Hi,
There is a Filter-Run-Process-Command to save attachments to the server.
Why not save any new/updated attachment to some folder. Maybe you can add
the {request-id}-[form-id}-{field-id} as a name prefix for reference. Then
you can just run any script to analyze the attached file without blocking
the transaction.
If it is an unwanted transaction, just put it in quarantine and replace
the attachment within you AR Server with a text-file that tells you it was
an attachment. This can be done with a simple driver-script.
Best Regards - Misi, RRR AB, http://www.rrr.se (ARSList MVP 2011)
Products from RRR Scandinavia (Best R.O.I. Award at WWRUG10/11):
* RRR|License - Not enough Remedy licenses? Save money by optimizing.
* RRR|Log - Performance issues or elusive bugs? Analyze your Remedy logs.
Find these products, and many free tools and utilities, at http://rrr.se.
> HI all,
>
> I am hoping that someone else on the list had to face this growing
> security concern and found a way to do this.
> This is the concern that came back from a security audit:
>
> "Attachment are not being scanned at the server level and the application
> can only rely on the fact that the user may or may not use a scanning
> system (anti-virus for example). This does not prevent user to willingly
> add a malicious file. The files should be scanned to stop SVG files to be
> uploaded at the server level."
>
> I know I can have an API that would run on the server and would look at
> the tickets created and if there is an attachment, to extract it and scan
> it etc. But any one has a better idea? Or knows of some utility that is
> already out there that could do this?
>
>
> Thank you,
>
> Pascale
> Kenavo ar wech all
>
>
> If you are not the intended addressee, please inform us immediately that
> you have received this e-mail in error, and delete it. We thank you for
> your cooperation.
> _______________________________________________________________________________
> UNSUBSCRIBE or access ARSlist Archives at www.arslist.org
> attend wwrug12 www.wwrug12.com ARSList: "Where the Answers Are"
>
_______________________________________________________________________________
UNSUBSCRIBE or access ARSlist Archives at www.arslist.org
attend wwrug12 www.wwrug12.com ARSList: "Where the Answers Are"
