6 Replies Latest reply: May 9, 2013 3:44 PM by Jon Scholten RSS

    Issue with skip large files from being scanned


      Been playing around with a rule to skip large files from being scanned and am trying to understand the behavior.


      I'm using the default "Common rules" ruleset


      I'm putting my "Skip Large Files Scan" right before the "Enable Composite Opener" rule.


      The rule has various conditions for being triggered:

      • Connection.Protocol NOT equal FTP
      • Cycle.Name = RESPONSE
      • MediaType.IsArchive = YES
      • Body.Size or Content-Length Header greater than x-bytes


      I've also got an event to write to SysLog when the rule triggers.


      I know the rule triggers systematically when downloading files larger than X-bytes (I see the entry in syslog.)




      When I set the action to "Stop Cycle" it skips scanning

      When I set the action to "Stop Rule Set" it proceeds to 'Enable Composite Opener' and scans the file anyway.


      Anybody can explain why the "Stop Rule Set" does not prevent 'Enable Composite Opener' from executing?


      Attached is the screen capture of my ruleset.