Malware Scanning - We Want Your Feedback!

20 Comments

  • Chris Bulin
    Community Moderator

    Hi Chika! Thank you for being part of Community Day today.

    How would you use this feature to help your current security problem today

    • This is fantastic and I would love to see it in Zendesk. We've had folks fall for a phishing attack in a different department at our company, so I can only imagine it will happen with us eventually. The more security we can have the better. I would like to be able to add a permission for custom roles to allow them to override the lock. Particularly for the managers on the team who aren't admins, but have more permissions than agents on their teams.

    Would establishing an audit log of malware events be beneficial? If so, what details in the future audit log will be important to have?

    • Yes, this would be fantastic. First it could prove value (especially if this ends up being a paid feature). Additionally, I would want to be able to report out on how often malware is being identified and know who (if anyone) is overriding the lock.

    How are you currently preventing malware via file attachments?

    • We currently forward email to Zendesk after it goes through IronPort. Which works well for email attachments, but we don't currently allow attachments on our forms, because we don't have a way to route those through IronPort before they come into Zendesk. We have a similar problem with chat. We do allow attachments there, but it would be great if we could eventually have the same protection in that channel.
    0
  • Chika Chima
    Zendesk Product Manager

    Hi Chris!

    Thank you for your feedback! Especially on the custom roles for permission to do overrides.

    I would love to chat more next quarter. I will add my calendly link here in the beginning of next year in order to chat with you and anyone interested.

    0
  • 이지훈(Lee jihoon)

    If your team adds a "Malware Scanning Service" feature, I wish it could be turned on and off as an option.

    1
  • 이지훈(Lee jihoon)

    I wish the audit log provided various filters like the article management of the guide.

    I need an activity category for the activity.
    For example, I would like to be able to view only specific items by filtering login, ticket field change, ticket form edit, user information change, etc. by category. There are so many audit logs right now, it's so hard to find the one I'm looking for.

    0
  • Philippe Cartier

    Malware scanning:
    For me, it is vital to prevent the malware to reach our agents. A malware scanner is a good step towards prevention.
    In order to be sure no malware is sent, we should be able to select the file types that are accepted. Even if this means only accepting images (jpeg, png, etc.).
    So we disabled the options in zendesk which do not permit us to filter attachment types (loss of functionality). Ideally, we should be able to configure all entry points to Zendesk to select allowed filetypes. This would be the easiest (and safest) solution.
    A malware scanner has its value though as some malware can be injected through scripts and other means. So a flag of "scanned" (in the message received in zendesk) would help the agent (plus the blacklisting of all executables and zips that are sent to zendesk). 

    1
  • Dave Dyson
    Thanks for the feedback, Philippe!
    0
  • Chika Chima
    Zendesk Product Manager

    Thank you all for your comments and feedback. We are excited to have this out to you all soon as a first step in stopping/ preventing malicious attacks!

    -1
  • CJ Johnson

    The feature does not seem to work at all. I am able to attach an EICAR virus file in Zendesk. Can you let me know how to test if this feature is working correctly? 

    0
  • Chika Chima
    Zendesk Product Manager

    CJ Johnson

    Thanks again for using this forum for your questions and feedback.

    In regards to your question about this feature. The behavior of the malware scanning feature; automatically scans file attachments on specific channels outlined on this article. And the feature will present warning designations if the file attachments are deemed malicious. Agents on desktop view on the Support via tickets will see warning designations if the file attachment is deemed malicious.

    Is there an expected behavior that you were hoping to see and in what channel? Did you test out the EICAR file in your sandbox in the specific channels that the article outlined?

    I hope this clears any specific unclarity. I am happy to meet and chat more if need be.

    Thanks!

    -1
  • CJ Johnson

    Hi Chika Chima

    I am afraid I don't see this feature, at all, anywhere still. Can you let us know specifically how to test this?  Here I am, sending a virus to our chat in as a customer, without issue, just 5 minutes ago: 



    It really doesn't seem like this feature is live on our account. Please let me know how to confirm if this is the case. 

    Edit: I can send the EICAR zip via the form just fine, too. No warnings. 

    0
  • Chika Chima
    Zendesk Product Manager

    Hi CJ Johnson

    I created a ticket for us to discuss more in detail

    -1
  • Chika Chima
    Zendesk Product Manager

    Hello! As promised this is a calendly link to sign up to hear more about your feedback on this feature!

    -1
  • Tyrell Trainor

    Hi Chika Chima

    I'm curious to follow up on this thread, will Zendesk detect Eicar test files? Also I am curious to find out if there is any reports/logs that can be generated about what files were found by this scanning.

    Thanks!

    0
  • Chika Chima
    Zendesk Product Manager

    Hi Tyrell Trainor

    you can try sending the EICAR file by itself, not compressed as a .zip file. 
     
    Please again note that generally no scanners are 100% accurate and there are no guarantees of identifying all malicious files. We recommend therefore that you also consider further protection measures as appropriate and as per your Security team’s instructions and policies.

    In regards to reports/logs, we currently do not have that on any roadmap. But i am curious in what would you want to see? Such as format and data?
     

    0
  • Patanwala, Hussain

    What Malware is used to scan the documents? It is important to know from the perspective that client is very data sensitive and wants to know everything.

     

    0
  • AntonMi

    Can someone clarify if messaging channels are protected against malware as well?

    0
  • Chika Chima
    Zendesk Product Manager

    Hi Hussain thanks for reaching out!

    We understand how important security is to our customers and to Zendesk. Although, we cannot share what party we have partnered with to give you the malware scanning solution(MSS), the feature is on prem meaning that we developed this feature to be within zendesk only.

     

    AntonMi

    Thanks for reaching out! In this help center article; in regards to Messaging; MSS feature scans files that are uploaded by agents via Agent Workspace; mobile sdk and web widget for messaging.

    0
  • Filippo Bacci

    hi Chika Chima,

    Zendesk malware scanner is able to correctly classify EICAR and malicious exe files.

    However, it is not able to identify simple files meant to perform XSS attacks (like a PDF with XSS code).

    Shouldn't this be covered?

    0
  • Chika Chima
    Zendesk Product Manager

    Hi Filippo Bacci

    Thank you for reaching out with your question.

    While Zendesk’s malware scanning service does scan all file types, the nature of malware scanning makes it difficult for scanning engines to differentiate between malicious and benign for some file types. For example, HTML, JavaScript, macro-enabled documents can be very difficult to determine what is safe vs. malicious. This is due to the nature of how scanning engines work because they lack the overall context. Additionally, malicious code can be obfuscated to bypass scanning engine detection.

    0
  • Derek Nuzum

    Is there a method to provide feedback or take action on false positives? Our support utility EXE is now being flagged as malicious as we provide low-level OS support requiring code that hooks into areas some AV utilities would flag.

    0

Please sign in to leave a comment.

Powered by Zendesk