Default Severity
Log Message
Decompression error for file <filename>
Explanation
The file could not be scanned by the anti-virus module since the
decompression of the compressed file failed. Since anti-virus is
running in audit mode, the data transfer will be allowed to continue.
Gateway Action
allow_data
Recommended Action
Change Fail Mode parameter to deny if files that fail decompression
should be blocked.
Revision
1
Parameters
filename
[layer7_srcinfo]
[layer7_dstinfo]
Context Parameters
ALG Module Name
ALG Session ID
Connection
2.3.6. compression_ratio_violation (ID: 05800006)
Default Severity
Log Message
Compression ratio violation for file <filename>. Compression ratio
threshold: <comp_ratio>
Explanation
Anti-virus has scanned a compressed file with a compression ratio
higher than the specified value. Action is set to continue scan.
Gateway Action
continue_scan
Recommended Action
Files with too high compression ratio can consume large amount of
resources. This can be a DOS attack.
Revision
1
Parameters
filename
comp_ratio
[layer7_srcinfo]
[layer7_dstinfo]
Context Parameters
ALG Module Name
ALG Session ID
Connection
2.3.7. compression_ratio_violation (ID: 05800007)
Default Severity
Log Message
Compression ratio violation for file <filename>. Compression ratio
threshold: <comp_ratio>
Chapter 2: Log Message Reference
173
Summary of Contents for NetDefend DFL-260E
Page 32: ...List of Tables 1 Abbreviations 35 32...
Page 33: ...List of Examples 1 Log Message Parameters 34 2 Conditional Log Message Parameters 34 33...
Page 42: ...routemetric Route metric cost Chapter 1 Introduction 42...
Page 44: ...Chapter 1 Introduction 44...
Page 216: ...Rule Information Connection Chapter 2 Log Message Reference 216...
Page 243: ...client_ip Context Parameters Rule Name Packet Buffer Chapter 2 Log Message Reference 243...
Page 556: ...logger Chapter 2 Log Message Reference 556...
Page 613: ...Parameters location Chapter 2 Log Message Reference 613...