Support Center > Search Results > SecureKnowledge Details
Traditional Anti-Virus blocks files larger than 1GB over FTP with "Archive has exceeded the maximum allowed limits"
Symptoms
  • User's FTP Client shows the following error when transfer of file larger than 1GB is interrupted:

    Content inspection module rejected the requested resource
    Transfer was canceled
    
  • SmartView Tracker log shows:

    Product = Traditional Anti-Virus
    Action = Reject
    File Direction = By IP
    Scan Result = Failure-reject
    Reason = Archive has exceeded the maximum allowed limits
    
  • Increasing the file size to scan in SmartDashboard does not help (SmartDashboard - go to 'Threat Prevention' tab - open 'Traditional Anti-Virus' - open 'Security Gateway' - click on 'Settings' - set the value in 'Maximum file size to scan:' - install policy).

  • Debug of FTP Security Server per sk90423 shows in $FWDIR/log/aftpd.elg:

    kav_clbk_fn: Maximum unpacked size reached, canceling scan... 
    [aftpd  ...]@HostName[Date Time] kav_clbk_fn: got event XXX. kav_init_called=1 
    [aftpd  ...]@HostName[Date Time] '/opt/CPsuite-R77/fw1/tmp/file...': EVENT_RESULT - 
    [aftpd  ...]@HostName[Date Time] CLEAN 
    [aftpd  ...]@HostName[Date Time] kav_handle_result: result = KAV_S_R_CLEAN 
    [aftpd  ...]@HostName[Date Time] kav_handle_result: the archive max nesting level exceeded 
    [aftpd  ...]@HostName[Date Time] AVIMServant::task_handler: Scan failed or virus found for file 161728760. failure type=Async failure(avimh=0x..., cpkioh=0x...)
    
  • Setting large value for the parameter "max_archive_scanned_object_size" in the $FWDIR/conf/malware_config file per sk102974 changes the symptoms - the file transfer is not blocked, but simply times out.

Cause

Traditional Anti-Virus incorrectly ignores the file size to scan configured in SmartDashboard.


Solution
Note: To view this solution you need to Sign In .