Email Reported as Unscannable With Error Message "Scan Engine error. There are too many levels"
search cancel

Email Reported as Unscannable With Error Message "Scan Engine error. There are too many levels"

book

Article ID: 154329

calendar_today

Updated On:

Products

Mail Security for Microsoft Exchange

Issue/Introduction

An email with a compressed attachment is marked as unscannable by Symantec Mail Security for Microsoft Exchange.

  • Windows Application Event log shows the following error event:
     
    Type: Warning
    Date:
    Time:
    Event: 218
    Source: Symantec Mail Security for Microsoft Exchange
    Category: Unscannable
    Description:
    The attachment "imm.zip" located in message with subject "Sample File", located in SMTP has violated the following policy settings:
    Scan: Auto-Protect
    Rule: Unscannable File Rule
    The following actions were taken on it:
    The attachment "imm.zip" was Quarantined for the following reason(s):

Scan Engine error. There are too many levels in a compressed file at location imm.zip within imm within imm.zip within imm within imm.zip within imm within imm.zip within imm within imm.zip within imm within imm.zip within imm within imm.zip within imm within imm.zip within imm within imm.zip within imm within imm.zip within imm

Cause

The compressed file contains more than ten (10) levels of compressed files. 

 

Resolution

This behavior is by design. The SMSMSE default configuration is to limit scanning the depth of compressed files.  In most instances more than ten levels of compressed files is not a valid archive.

Workaround

The depth to which scanning occurs is configurable via a registry key.  Changing this key to a higher level allows compressed files with more depth to be scanned successfully. However the increase will use more CPU and memory for these type of files.  This may have an impact on performance depending on the environment.


 

WARNING: In the next steps you will edit the Windows registry. We strongly recommend that you back up the registry before you make any changes to it. Incorrect changes to the registry can result in permanent data loss or corrupted files. Modify only the registry keys that are specified. See How to back up the Windows registry for instructions.



Perform the following steps to increase the depth limit:

1. Start regedit.
2. Change the value of the registry key HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\SMSMSE\<version>\Server\Components\NaveSp\MaxScanDepth to be a higher value.

NOTE:  The value of <version> is the version of SMSMSE installed.  The following is an example if version 6.5 is installed:

HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\SMSMSE\6.5\Server\Components\NaveSp\MaxScanDepth


3. Exit regedit.
4. Restart the Windows Service: Symantec Mail Security for Microsoft Exchange.


Powered by Wolken Software