Installation instructions
GFI MailSecurity for Exchange/SMTP Decompression engine 81
Check for recursive archives
Screenshot 70 - Configuring recursive archives options
This filter allows you to quarantine or delete emails that contain
recursive archives. Recursive archives, also known as nested
archives, are archives that contain other/multiple levels of sub-
archives (i.e. archives within archives). A high number of archive
levels can indicate a malicious archive: Recursive archives can be
used in a DoS (Denial of Service) attack, since most content scanning
and anti-virus packages crash while attempting to scan nested archive
levels.
To configure this filter:
1. Click the GFI MailSecurity Decompression node.
2. From the list of available filters (in the right window), click on Check
for recursive archives.
3. Select the Check for recursive archives check box to enable this
filter and specify the maximum number of nested archives permitted.
IMPORTANT: If you disable the Check for recursive archives rule,
GFI MailSecurity will not scan or quarantine recursive archives, thus
bypassing the anti-virus checking.
4. Decide on what to do with emails containing nested archives that
exceed the specified limit by selecting one of the following options:
Quarantine – Select this option to quarantine the emails that
contain recursive archives. The administrator can later review
these quarantined emails and approve or delete them accordingly.
Automatically Delete – Select this option to delete emails
containing recursive archives that exceed the specified nesting
limit.
5. Click the Actions tab to configure any actions to be performed
whenever an email containing a recursive archive is detected and
blocked. For more information on how to configure actions refer to the
„Configuring decompression filter actions‟ section in this chapter.
6. Click Apply.