Malware Scanning - We Want Your Feedback!
Hi Zendesk Community!
We have been in development of bringing more security to you all by incorporating a Malware Scanning Service(MSS) to file attachment uploads in Support product.
This feature will scan asynchronously all file attachment uploads in the Support Product (Agent Workspace, Guide, Mobile) and then show a verdict only if the file attachment contains malware.
This will be our first iteration of our release and would like your feedback on how this will be used to collect information, preventing security breaches and along with any improvements you may want to see in the future.
Our questions for you
- How would you use this feature to help your current security problem today
- Would establishing an audit log of malware events be beneficial? If so, what details in the future audit log will be important to have?
- How are you currently preventing malware via file attachments?
How to help
Please add your thoughts and comments below. This is our first release and we know there will be more iterations to be made in the future. We will collect your comments as research for future releases. The plan is to incorporate your feedback on filtering into our roadmap for next year 2022.
We are also interested in having a Zoom conversation to dig deeper with a few customers. If you’re interested in participating in our research that way, please please indicate that in your comment as well and we’ll follow up via email.
Thank you!
Chris Bulin
Hi Chika! Thank you for being part of Community Day today.
How would you use this feature to help your current security problem today
Would establishing an audit log of malware events be beneficial? If so, what details in the future audit log will be important to have?
How are you currently preventing malware via file attachments?
Chika Chima
Hi Chris!
Thank you for your feedback! Especially on the custom roles for permission to do overrides.
I would love to chat more next quarter. I will add my calendly link here in the beginning of next year in order to chat with you and anyone interested.
Philippe Cartier
Malware scanning:
For me, it is vital to prevent the malware to reach our agents. A malware scanner is a good step towards prevention.
In order to be sure no malware is sent, we should be able to select the file types that are accepted. Even if this means only accepting images (jpeg, png, etc.).
So we disabled the options in zendesk which do not permit us to filter attachment types (loss of functionality). Ideally, we should be able to configure all entry points to Zendesk to select allowed filetypes. This would be the easiest (and safest) solution.
A malware scanner has its value though as some malware can be injected through scripts and other means. So a flag of "scanned" (in the message received in zendesk) would help the agent (plus the blacklisting of all executables and zips that are sent to zendesk).
Dave Dyson
Chika Chima
Thank you all for your comments and feedback. We are excited to have this out to you all soon as a first step in stopping/ preventing malicious attacks!
CJ Johnson
The feature does not seem to work at all. I am able to attach an EICAR virus file in Zendesk. Can you let me know how to test if this feature is working correctly?
Chika Chima
CJ Johnson
Thanks again for using this forum for your questions and feedback.
In regards to your question about this feature. The behavior of the malware scanning feature; automatically scans file attachments on specific channels outlined on this article. And the feature will present warning designations if the file attachments are deemed malicious. Agents on desktop view on the Support via tickets will see warning designations if the file attachment is deemed malicious.
Is there an expected behavior that you were hoping to see and in what channel? Did you test out the EICAR file in your sandbox in the specific channels that the article outlined?
I hope this clears any specific unclarity. I am happy to meet and chat more if need be.
CJ Johnson
Hi Chika Chima,
I am afraid I don't see this feature, at all, anywhere still. Can you let us know specifically how to test this? Here I am, sending a virus to our chat in as a customer, without issue, just 5 minutes ago:

It really doesn't seem like this feature is live on our account. Please let me know how to confirm if this is the case.
Edit: I can send the EICAR zip via the form just fine, too. No warnings.
Chika Chima
Hi CJ Johnson
I created a ticket for us to discuss more in detail
Chika Chima
Hello! As promised this is a calendly link to sign up to hear more about your feedback on this feature!
Tyrell Trainor
Hi Chika Chima,
I'm curious to follow up on this thread, will Zendesk detect Eicar test files? Also I am curious to find out if there is any reports/logs that can be generated about what files were found by this scanning.
Chika Chima
Hi Tyrell Trainor
you can try sending the EICAR file by itself, not compressed as a .zip file.
Please again note that generally no scanners are 100% accurate and there are no guarantees of identifying all malicious files. We recommend therefore that you also consider further protection measures as appropriate and as per your Security team’s instructions and policies.
In regards to reports/logs, we currently do not have that on any roadmap. But i am curious in what would you want to see? Such as format and data?
Hussain Patanwala
What Malware is used to scan the documents? It is important to know from the perspective that client is very data sensitive and wants to know everything.
Can someone clarify if messaging channels are protected against malware as well?
Chika Chima
Hi Hussain thanks for reaching out!
We understand how important security is to our customers and to Zendesk. Although, we cannot share what party we have partnered with to give you the malware scanning solution(MSS), the feature is on prem meaning that we developed this feature to be within zendesk only.
Thanks for reaching out! In this help center article; in regards to Messaging; MSS feature scans files that are uploaded by agents via Agent Workspace; mobile sdk and web widget for messaging.
Filippo Bacci
hi Chika Chima,
Zendesk malware scanner is able to correctly classify EICAR and malicious exe files.
However, it is not able to identify simple files meant to perform XSS attacks (like a PDF with XSS code).
Shouldn't this be covered?
Chika Chima
Hi Filippo Bacci
Thank you for reaching out with your question.
While Zendesk’s malware scanning service does scan all file types, the nature of malware scanning makes it difficult for scanning engines to differentiate between malicious and benign for some file types. For example, HTML, JavaScript, macro-enabled documents can be very difficult to determine what is safe vs. malicious. This is due to the nature of how scanning engines work because they lack the overall context. Additionally, malicious code can be obfuscated to bypass scanning engine detection.
Derek Nuzum
Is there a method to provide feedback or take action on false positives? Our support utility EXE is now being flagged as malicious as we provide low-level OS support requiring code that hooks into areas some AV utilities would flag.
Ammy Hurtado
Would it be possible to have any sort of logs associated to the malware that was detected? We are looking for more information when we see those attachments.
We have some Agents within our environment that receive .pst files from users and when we see a flag on an attachment, it would be helpful to review any sort of log that states what exactly was detected resulting in the flag.
Chika Chima
Hi Ammy,
Thanks for reaching out and truly understand your request.
Unfortunately, Zendesk is not able to give logs or additional detail information. This is because we are partnered with a 3rd party cybersecurity company that does the scanning and provide the results