Configure file scan policy settings

Views:

Scan Policy settings allow you to configure how the file scan engine handles compressed archives (such as ZIP, RAR, 7z, etc.). These settings help balance security coverage with performance and resource management. Understanding these configurations helps you optimize scanning behavior for your specific use case.

max-decompress-layer

Description: Controls the maximum depth of nested compression layers that the scan engine will extract and analyze.

Compressed archives can contain other compressed files within them (for example, a ZIP file containing another ZIP file). This setting determines how many levels deep the scanner will go when extracting nested archives.

Accepted Values: 0 to 20

Default: 20

Value	Behavior
`0`	Skip decompression entirely - only scan the archive itself without extracting contents
`1-20`	Extract and scan up to the specified number of nested compression layers

Example: If set to 3, the scanner will analyze layer 1 to 3, but skip for those more than 3:

Layer 1: The original archive
Layer 2: Archives found inside the original
Layer 3: Archives found inside Layer 2 archives

Impact: Higher values provide deeper security coverage but require more processing time and resources.

Error Message: If a file exceeds this limit during scanning:

Too many compressed layers. Decompress some layers and try
    again.

max-decompression-ratio

Description: Controls the maximum allowed compression ratio (original file size ÷ compressed file size) for each file within an archive.

This setting protects against "zip bomb" attacks, where maliciously crafted archives contain extremely high compression ratios that could consume excessive system resources when decompressed.

Accepted Values: 0 (no limit) or 100 and above

Default: 0

Value	Behavior
`0`	no limit
`100+`	Extract and scan files whose compression ratio is less than the specified limit

How It Works: The compression ratio is calculated as:

Compression
                Ratio = Decompressed File Size / Compressed File
        Size

Example: A 1 MB compressed file that expands to 100 MB has a compression ratio of 100:1. Files with a ratio exceeding 100:1 will be skipped.

Impact: Lower values provide better protection against decompression attacks but may reject legitimately highly-compressed files. Higher values are more permissive but require careful consideration of system resources.

Error Message: If a file exceeds this limit during scanning:

Maximum compression ratio exceeded. Contact
    support.

max-decompression-file-count

Description: Controls the maximum number of files within an archive that the scan engine will extract and analyze.

This setting helps manage scanning time and system resources when processing archives that contain a large number of files.

Accepted Values: 0+

Default: 0

Value	Behavior
`0`	No limit - scan all files within the archive
`1+`	Scan up to the specified number of files within the archive

Example: If set to 1000, the scanner will analyze up to 1,000 files within a single archive. Any files beyond this count will not be scanned.

Impact: Lower values reduce scanning time for large archives but may leave some files unscanned. Setting to 0 (no limit) ensures complete coverage but may increase processing time for archives with many files.

Error Message: If a file exceeds this limit during scanning:

Too many files in the zip. Remove some files to scan the
    zip.

max-decompression-size

Description: Controls the maximum allowed size (in megabytes) for each individual file within an archive after decompression.

This setting ensures that extremely large files within archives do not consume excessive system resources during extraction and scanning.

Accepted Values: 0 to 2048 (MB)

Default: 2048

Value	Behavior
`0`	Skip decompression entirely for all archive contents
`1-2048`	Extract and scan files up to the specified size in MB

Example: If set to 500, individual files within an archive that exceed 500 MB when decompressed will be skipped.

Impact: Lower values reduce memory and disk usage during scanning but may skip large files. Higher values (up to 2048 MB / 2 GB) allow scanning of larger files but require sufficient system resources.

Error Message: If a file exceeds this limit during scanning:

File is too large to extract. Reduce the file size and try
    again.

Best Practices

When setting the scan parameters:

Balance security and performance: Higher limits provide more comprehensive scanning but require more system resources
Consider your use case: Adjust settings based on the types of files your organization typically handles
Monitor for errors: If you frequently encounter limit-exceeded errors, consider adjusting the relevant policy settings
Protect against attacks: Keep reasonable limits on decompression ratio to protect against malicious archive attacks