Installation instructions
82 Decompression engine GFI MailSecurity for Exchange/SMTP
Check size of uncompressed files in archives
Screenshot 71 - Configuring checks for the size of uncompressed files in archives
This filter allows you to block or delete emails with archives that
exceed the specified physical size when uncompressed. Hackers
sometimes use this method in a DoS (Denial of Service) attack: By
sending an archive that can be uncompressed to a very large file, they
can often crash content security or anti-virus software.
To configure this filter:
1. Click the GFI MailSecurity Decompression node.
2. From the list of available filters (in the right window), click on Check
size of uncompressed files in archives.
3. Select the Check size of uncompressed files in archives check
box to enable this feature and specify the maximum size (in MB)
allowed for uncompressed files, received within an archive.
IMPORTANT: If you disable the Check size of uncompressed files
in archives rule, GFI MailSecurity will not scan or quarantine archive
attachments, thus bypassing the anti-virus checking.
4. Decide on what to do with emails containing archived files that
exceed the specified size when un-compressed.
Quarantine – Select this option to quarantine the emails that
contain these archives. The administrator can later review these
quarantined emails and approve or delete them accordingly.
Automatically Delete – Select this option to delete emails
containing archived files that when un-compressed, exceed the
specified size limit.
5. Click the Actions tab to configure any actions to be performed
whenever this filter detects and blocks emails containing an archive.
For more information on how to configure actions refer to the
„Configuring decompression filter actions‟ section in this chapter.
6. Click Apply.