Cannot block compressed file under archived files in InterScan Messaging Security Suite (IMSS)

InterScan Messaging Security Suite 7.5

Last updated: 2025/05/08

Solution ID: KA-0004970

Category: Troubleshoot

The compressed file under archived files contains items that should be excluded. However, IMSS missed the scanning of the contents.

The following logs are shown in the log.imss.<date>.<count> file:

[NORMAL]scan content error:0xffffffff
[NORMAL]emanager filter getFilterNo error:-1

By default, IMSS scans the archived files. The issue occurs because the following keys in the imss.ini file disable the scanning function:

MaxDeComposeDepth=0
AllowDecompressDepthZero=yes

Both keys are supposedly added only to bypass scanning the archived files.

To solve the issue, do the following:

Open C:\Program Files\Trend Micro\IMSS\config\imss.ini using a text editor such as Notepad.
Comment the following keys under the general section:
[general]
MaxDeComposeDepth=0
AllowDecompressDepthZero=yes

The result should be similar to the following:

[general]
#MaxDeComposeDepth=0
#AllowDecompressDepthZero=yes
Save the changes.
Restart the Trend Micro IMSS Scan Service.
Verify the new settings by sending an email with a compressed file with no password protection. The file type should be included in the block attachment policy.

The contents of the compressed file that IMSS needs to block should now be excluded.

Was this article helpful?