errors - decompression bomb?

[REDACTED]

ftp://  [remove this spacer]  edcftp.cr [DOT] usgs.gov/data/gtopo30hydro/eu.tar
(warning: 128 megabyte file, on a SLOW server! - i mangled the file links a bit to avoid automatic downloads.)

After downloading that file, when i scan it manually with Avast, the contents of this tar archive is mis-identified as a decompression bomb.  (Screenshot attached)

That tar archive contains GZipped text files which expand a lot in size, maybe that is the cause, but the files are useful, it's the HYDRO1k Geographic database for Europe.
After fully extracting the 128 MB tar file (and the intermediate gz archives inside it), the content size of all the extracted files (including intermediate gz files) is 1 gigabyte.

I could not find any settings in the interface where to set what is the maximum amount of data or the number of nested archive levels after which Avast stops processing files... i think i remember such a setting in past versions of Avast, but i could not find it now. Is it still available but buried in settings somewhere?


info: https://lta.cr.usgs.gov/HYDRO1K
readme: https://lta.cr.usgs.gov/HYDRO1KReadMe

There are other files in that folder that might be mis-identified as such decompression bombs:
ftp:// [remove this spacer]  edcftp.cr.usgs [DOT] gov/data/gtopo30hydro/

[DavidR]

Decompression Bomb, a file that is highly compressed, which could be very large when decompressed. This used to be a tactic long ago to swamp the system.

The name really is the most dangerous thing about this and I wish they would change it or simply not report it, a real PITA.

These highly compressed files are generally 'archive' files which are inert, don't present an immediate risk until they are unpacked. If you happen to select 'All packers' in your on-demand scans then you are more likely to come across this type of thing. Personally it is a waste of time scanning 'all packers' and that is why it isn't enabled by default.