What kind of files do you attach? A simple check would be to see the extension and block some of them. For instance to not allow .exe.
Anyway, In one of our customers' system, users do upload files with virus. This is done intentionally and part of security incidents. An finally, the solution you must apply is for one attachment pool or for all ITSM attachment pools... Regards, Jose Manuel Huerta http://theremedyforit.com/ On Thu, Aug 23, 2012 at 8:40 PM, Misi Mladoniczky <[email protected]> wrote: > Hi, > > There is a Filter-Run-Process-Command to save attachments to the server. > > Why not save any new/updated attachment to some folder. Maybe you can add > the {request-id}-[form-id}-{field-id} as a name prefix for reference. Then > you can just run any script to analyze the attached file without blocking > the transaction. > > If it is an unwanted transaction, just put it in quarantine and replace > the attachment within you AR Server with a text-file that tells you it was > an attachment. This can be done with a simple driver-script. > > Best Regards - Misi, RRR AB, http://www.rrr.se (ARSList MVP 2011) > > Products from RRR Scandinavia (Best R.O.I. Award at WWRUG10/11): > * RRR|License - Not enough Remedy licenses? Save money by optimizing. > * RRR|Log - Performance issues or elusive bugs? Analyze your Remedy logs. > Find these products, and many free tools and utilities, at http://rrr.se. > > > HI all, > > > > I am hoping that someone else on the list had to face this growing > > security concern and found a way to do this. > > This is the concern that came back from a security audit: > > > > "Attachment are not being scanned at the server level and the application > > can only rely on the fact that the user may or may not use a scanning > > system (anti-virus for example). This does not prevent user to willingly > > add a malicious file. The files should be scanned to stop SVG files to > be > > uploaded at the server level." > > > > I know I can have an API that would run on the server and would look at > > the tickets created and if there is an attachment, to extract it and scan > > it etc. But any one has a better idea? Or knows of some utility that is > > already out there that could do this? > > > > > > Thank you, > > > > Pascale > > Kenavo ar wech all > > > > > > If you are not the intended addressee, please inform us immediately that > > you have received this e-mail in error, and delete it. We thank you for > > your cooperation. > > > _______________________________________________________________________________ > > UNSUBSCRIBE or access ARSlist Archives at www.arslist.org > > attend wwrug12 www.wwrug12.com ARSList: "Where the Answers Are" > > > > > _______________________________________________________________________________ > UNSUBSCRIBE or access ARSlist Archives at www.arslist.org > attend wwrug12 www.wwrug12.com ARSList: "Where the Answers Are" > _______________________________________________________________________________ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org attend wwrug12 www.wwrug12.com ARSList: "Where the Answers Are"
