Wednesday, April 1, 2009

Forefront “Exceedingly compressed size” error

When uploading a compressed file to SharePoint or sending it via email (Exchange), users were getting the error “Exceedingly compressed size”.

It seems that Forefront will block any compressed file that has a file larger than 20MB. Unfortunately, this setting can only be changed in the registry. I found the following newsgroup entry on the subject:

The Exceedingly compressed size can be controlled by a registry key called MaxCompressedArchivedFileSize.
If any one object within the zip file has a COMPRESSED size of over the MaxCompressedArchivedFileSize (which is a default of approx
20MB) then Forefront will delete this file. The reason this was done was to prevent a denial of service attack where Antigen would be scanning an infinitely large file. The incident that you will see for this would be an "Exceedingly compressed size virus”.
If this is the reason why a message is getting caught you can do the following:

  • In the registry go to HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Forefront Server Security\SharePoint or (Exchange) Server
  • Add a DWORD Key of:  MaxCompressedArchivedFileSize (equaling 40,000,000)
  • Restart FSCController service

This is about 40 MB. This will allow the zip file itself to be about 40 MB before Forefront will take action on it.

No comments:

Post a Comment