ZIP Files Being Blocked as "Threat" Over SMTP

ZIP Files Being Blocked as "Threat" Over SMTP

7949
Created On 11/25/21 23:54 PM - Last Modified 07/11/25 20:01 PM


Symptom


For some ZIP files that do not explicitly have an End-Of-File (EOF), the firewall's Content Threat Detection will run an infinite loop due to no EOF which will eventually drop the session as end-reason of threat. This has only been identified as a bug when SMTP is being used. 

Environment


Palo Alto Firewalls running PAN-OS versions 8.0.9 and 8.1.2 and earlier. 

Cause


When a ZIP file does not have an end-of-file specified, the firewall will retain and loop certain bytes of the file. After some time, the firewall's CTD will eventually drop the session as end-reason of threat. This has only been identified in SMTP sessions. This is only an intermittent issue.

Resolution


Upgrade Palo Alto Networks firewalls to 8.0.10 or 8.1.3 or newer versions. 
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA14u000000oMo3CAE&lang=en_US&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Choose Language