Open with table of contents

Setting Message Processing Limits

You can set limits on the amount of processing the Clearswift Gateway performs on each message. You can set the following parameters:

• Maximum recursion depth

  When processing messages, the Clearswift Gateway decomposes complex data formats into their component parts, to search for hidden threats. The components may themselves need further decomposition, for example if they are archives, or encoded or compressed files. Recursive disassembly is complete when each component is recognized as a raw data type, such as a text file, bitmap, binary file, or application executable file.

  The maximum recursion depth specifies the number of levels of decomposition the Clearswift Gateway performs on complex data formats when processing a message. If this limit is exceeded, Clearswift Gateway abandons processing the message and places it in the message processing failure area. The default is 50.

  We recommend that you do not change this setting from the default value.

• Child node limit

  The maximum number of immediate child nodes in a container which can be processed.

• Processing time

  The maximum amount of time, in seconds, for Clearswift Gateway to spend processing a single message. If this limit is exceeded, Clearswift Gateway abandons processing of the message and places it in the message processing failure area. The range is 30 seconds to 3600 seconds. The default is 1800 seconds (30 minutes).

  To resist denial of service attacks effectively, we recommend that you do change this setting from the default value. However, if large numbers of messages are being classified as problem messages due to this limit being reached, and you want to consider increasing this limit, contact your Technical Support representative for guidance.

• Automatic message repair
• Subject encode failure
• PDF image extraction

To set message processing limits:

1. From the System Center Home page, click System Settings. The System Settings page appears.

2. Click Policy Engine Settings.

   The Policy engine Setting page is displayed.

3. In the Advanced panel click Click here to change these settings.
4. Change the advanced settings as required:

• The maximum recursion depth.
• Child node limit. This setting allows you to specify the number of immediate child nodes in a container to be processed. The range is 100,000 to 2,147,483,647; the default is 1000000.
• Time for processing a message.
• Automatic message repair, Enabled or Disabled. This option allows the customer to choose whether the Policy Engine repairs character set and other message header properties that do not conform to the RFC. Note that this option is ignored if the message is modified; for example, if an annotation is added.
• On a subject encode failure, Remove the subject or Fail message processing. When a message has a subject with an encoding problem, for example, it contains characters outside the declared character set, you can choose whether this constitutes a message processing failure or the subject should be removed.
• PDF image extraction, Enabled or Disabled. This option allows the customer to choose whether images are extracted from PDF documents.

5. Click Save.
6. Apply the configuration.

See also...

• Apply the new configuration