Hi, I have found one thread on web http://old.nabble.com/Re:-Virus-Scanning-Remedy-Attachments---p3614885.html
Which in short means: We can make use of Filters that fire on Create/Modify that check to see if there is a change in an attachment. The actions taken are 1) Use special run process to Save the attachment to disk PERFORM-ACTION-SAVE-ATTACHMENT 2) Use special run process to Add the attachment just saved back to the system PERFORM-ACTION-ADD-ATTACHMENT Virus checking software on server will check virus for saved attachment and then we can load a "Scanned" copy of attachment. HTH -- Regards, Ruksana Vyom Labs Pvt. Ltd. BSM Solutions & Services || ITIL Consulting & Training Email: i...@vyomlabs.com || Web Site: www.vyomlabs.com Follow Vyom Labs http://twitter.com/#!/vyomlabs || http://www.linkedin.com/company/vyom-labs -----Original Message----- From: Action Request System discussion list(ARSList) [mailto:arslist@ARSLIST.ORG] On Behalf Of pascale.sterr...@daimler.com Sent: Thursday, August 23, 2012 9:57 PM To: arslist@ARSLIST.ORG Subject: security risk with attachment - Any ideas? HI all, I am hoping that someone else on the list had to face this growing security concern and found a way to do this. This is the concern that came back from a security audit: "Attachment are not being scanned at the server level and the application can only rely on the fact that the user may or may not use a scanning system (anti-virus for example). This does not prevent user to willingly add a malicious file. The files should be scanned to stop SVG files to be uploaded at the server level." I know I can have an API that would run on the server and would look at the tickets created and if there is an attachment, to extract it and scan it etc. But any one has a better idea? Or knows of some utility that is already out there that could do this? Thank you, Pascale Kenavo ar wech all If you are not the intended addressee, please inform us immediately that you have received this e-mail in error, and delete it. We thank you for your cooperation. ____________________________________________________________________________ ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org attend wwrug12 www.wwrug12.com ARSList: "Where the Answers Are" _______________________________________________________________________________ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org attend wwrug12 www.wwrug12.com ARSList: "Where the Answers Are"