D-Link DFL-1600 Reference Guide

Explanation

The file could not be scanned by the anti-virus module since the
decompression of the compressed file failed. Since anti-virus is
running in audit mode, the data transfer will be allowed to continue.

Gateway Action

allow_data

Recommended Action

Change Fail Mode parameter to deny if files that fail decompression
should be blocked.

Revision

Parameters

filename
[layer7_srcinfo]
[layer7_dstinfo]

Context Parameters

ALG Module Name
ALG Session ID
Connection

2.3.6. compression_ratio_violation (ID: 05800006)

Default Severity

WARNING

Log Message

Compression ratio violation for file <filename>. Compression ratio
threshold: <comp_ratio>

Explanation

Anti-virus has scanned a compresed file with a compression ratio
higher than the specified value. Action is set to continue scan.

Gateway Action

continue_scan

Recommended Action

Files with too high compression ratio can consume large amount of
resources. This can be a DOS attack.

Revision

Parameters

filename
comp_ratio
[layer7_srcinfo]
[layer7_dstinfo]

Context Parameters

ALG Module Name
ALG Session ID
Connection

2.3.7. compression_ratio_violation (ID: 05800007)

Default Severity

WARNING

Log Message

Compression ratio violation for file <filename>. Compression ratio
threshold: <comp_ratio>

Explanation

Anti-virus has scanned a compresed file with a compression ratio
higher than the specified value. Action is set to continue scan.

Gateway Action

abort_scan

Recommended Action

Files with too high compression ratio can consume large amount of
resources. This can be a DOS attack.

2.3.6. compression_ratio_violation
(ID: 05800006)

Chapter 2. Log Message Reference

140