Explanation
The file could not be scanned by the anti-virus module since the
decompression of the compressed file failed. Since anti-virus is
running in audit mode, the data transfer will be allowed to continue.
Gateway Action
allow_data
Recommended Action
Change Fail Mode parameter to deny if files that fail decompression
should be blocked.
Revision
1
Parameters
filename
[layer7_srcinfo]
[layer7_dstinfo]
Context Parameters
ALG Module Name
ALG Session ID
Connection
2.2.6. compression_ratio_violation (ID: 05800006)
Default Severity
WARNING
Log Message
Compression ratio violation for file <filename>. Compression ratio
threshold: <comp_ratio>
Explanation
Anti-virus has scanned a compresed file with a compression ratio
higher than the specified value. Action is set to continue scan.
Gateway Action
continue_scan
Recommended Action
Files with too high compression ratio can consume large amount of
resources. This can be a DOS attack.
Revision
1
Parameters
filename
comp_ratio
[layer7_srcinfo]
[layer7_dstinfo]
Context Parameters
ALG Module Name
ALG Session ID
Connection
2.2.7. compression_ratio_violation (ID: 05800007)
Default Severity
WARNING
Log Message
Compression ratio violation for file <filename>. Compression ratio
threshold: <comp_ratio>
Explanation
Anti-virus has scanned a compresed file with a compression ratio
higher than the specified value. Action is set to continue scan.
Gateway Action
abort_scan
Recommended Action
Files with too high compression ratio can consume large amount of
resources. This can be a DOS attack.
2.2.6. compression_ratio_violation
(ID: 05800006)
Chapter 2. Log Message Reference
100
Summary of Contents for NetDefend SOHO DFL-160
Page 20: ...List of Tables 1 Abbreviations 23 20 ...
Page 21: ...List of Examples 1 Log Message Parameters 22 2 Conditional Log Message Parameters 22 21 ...
Page 31: ...1 3 Severity levels Chapter 1 Introduction 31 ...
Page 356: ...2 33 53 sent_sslalert ID 03700511 Chapter 2 Log Message Reference 356 ...