I had a similar question from my security group at one point. I told them if we were that paranoid we should go back to paper for everything and if they needed to solve that dilemma they needed to shut down Remedy and find another system. They backed off fairly quick.
Of course this comes with a disclaimer of 'don't try this at home'. Worked for me that time, but don't think I can overuse the attitude. ----- Original Message ----- From: "pascale sterrett" <[email protected]> To: [email protected] Sent: Thursday, August 23, 2012 12:27:13 PM Subject: security risk with attachment - Any ideas? HI all, I am hoping that someone else on the list had to face this growing security concern and found a way to do this. This is the concern that came back from a security audit: "Attachment are not being scanned at the server level and the application can only rely on the fact that the user may or may not use a scanning system (anti-virus for example). This does not prevent user to willingly add a malicious file. The files should be scanned to stop SVG files to be uploaded at the server level." I know I can have an API that would run on the server and would look at the tickets created and if there is an attachment, to extract it and scan it etc. But any one has a better idea? Or knows of some utility that is already out there that could do this? Thank you, Pascale Kenavo ar wech all If you are not the intended addressee, please inform us immediately that you have received this e-mail in error, and delete it. We thank you for your cooperation. _______________________________________________________________________________ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org attend wwrug12 www.wwrug12.com ARSList: "Where the Answers Are" _______________________________________________________________________________ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org attend wwrug12 www.wwrug12.com ARSList: "Where the Answers Are"
