Re: security risk with attachment - Any ideas?

2012-08-27 Thread ITSM.Support
: Action Request System discussion list(ARSList) [mailto:arslist@ARSLIST.ORG] On Behalf Of pascale.sterr...@daimler.com Sent: Thursday, August 23, 2012 9:57 PM To: arslist@ARSLIST.ORG Subject: security risk with attachment - Any ideas? HI all, I am hoping that someone else on the list had to face

Re: security risk with attachment - Any ideas?

2012-08-24 Thread Jose Manuel Huerta Guillén
What kind of files do you attach? A simple check would be to see the extension and block some of them. For instance to not allow .exe. Anyway, In one of our customers' system, users do upload files with virus. This is done intentionally and part of security incidents. An finally, the solution

security risk with attachment - Any ideas?

2012-08-23 Thread pascale . sterrett
HI all, I am hoping that someone else on the list had to face this growing security concern and found a way to do this. This is the concern that came back from a security audit: Attachment are not being scanned at the server level and the application can only rely on the fact that the user

Re: security risk with attachment - Any ideas?

2012-08-23 Thread pritch
with attachment - Any ideas? HI all, I am hoping that someone else on the list had to face this growing security concern and found a way to do this. This is the concern that came back from a security audit: Attachment are not being scanned at the server level and the application can only rely on the fact

Re: security risk with attachment - Any ideas?

2012-08-23 Thread Grooms, Frederick W
with attachment - Any ideas? HI all, I am hoping that someone else on the list had to face this growing security concern and found a way to do this. This is the concern that came back from a security audit: Attachment are not being scanned at the server level and the application can only rely

Re: security risk with attachment - Any ideas?

2012-08-23 Thread pritch
is a virus due to the encryption / compression? OK - so that was two questions, sorry. - Original Message - From: Frederick W Grooms frederick.w.gro...@xo.com To: arslist@ARSLIST.ORG Sent: Thursday, August 23, 2012 2:07:19 PM Subject: Re: security risk with attachment - Any ideas? Someone

Re: security risk with attachment - Any ideas?

2012-08-23 Thread pascale . sterrett
11:07 AM Please respond to arslist@ARSLIST.ORG To arslist@ARSLIST.ORG cc Subject Re: security risk with attachment - Any ideas? Someone told me once if you are using the Mid-Tier client then as a file is uploaded for an attachment it is temporarily saved on the Mid-Tier server as a file

Re: security risk with attachment - Any ideas?

2012-08-23 Thread Misi Mladoniczky
Hi, There is a Filter-Run-Process-Command to save attachments to the server. Why not save any new/updated attachment to some folder. Maybe you can add the {request-id}-[form-id}-{field-id} as a name prefix for reference. Then you can just run any script to analyze the attached file without