An antivirus would not be sufficient as they want us to validate script tags within the attachment. So that limit what we can do even more and I honestly have no other ideas on how I could make this work.
Kenavo ar wech all [email protected] Sent by: [email protected] 08/23/2012 11:07 AM Please respond to [email protected] To [email protected] cc Subject Re: security risk with attachment - Any ideas? Someone told me once if you are using the Mid-Tier client then as a file is uploaded for an attachment it is temporarily saved on the Mid-Tier server as a file. If the Mid-Tier server has AntiVirus software installed then that software should be scanning the attachments for you. If this is true then this should take care of your security concerns. -----Original Message----- From: Action Request System discussion list(ARSList) [mailto:[email protected]] On Behalf Of [email protected] Sent: Thursday, August 23, 2012 11:27 AM To: [email protected] Subject: security risk with attachment - Any ideas? HI all, I am hoping that someone else on the list had to face this growing security concern and found a way to do this. This is the concern that came back from a security audit: "Attachment are not being scanned at the server level and the application can only rely on the fact that the user may or may not use a scanning system (anti-virus for example). This does not prevent user to willingly add a malicious file. The files should be scanned to stop SVG files to be uploaded at the server level." I know I can have an API that would run on the server and would look at the tickets created and if there is an attachment, to extract it and scan it etc. But any one has a better idea? Or knows of some utility that is already out there that could do this? Thank you, Pascale Kenavo ar wech all _______________________________________________________________________________ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org attend wwrug12 www.wwrug12.com ARSList: "Where the Answers Are" If you are not the intended addressee, please inform us immediately that you have received this e-mail in error, and delete it. We thank you for your cooperation. _______________________________________________________________________________ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org attend wwrug12 www.wwrug12.com ARSList: "Where the Answers Are"
