We love the attachments function and see the value in how it can greatly increase our customer experience, our ability to respond, and provide support to our customers. However, a HUGE limitation and security risk of this function is that there is no virus scanning on files that are uploaded via web form (virus scanning only available on emails), and there is not even a way to limit the types of files that can be uploaded (like in the Chat module). This opens up our company (and I suspect anyone else using this function) to huge vulnerabilities. Our security team was able to upload a .exe file with no issues. I'm curious as to how Zendesk or other companies have protected themselves from the limitations of this feature?
Please sign in to leave a comment.