File Types

Block potentially unsafe file types in email messages

Select this option to block all emails containing potentially unsafe attachments.

Unsafe file types are:

• DOS/Windows executables, libraries and drivers
• Compiled HTML Help files
• VBScript encoded files
• Files with {CLSID} in their name
• The following file extensions: ade, adp, bas, bat, chm, cmd,com, cpl, crt, exe, hlp, hta, inf, ins, isp, js, jse, lnk, mdb, mde, msc, msi, msp, mst, pcd, pif, reg, scr, sct, shs,shb, url, vb, vbe, vbs, wsc, wsf, wsh.

To view a list of unsafe file types and their descriptions, click Show next to this option.

Pass safe file types without scanning

Select this option to accept common file types that are known to be safe, without scanning them.

Safe files types are:

• GIF
• BMP
• JFIF standard
• EXIF standard
• PNG
• MPEG video stream
• MPEG sys stream
• Ogg Stream
• MP3 file with ID3 version 2
• MP3
• PDF
• PostScript
• WMA/WMV/ASF
• RealMedia file
• JPEG - only the header is scanned, and the rest of the file is skipped

To view a list of safe file types, click Show next to this option.

Selecting this option reduces the load on the gateway by skipping safe file types. This option is selected by default.

Archive File Handling

Maximum Nesting Level

Type the maximum number of nested content levels that VStream Antivirus should scan.

Setting a higher number increases security. Setting a lower number prevents attackers from overloading the gateway by sending extremely nested archive files.

The default value is 5 levels.

Maximum Compression Ratio 1:x

Fill in the field to complete the maximum compression ratio of files that VStream Antivirus should scan.

For example, to specify a 1:80 maximum compression ratio, type 80.

Setting a higher number allows the scanning of highly compressed files, but creates a potential for highly compressible files to create a heavy load on the appliance. Setting a lower number prevents attackers from overloading the gateway by sending extremely compressible files.

The default value is 100.

When archived file exceeds limit or extraction fails

Specify how VStream Antivirus should handle files that exceed the Maximum nesting level or the Maximum compression ratio, and files for which scanning fails. Select one of the following:

• Pass file without scanning. Scan only the number of levels specified, and skip the scanning of more deeply nested archives. Furthermore, skip scanning highly compressible files, and skip scanning archives that cannot be extracted because they are corrupt. This is the default.
• Block file. Block the file.

When a password-protected file is found in archive

VStream Antivirus cannot extract and scan password-protected files inside archives. Specify how VStream Antivirus should handle such files, by selecting one of the following:

• Pass file without scanning. Accept the file without scanning it. This is the default.
• Block file. Block the file.

Corrupt Files

When a corrupt file is found or decoding fails

Specify how VStream Antivirus should handle corrupt files and protocol anomalies, by selecting one of the following:

• Ignore and continue scanning. Log the corrupt file or protocol anomaly, and scan the information on a best-effort basis. This is the default.
• Block file. Block and log the corrupt file or protocol anomaly.