Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
AV error message - file reached uncompressed limit
Hi there,
I' m running FortiOS 5.2 on a FG60D. For the most part it' s been working well since upgrading to 5.2 from 5.0.7. I have, though, been getting odd error messages from the AV engine. The culprit appears to be application updates for Android devices from Google Play.
Generally the update completes successfully, but it' s an odd one and I' m wondering weather other people have had the same problem. I never got this message when running 5.0.7. The message is below:
Message meets Alert condition
File Block Detected: Protocol: HTTP Source IP: 192.168.0.45 Destination IP: 213.253.9.140 Email Address From: Email Address To:
date=2014-08-01 time=08:26:06 devname=CIR-FG60D devid=FGT60D4613026425 logid=0262008961 type=utm subtype=virus eventtype=scanerror level=notice vd=" root" msg=" File reached uncompressed size limit." action=passthrough service=HTTP sessionid=4635915 srcip=192.168.0.45 dstip=213.253.9.140 srcport=44417 dstport=80 proto=6 direction=incoming quarskip=No-skip url=" http://r1---sn-ja5g5-ajte.c.android.clients.google.com/market/GetBinary/GetBinary/com.a0soft.gphone.app2sd/90003369:90003359:2?mm=31&m" profile=" default" agent=" AndroidDownloadManager/4.4.4" analyticscksum=" c7beb43ac2b6ac3cd84cec404a95447607f918c989120ff6c2a5f304b454f1e6" analyticssubmit=false
Thanks,
Steve
- « Previous
-
- 1
- 2
- Next »
15 REPLIES 15
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi Guys,
I too have the same problem . But in my case I am not using proxy based inspection.
I use flow based everywhere.
The how do I get the " File reached uncompressed size limit." scan error.
Can you clarify whether flow based also have the um compression size limit.?
Nihas [\b]
Nihas [\b]
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Why it wouldn' t have? If you have AV scanning enabled, even though the flow-based one it still needs to uncompress the file to scan for any nastiness inside.
If you have flow-based AV enabled, you limit the Fortigate only to scan ZIP and GZIP archives, though.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
That said, in FortiOS 5.2 there were immense enhancements made to the flow protections and they are now considered as effective (or very nearly so) to the proxy protections. Therefore, I would heavily encourage you to switch AV, Web Filtering and AntiSpam (if you' re using it) to flow mode. This helps conserve resources on the box, it no longer has to proxy the connection (less moving parts = less potential problems) and you no longer have a size limitation.Hi Istavan, I think Sean is correct. That' s the reason i raised my experience here, Even I have flow based and I am getting the same scan error. From my observation It' s for all files including exe,cab, rar etc.
Nihas [\b]
Nihas [\b]
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
1. In FortiOS 5.2 the flow mode can buffer the file and indeed it can scan archived files.from Sean' s post further above. So a buffer limit still applies.
Ede Kernel panic: Aiee, killing interrupt handler!
Ede Kernel panic: Aiee, killing interrupt handler!
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Sorry Ede, the one which i pasted above was from 5.0.
Yes. In 5.2 they have enhanced flow based AV,and this also buffer files for scanning.
Nihas [\b]
Nihas [\b]
- « Previous
-
- 1
- 2
- Next »