Are incoming ticket attachments scanned for viruses?

Return to top

12 Comments

  • Peider Clavuot

    Hi Zendesk Community Team & SDS Product Team

    The security Issues mentioned in this chat where addressed 2 years ago and I could ready that you plan to mitigate them at the earliest possible. 

    Just filtering by attachment types does obviously not really met the security requirements. Zendesk must implement an active AV solutions which scan attachment BEFORE they are uploaded. 

    Last week we faced a malicious attachment at the Zendesk Portal and realised that the Web interface of Zendesk does still not have a AV solution in place. 

    Can you please update on this and inform when and how this security weakness will be fixed?

    Thanks & Regards, Peider

     

    0
  • Max McCal
    Zendesk Product Manager

    Hi, Peider - 

    Since the time of the last update here we have assigned one of our development teams to this issue. At present we are finalizing technical decisions and implementing a solution for virus scanning. Filtering by attachment type is not currently on our roadmap. We can't provide a release timeline today, but we are in process now. We know this is a big security concern, but we also cannot release anything that hasn't been fully tested and built to cover the large number of use cases we already support. I will make a note to come back to this thread and make updates as the come.

    1
  • Tyler Tew

    I agree with Peider above. 

    Given this security issue was called out >2 years ago at this point it this really should have been addressed.

    I would expect the given the sheer volume of emails that get processed and handled by Zendesk, this would have been a priority well before now.

    2
  • Max McCal
    Zendesk Product Manager

    **Update: we've gotten plenty of responses, and have closed this survey**

    Hey, all --

    Dropping in to this thread to mention that we are actively working on a Malware Scanning tool in Zendesk, and we're looking for some customer eyes to come see what we're planning. If you're willing to give us 30 minutes of your time, you can sign up here for a time on my calendar. We'll show you some of our plans and ask for your opinions. 

    1
  • Megumi Nakamura

    Hi Max, will the Malware Scanning tool support attachments from web form?

    0
  • Max McCal
    Zendesk Product Manager

    Hi, Meg - Without being too specific – we're still in development and things are subject to change – we do plan for all ticket attachments to be covered by our first release. 

    1
  • Santo Zhao

    Hi Max, we are keen to know more about this malware scanning feature and really wants to know the timeline. The calendar link above is not valid any more, could you share it again? thx!

    0
  • Max McCal
    Zendesk Product Manager

    Hey, Santo –

    We closed the sign ups, but I just sent you a private message as well.

    0
  • Ari Zaman

    Hi,

    I recently received a zip attachment that turned out to be malware. It came through on an existing thread on a ticket. Is there any updates on how well this is working or how I can help improve the process?

    Ari

    0
  • Max McCal
    Zendesk Product Manager

    Hi, Ari –

    Our project is in flight, but we are aiming to have true malware scanning on all attachments within the next nine months. At the moment, only email attachments are scanned, and the accuracy is not as high as we would like.

    0
  • Raghu Kavi

    Hi Max McCal 

    Are there any further updates on this topic of having true malware scanning made available on all attachments? Apart from using email channels we are using web widgets and web portal channels that allow our users to submit tickets. I am more interested to know by when we can expect this true malware feature made available.

    0
  • Max McCal
    Zendesk Product Manager

    Hi, Raghu – 

    We are still tracking toward. delivery in early 2022. We are able to scan for malware at this time, with a high degree of reliability. We still have work to do both in terms of enabling our user interface to inform users of detected malware, and to scale up our detection to serve all our customers.

    0

Please sign in to leave a comment.

Powered by Zendesk