2.2.6. compression_ratio_violation
(ID: 05800006)
Explanation
Gateway Action
Recommended Action
Revision
Parameters
Context Parameters
2.2.6. compression_ratio_violation (ID: 05800006)
Default Severity
Log Message
Explanation
Gateway Action
Recommended Action
Revision
Parameters
Context Parameters
2.2.7. compression_ratio_violation (ID: 05800007)
Default Severity
Log Message
Explanation
Gateway Action
Recommended Action
The file could not be scanned by the anti-virus module since the
decompression of the compressed file failed. Since anti-virus is
running in audit mode, the data transfer will be allowed to continue.
allow_data
Change Fail Mode parameter to deny if files that fail decompression
should be blocked.
1
filename
[layer7_srcinfo]
[layer7_dstinfo]
ALG Module Name
ALG Session ID
Connection
WARNING
Compression ratio violation for file <filename>. Compression ratio
threshold: <comp_ratio>
Anti-virus has scanned a compresed file with a compression ratio
higher than the specified value. Action is set to continue scan.
continue_scan
Files with too high compression ratio can consume large amount of
resources. This can be a DOS attack.
1
filename
comp_ratio
[layer7_srcinfo]
[layer7_dstinfo]
ALG Module Name
ALG Session ID
Connection
WARNING
Compression ratio violation for file <filename>. Compression ratio
threshold: <comp_ratio>
Anti-virus has scanned a compresed file with a compression ratio
higher than the specified value. Action is set to continue scan.
abort_scan
Files with too high compression ratio can consume large amount of
resources. This can be a DOS attack.
100
Chapter 2. Log Message Reference