Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

decompress-layer-limit

Syntax

Hierarchy Level

Description

When an antivirus scan engine scans a file for viruses, the scan engine decompresses the layers of nested compressed files and files with embedded extractable objects. Embedded extractable objects include files such as archive files (tar), MS Word, and PowerPoint files. For example, if a message contains a compressed .zip file that contains another compressed .zip file, then there are two compression layers. Decompressing both files requires a decompress layer setting of 2. You can set the decompression layer limit for the scan engine.

During the transfer of data, some protocols use content encoding. Before an antivirus scan engine scans viruses, the scan engine decodes this layer, which is considered as a decompression level.

The decompression layer limit is applicable to the following compressed files:

  • zip, rar, and gzip

  • Encoded data such as Multipurpose Internet Mail Extension (MIME)

  • Packaged data such as OLE, CAP, MSI, TAR, EML

  • Files with internal extractable objects, such as archive files (tar), MS Word, and PowerPoint files.

If a file exceeds the compression layer limit, the scan engine drops or forwards the file based on the fallback options.

The scan engine scans each layer before unpacking the next layer. The scan engine continues to scan until any of the following conditions are met, whichever happens first:

  • Reaches the decompression limit

  • Exceeds the system resource allocated for decompression

  • Finds a virus or other malware

  • Decompresses the data completely.

When the virus signature database becomes larger and the scan algorithms are more sophisticated, the scan engine can look deeper into the data for embedded malware. As a result, the scan engine uncovers more layers of compressed data.

The Juniper Networks device's level of security is limited by the decompress layer limit. You define the decompress layer limit based on the memory allocated to the security service.

Options

decompress-layer-limit

Specify the number of decompression layer limit.

  • Default: 3

  • Range: 0 through 10

Required Privilege Level

security—To view this statement in the configuration.

security-control—To add this statement to the configuration.

Release Information

Statement introduced in Junos OS Release 9.5.

The Kaspersky antivirus feature is not supported from Junos OS Release 15.1X49-D10 onwards.

Support at the [edit security utm default-configuration] hierarchy level introduced in Junos OS Release 18.2R1.

Support for Avira Antivirus scan engine added in Junos OS Release 18.4R1.