Are incoming ticket attachments scanned for viruses?

Return to top

24 Comments

  • Peider Clavuot

    Hi Zendesk Community Team & SDS Product Team

    The security Issues mentioned in this chat where addressed 2 years ago and I could ready that you plan to mitigate them at the earliest possible. 

    Just filtering by attachment types does obviously not really met the security requirements. Zendesk must implement an active AV solutions which scan attachment BEFORE they are uploaded. 

    Last week we faced a malicious attachment at the Zendesk Portal and realised that the Web interface of Zendesk does still not have a AV solution in place. 

    Can you please update on this and inform when and how this security weakness will be fixed?

    Thanks & Regards, Peider

     

    1
  • Max McCal
    Zendesk Product Manager

    Hi, Peider - 

    Since the time of the last update here we have assigned one of our development teams to this issue. At present we are finalizing technical decisions and implementing a solution for virus scanning. Filtering by attachment type is not currently on our roadmap. We can't provide a release timeline today, but we are in process now. We know this is a big security concern, but we also cannot release anything that hasn't been fully tested and built to cover the large number of use cases we already support. I will make a note to come back to this thread and make updates as the come.

    1
  • Tyler Tew

    I agree with Peider above. 

    Given this security issue was called out >2 years ago at this point it this really should have been addressed.

    I would expect the given the sheer volume of emails that get processed and handled by Zendesk, this would have been a priority well before now.

    2
  • Max McCal
    Zendesk Product Manager

    **Update: we've gotten plenty of responses, and have closed this survey**

    Hey, all --

    Dropping in to this thread to mention that we are actively working on a Malware Scanning tool in Zendesk, and we're looking for some customer eyes to come see what we're planning. If you're willing to give us 30 minutes of your time, you can sign up here for a time on my calendar. We'll show you some of our plans and ask for your opinions. 

    1
  • Megumi Nakamura

    Hi Max, will the Malware Scanning tool support attachments from web form?

    0
  • Max McCal
    Zendesk Product Manager

    Hi, Meg - Without being too specific – we're still in development and things are subject to change – we do plan for all ticket attachments to be covered by our first release. 

    1
  • Santo Zhao

    Hi Max, we are keen to know more about this malware scanning feature and really wants to know the timeline. The calendar link above is not valid any more, could you share it again? thx!

    0
  • Max McCal
    Zendesk Product Manager

    Hey, Santo –

    We closed the sign ups, but I just sent you a private message as well.

    0
  • Ari Zaman

    Hi,

    I recently received a zip attachment that turned out to be malware. It came through on an existing thread on a ticket. Is there any updates on how well this is working or how I can help improve the process?

    Ari

    0
  • Max McCal
    Zendesk Product Manager

    Hi, Ari –

    Our project is in flight, but we are aiming to have true malware scanning on all attachments within the next nine months. At the moment, only email attachments are scanned, and the accuracy is not as high as we would like.

    0
  • Raghu Kavi

    Hi Max McCal 

    Are there any further updates on this topic of having true malware scanning made available on all attachments? Apart from using email channels we are using web widgets and web portal channels that allow our users to submit tickets. I am more interested to know by when we can expect this true malware feature made available.

    0
  • Max McCal
    Zendesk Product Manager

    Hi, Raghu – 

    We are still tracking toward. delivery in early 2022. We are able to scan for malware at this time, with a high degree of reliability. We still have work to do both in terms of enabling our user interface to inform users of detected malware, and to scale up our detection to serve all our customers.

    0
  • Jimmy Rufo

    Hi Max,

    Can you please update this thread on where this feature stands?

    0
  • Chika Chima
    Zendesk Product Manager

    Hi Jimmy Rufo

    Thanks for the question!
    We are tracking for delivery towards the end of May/beginning of June 2022. Just like what Max said we are still have work to do both in terms of enabling our UI to inform users of detected malware and to scale up or detection to serve all our customers.

    0
  • Camilo Gomez

    Hello Chika, 

    Hoping that this is still slated to be released in the next couple of weeks. When the release is made will there be a more technical information as to how the malware detection will work. So that we can understand what possible vulnerabilities/risk we would still be exposed to?

    0
  • Steven

    The lack of progress updates and infomration about the final deliverables is really frustrating. 

    0
  • Chika Chima
    Zendesk Product Manager

    Hello All!

    Thank you again for your feedback and questions. Malware scanning is slated to release June 2022. There is a bit more work to be done for the user interface. However, there will be a help center article that explains how the malware scanning will work and an announcement when it is released. Our goal to our customers is to help prevent malicious attacks by using our trusted partners in detection and scanning file attachments.

    0
  • Camilo Gomez

    Will you be rolling this out in phases or will this be pushed out to all instances? If there is an early pilot program we would love to participate on this. 

    0
  • Itai Kociak

    Hi,

    Any updates on the release date or the early pilot?

    Thanks

     

    0
  • Chika Chima
    Zendesk Product Manager

    Hi All,

    The limited release is already closed and we are slated to release/push to all customers in June 2022.

     

    0
  • Steven

    So we are starting to get tickets suspended for malware but there is nothing diagnosticly on the message notification so we can determin what/why some of the message in question only have inline images as attachments. If this is going to be the UX then it needs some more work. 

    Not sure if we are part of the limited release or what the deal is we certantly haven't had this communicated. 

    0
  • Brett Bowser
    Zendesk Community Manager
    Hey Steven,

    Thanks for taking the time to share this with us! I would also recommend cross-posting your feedback in our Feedback - Ticketing System (Support) topic as that's actively being monitored by the product managers in charge of this functionality. 

    Thanks again!
     
    -1
  • Gautam Madaan

    Brett Bowser and Chika Chima
    Thank you for tackling this. 
    Checking in to see if this was pushed out to all customers? How can we see/test it in our instance(any documentation?) and what is the release date? 

    0
  • Chika Chima
    Zendesk Product Manager

    Hi Gautam Madaan

    Thanks for reaching out! There will be an official announcement when Malware Scanning will be rolled out to all customers! Starting June 27th the deployment will start. Look out for help center article.

    0

Please sign in to leave a comment.

Powered by Zendesk