Symptoms

Mails are quarantined due to Scan Limitations.

The email digest and logs show the reason  "Rejection due to Scan Limitations".


Cause

Each domain on the Secure Mail Flow system has certain limits set. If any mail crosses these limits, the mails are quarantined. The defaults are as follows:

  • Total message size exceeds: 50MB
  • Total number of recipients exceeds: 1000 recipients
  • Total number of embedded layers in a compressed file exceeds: 20 layers
  • The size of a single decompressed file exceeds 60 MB.
  • Total number of files in compressed file exceeds: 353 files
  • Compress ratio limit exceeds: 100% 
  • An Office 2007/2010/2013/2016 file contains more than 353 subfiles.
  • An Office 2007/2010/2013/2016 file contains a subfile whose decompression ratio exceeds 100.

  

By nature, Office 2007/2010 files (such as .XLSX, .DOCX, .PPTX, and others) are zipped files. When scanning, the HES scan engine treats these files as ordinary zip files and applies the same scan settings for compressed files. The file number within these files is uncertain, so these files may sometimes violate compressed file scanning exceptions.


If these file types are detected in any mail, the mail is rejected at the periphery. The system assumes these are risky and that these may contain viruses and it is not worth doing any further analysis on these and also not safe to release to the end-user.


Solution

To avoid frequent mail rejection due to scan exception rules,

  • Ask senders to password-protect Office 2007/2010 attachments. By doing this, scanning of these files is bypassed. 
  • Raise a ticket to the Support team to bypass these scanning rules for all users of your domain. Please note that this bypass rule will apply to your domain. 
  • Important Note: Impact of bypassing scan exception rules
    • Bypass rule will apply to all users of your domain.
    • Any attachments with MS Office files that may have been infected can get delivered to the end-users without scanning.