Protection Engine for Network Attached Storage

 View Only

 How to determine ideal configurations for scanning

Abraham Moshekh's profile image
Abraham Moshekh posted Jun 27, 2024 09:07 AM

Hey all, we're facing errors scanning files from our customers which either have excessively compression ratios, too many layers of compression, or are just beyond the default parameters set by the engine from the get go. 

Name                                       Range                               default         Our current setting

MaxCompressionRatio            0 - 4294967295                75               225
MaxExtractSize                       0MB ~ 128GB                     100 MB.       10000MB
MaxExtractDepth                    1 - 50                                 10                 50

We've found these let through the majority of our customers files but we're concerned that it may keep us open to attacks (Such as zip bombs)

How do we determine an ideal settings? If that's not possible, are our current settings considered "unsafe" and how do we determine if they are?

haro's profile image
haro

Hi
Setting for MaxCompressionRatio seems just fine, as I've seen larger values.
Setting MaxExtractSize to 10GB seems quite large, but if you have large archive files and/or considering with use of MaxCompressionRatio settings, that can be acceptable value, I suppose.

But for MaxExtractDepth setting, I've seen 20 or may be up to 25, but never seen anyone use the max value 50.
For most customers, default 10 usually should be just fine, with some exceptions. 
Do you really need it to be that big/deep?