Solved: Exceedingly compressed size

Written by Administrator

Friday, 22 January 2010 09:12

When you upload in default configuration file that is more than 20MB large and it is compressed, you might get error message saying your file contains virus.

Virus Found

"Toolkit.zip" contains the following virus: "Exceedingly compressed size; Tagged ID: 20726101_24E4_46C5_838B_94F2CD5A2F5D" .

This file cannot be saved to the document library. If you want to save this file to the document library, clean the file using alternative virus scanning software and try saving it again

To fix this you have to create one registry key.

Here is the explanation:

The Exceedingly compressed size can be controlled by a registry key called MaxCompressedArchivedFileSize.

If any one object within the zip file has a COMPRESSED size of over the MaxCompressedArchivedFileSize (which is a default of approx
20MB) then Forefront will delete this file. The reason this was done was to prevent a denial of service attack where Antigen would be scanning an infinitely large file. The incident that you will see for this would be an "Exceedingly compressed size virus”.

If this is the reason why a message is getting caught you can do the following:

In the registry go to HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Forefront Server Security\SharePoint or (Exchange) Server
Add a DWORD Key of: MaxCompressedArchivedFileSize (equaling 40,000,000)
Restart FSCController service

This is about 40 MB. This will allow the zip file itself to be about 40 MB before Forefront will take action on it.

And you are ready to go

Cheers KbNk;