Announcing the malware scanning feature

Return to top


  • Jimmy Rufo

    Hi Chika Chima,

    Great news on the feature.  Question/scenario for you, pertaining to this new feature:

    We got an external security issue report regarding our support site, powered by Zendesk Guide. The report stated that anybody who has access to our software platform can use it to distribute malicious files which look like they come from us.  Here is the workflow:

    • Anybody who has access to our account can log in to Guide/help center, create a support ticket, and attach a file to that issue.
    • That file will be available through an URL which looks like:


    • You can then change the host name to support.{client_subdomain}.com (our host mapped subdomain) so the URL becomes:


    • And that URL is open so that anybody can download it without authentication.
    • The attacker has now made their malicious document available on our website and can start sending this link to users who may trust it because it comes from us.

    To get around this issue, it was recommended that we turn on "Enable Secure Downloads".  Although doing that has closed this vulnerability, its actually caused us other agent workflow problems such as inability to copy/paste images from clipboard into a ticket comment, as well as outright not being able to see images in the ticket body upon ticket submission.

    Will this new feature close the stated vulnerability above, and allow us to disable "Enable Secure Downloads"?  

  • Vaughan

    I would like to be able to create a workflow to notify Admins when attachments flagged.

    Is the malware flag an action/event that a trigger can be built around?
    Are any tags applied when Zendesk blocks an attachment through this feature?

  • Chris Fassano

    "Files that are uploaded and attached to tickets in the help center Customer Portal are scanned for malware and hidden from all users if malware is detected. Currently, admins can't override the malware designation on attachments added this way."

    Will there be some indication that an attachment was removed because of malware?

  • Chika Chima
    Zendesk Product Manager

    Hi Jimmy Rufo

    Thanks for the feedback.

    I would not suggest to disable Enabled secure downloads. Malware scanning feature just provides warning designations to Admins and Agents only when a file attachment is deemed malicious. However, malicious file attachments and warning designations will not appear to end users.

    In regards to your scenario; Malware scanning does scan file attachments in the Help Center customer portal: "Submit a ticket". And URL file attachment links will not be able to download by Agents and end users if the malware scanner deemed the URL file attachment link as malicious.

  • Omer Bar Lev

    I have a few questions - 
    1. Is each attachment download will be blocked now until the attachment scan will be finished? How much latency can this add to viewing attachments? can this latency change based on the load of the system (e.g peak time hours where we receive a lot of tickets)? 
    2. Will we receive some flag for a file being malicious in the attachments endpoint? 
    3. Is there a plan to to disable this feature and extend Zendesk api to support this flow so I could plug in a different attachment scanning process (sending the file to another system that will be able to mark this file as malicious instead of Zendesk)?
    4. May I ask how does the scanning attachment flow works? Is it something in house? How can I know the attachments are not going to some third service party?


  • Chika Chima
    Zendesk Product Manager

    Hi Omer Bar Lev

    Thanks for reaching out for our new malware scanning feature! For future questions, comments and concern please record them here

    There is help center article on additional on how this feature works for your reference.

    • Its async, so file has to be completely uploaded then the scanning will happen and provide a verdict.
    • depending of size of files and number of files of course, latency is in milliseconds and does not interrupt your workflow
    • No flag on endpoints, warning designations will be presented on tickets
    • There is no plan to disable this feature and it is not integrated with attachment endpoints at this time. 
    •  Zendesk takes security very seriously. Zendesk has partnered with a leading malware detection company and your data is on premise meaning that your data is not sent to a third party.It stays in house.
  • David Oegren

    Since this feature is not optional it will greatly be impacting our daily business as an email security provider. We get support requests with potentially dangerous attachments on a daily basis, and we can not afford to have our admins releasing affected emails, nor can we promote all trained agents to admins.

    Opened up thread here:



  • CJ Johnson

    "Specifically, files that are uploaded and attached to email and chat-based tickets, including the suspended ticket queue, are scanned for malware"

    The article on this feature directly contradicts this. 
    "Attachments to tickets originating from stand-alone Chat subscriptions and social messaging channels aren't scanned."

    Which is correct?

  • Dainne Lucena
    Zendesk Customer Care

    Hi CJ Johnson

    The article has been updated for further clarification.

    Files uploaded and attached to email tickets and Agent Workspace Chat message tickets are scanned for malware (including the Suspended tickets view). Attachments to tickets originating from stand-alone Chat subscriptions and social messaging channels aren't scanned.

    Which is also stated in this article:

    Attachments to tickets originating from stand-alone Chat subscriptions and social messaging channels aren't scanned. However, files attached by agents in the Agent Workspace to tickets originating from the following channels are scanned:

    • Web Widget for Messaging
    • Messaging
    • Zendesk Mobile SDK for Messaging


  • Liam Devine

    Just wanted to follow up on Vaughan's question: "Is the malware flag an action/event that a trigger can be built around?"

    We are looking to build a workflow for our Admins and this information would be a great help.

  • Chika Chima
    Zendesk Product Manager

    Hi Liam Devine!

    Thanks for your feedback!

    We are in discovery to see how we can add automation/triggers on potential malicious file attachments on Support Tickets.



Please sign in to leave a comment.

Powered by Zendesk