Are incoming ticket attachments scanned for viruses?
Zendesk has an online system that scans uploaded attachments to tickets. For more information on this feature, see this article: Managing malicious attachments.
Zendesk recommends installing an antivirus solution on all of your agents' devices as malicious attachments can come from other places besides Zendesk tickets.
Hi Zendesk Community Team & SDS Product Team
The security Issues mentioned in this chat where addressed 2 years ago and I could ready that you plan to mitigate them at the earliest possible.
Just filtering by attachment types does obviously not really met the security requirements. Zendesk must implement an active AV solutions which scan attachment BEFORE they are uploaded.
Last week we faced a malicious attachment at the Zendesk Portal and realised that the Web interface of Zendesk does still not have a AV solution in place.
Can you please update on this and inform when and how this security weakness will be fixed?
Thanks & Regards, Peider
Hi, Peider -
Since the time of the last update here we have assigned one of our development teams to this issue. At present we are finalizing technical decisions and implementing a solution for virus scanning. Filtering by attachment type is not currently on our roadmap. We can't provide a release timeline today, but we are in process now. We know this is a big security concern, but we also cannot release anything that hasn't been fully tested and built to cover the large number of use cases we already support. I will make a note to come back to this thread and make updates as the come.
I agree with Peider above.
Given this security issue was called out >2 years ago at this point it this really should have been addressed.
I would expect the given the sheer volume of emails that get processed and handled by Zendesk, this would have been a priority well before now.
**Update: we've gotten plenty of responses, and have closed this survey**
Hey, all --
Dropping in to this thread to mention that we are actively working on a Malware Scanning tool in Zendesk, and we're looking for some customer eyes to come see what we're planning. If you're willing to give us 30 minutes of your time, you can sign up here for a time on my calendar. We'll show you some of our plans and ask for your opinions.
Hi Max, will the Malware Scanning tool support attachments from web form?
Hi, Meg - Without being too specific – we're still in development and things are subject to change – we do plan for all ticket attachments to be covered by our first release.
Hi Max, we are keen to know more about this malware scanning feature and really wants to know the timeline. The calendar link above is not valid any more, could you share it again? thx!
Hey, Santo –
We closed the sign ups, but I just sent you a private message as well.
I recently received a zip attachment that turned out to be malware. It came through on an existing thread on a ticket. Is there any updates on how well this is working or how I can help improve the process?
Hi, Ari –
Our project is in flight, but we are aiming to have true malware scanning on all attachments within the next nine months. At the moment, only email attachments are scanned, and the accuracy is not as high as we would like.
Hi Max McCal
Are there any further updates on this topic of having true malware scanning made available on all attachments? Apart from using email channels we are using web widgets and web portal channels that allow our users to submit tickets. I am more interested to know by when we can expect this true malware feature made available.
Hi, Raghu –
We are still tracking toward. delivery in early 2022. We are able to scan for malware at this time, with a high degree of reliability. We still have work to do both in terms of enabling our user interface to inform users of detected malware, and to scale up our detection to serve all our customers.
Can you please update this thread on where this feature stands?
Hi Jimmy Rufo
Thanks for the question!
We are tracking for delivery towards the end of May/beginning of June 2022. Just like what Max said we are still have work to do both in terms of enabling our UI to inform users of detected malware and to scale up or detection to serve all our customers.
Hoping that this is still slated to be released in the next couple of weeks. When the release is made will there be a more technical information as to how the malware detection will work. So that we can understand what possible vulnerabilities/risk we would still be exposed to?
The lack of progress updates and infomration about the final deliverables is really frustrating.
Thank you again for your feedback and questions. Malware scanning is slated to release June 2022. There is a bit more work to be done for the user interface. However, there will be a help center article that explains how the malware scanning will work and an announcement when it is released. Our goal to our customers is to help prevent malicious attacks by using our trusted partners in detection and scanning file attachments.
Will you be rolling this out in phases or will this be pushed out to all instances? If there is an early pilot program we would love to participate on this.
Any updates on the release date or the early pilot?
The limited release is already closed and we are slated to release/push to all customers in June 2022.
So we are starting to get tickets suspended for malware but there is nothing diagnosticly on the message notification so we can determin what/why some of the message in question only have inline images as attachments. If this is going to be the UX then it needs some more work.
Not sure if we are part of the limited release or what the deal is we certantly haven't had this communicated.
Thanks for taking the time to share this with us! I would also recommend cross-posting your feedback in our Feedback - Ticketing System (Support) topic as that's actively being monitored by the product managers in charge of this functionality.
Brett Bowser and Chika Chima
Thank you for tackling this.
Checking in to see if this was pushed out to all customers? How can we see/test it in our instance(any documentation?) and what is the release date?
Hi Gautam Madaan
Thanks for reaching out! There will be an official announcement when Malware Scanning will be rolled out to all customers! Starting June 27th the deployment will start. Look out for help center article.
Hello! As promised here is a calendly link to sign up to hear more about your feedback on the new malware scanning feature!
Please sign in to leave a comment.