Archive maximum extraction size reached - How to adjust this size?

I don't know of any setting that can be changed to allow scanning larger files, Meghan.  I think it's more likely a limitation of the amount of RAM in the device.

Are you sure this is an Endpoint problem and not an issue with the UTM?  If 'Do not scan files larger than' on the 'Antivirus' tab of your Web Filtering Filter Action is over 10MB, you might need to add RAM to your UTM.

If this really is Endpoint generating the message, then maybe adding RAM to your PC would help - I don't know.  You could make an Exclusion or temporarily disable on-demand scanning.

Please let us know if any of that worked.

Cheers - Bob

Hi Bob,

I use an UTM Home Software Appliance at an old PC with this specifications.

Endpoint scanning is not enabled.

"Do not scan over..." Option is at 4196 MB.

I also added already RAM to the UTM, before I've had 8GB, but it don't solved the Problem!

Have you any ideas how to solve this issue?

Thanks in advance,

Meghan

Hi Meghan,

your 8gb was plenty of ram, your 1tb disk is an overkill. On the utm are you using the proxy and if so do you have decrypt and scan enabled?

The issue appears to be an end user device issue. What software are you using to decrypt the zip file? There is a possibility that zip file is corrupted which makes the decrypting software think it is a very large file.

Hi,

Yes, Proxy and HTTP/S scanning and FTP scanning is enabled.

The error is from the UTM, NOT from a client!

The error occurres when UTM is trying to scan the *.iso file.

Here are some screenshots:

Any ideas how to fix this issue?

Thanks in advance - Meghan

a possible solution is to reduce the size for "scan no files larger than..." to 500 MB.

or create an exception for these domain.

Hi,

but i like to scan this file.

Isn't it possible to increase the "Archive Maximum extraction size"?

Regards Meghan

Any ideas?

What do you hope to achieve by scanning this file?

It is an iso inside a zip package, so you will not be able to determine if the package has been corrupted by the bad guys anyway.

This file is only an example to Show my problem.

I'd like to scan all files who pass the UTM.

So, is there a way to configure the "Archive Maximum extraction size"?

Regards

Meghan, based on your pictures, try a test:

• With 16GB installed, note the number of GB downloaded before you get the error message.
• Reduce RAM back to 8GB and run the test again.

What is the difference between the two numbers?  That should tell you how much RAM would be needed to scan this file.

I suspect you will decide to create a VM into which you load this file without scanning it.  You can then test inside the VM without endangering your setup.

Cheers - Bob

Hi Bob,

the error appears with 8 and 16GB of RAM after the file is fully downloaded.

For ~5 sec. the UTM says "scanning" and than the error appears.

Any ideas?

Regards Meghan

I don't recall ever seeing anything over 50MB scanned.  You might check other logs to see if there's some reason this message is triggered: Fallback messages, Kernel messages, Middleware, Selfmonitoring, Service monitor daemon and System messages.  Any luck there?

Really, I don't know the answer, Meghan, but my sense is that you've bumped up against a design maximum and that there's no solution to be found on the road you're following at present.

Cheers - Bob

I don't recall ever seeing anything over 50MB scanned.  You might check other logs to see if there's some reason this message is triggered: Fallback messages, Kernel messages, Middleware, Selfmonitoring, Service monitor daemon and System messages.  Any luck there?

Really, I don't know the answer, Meghan, but my sense is that you've bumped up against a design maximum and that there's no solution to be found on the road you're following at present.

Cheers - Bob

Ok, thank you for your lots of effort anyway!