Check for recursive archives
What to do with recursive archives
This option allows you to configure what to do with archives that
contain more then a certain number of levels of archives (archives
within archives). This is also referred to as a recursive archive or a
nested archive. A high number of archive levels can indicate a
malicious archive: Recursive archives can be used in a DoS attack,
since many content scanning & anti virus packages will crash if you
send them a recursive archive with many levels of archives. You can
configure the maximum level of archives, and what to do with an
archive that contains more levels of archives. Then you can:
Quarantine
This will quarantine the file for administrator review
Automatically delete
This will automatically delete the archive.
Optionally you can notify user via email when an archive is
automatically deleted.
Check for amount of files in archives
This option allows you to configure what to do with archives that
contain more then a certain number of archives. You can configure the
limit of archives an archive should contain, and what to do with
archives that contain more then that limit. Then you can:
Quarantine
This will quarantine the archive for administrator review
Automatically delete
This will automatically delete the archives.
Optionally you can notify user via email when an archive is
automatically deleted.
Check size of uncompressed files in archives
This option allows you to configure what to do with compressed
archives which, when unpacked, are larger then a certain size.
Hackers sometimes use this method in a DoS attack: By sending a file
that uncompresses to a very large file, they can often crash content
Decompression engine
71
New Page 1