service attacks or zip bombs, which contain many levels of nested files.
Maximum time to open container
The specified time elapses during a scan of container attachments (such as .zip files).
Use this setting to detect the containers that do not exceed the other container settings, but include container nesting, many files, large files, or a combination of these.
Maximum individual file size when opened
Any individual component of the container exceeds the size that is specified when unpacked.
Maximum accumulated file size when opened
The total size of all the files in a container exceeds the size that is specified when unpacked.
To set limits on nested files
In the Control Center, click Protocols > SMTP > Settings.
Under Container Limits, in the Maximum container scan depth box, type the maximum number of container depths.
In the Maximum time to open container box, type a value, and then click the drop-down menu to specify the Seconds, Minutes, or Hours.
In the Maximum individual file size when opened box, type the maximum file size, and then click the drop-down menu to select KB, MB, or GB.
In the Maximum accumulated file size when opened box, type the maximum accumulated file size, and then click the drop-down menu to select KB, MB, or GB.