최근 검색
최근 검색 없음
Support: Restrict Attachments by File Type
2019년 5월 31일에 게시됨
Zendesk Support provides the ability to restrict customers from adding attachments, or to enable all attachments:
https://support.zendesk.com/hc/en-us/articles/204265396-Enabling-attachments-in-tickets
However, this is a global setting and there's no granular control. Many businesses would find their security posture greatly enhanced by the ability to filter allowed attachments by type. For example, some businesses might find image and PDF attachments useful, but would need to block certain other document types and ZIP files.
Please consider empowering admins to exercise greater control over what email attachments can be added by end users to a Zendesk Ticket by allowing them to set allowable attachments by type. This is already possible with the Chat service: https://support.zendesk.com/hc/en-us/articles/360022183834-Managing-file-sending-options
46
댓글 62개
Sorin Alupoaie
I've recently built an app that extends the Zendesk's triggers/automations and removes the attachments from tickets automatically. It was initially built to help with redaction tasks when a ticket is solved, but I can easily configure it to remove certain attachments from new tickets or updates based inclusion or exclusion criteria.
It's also listed on the app's marketplace:. Check it out and register here: https://www.zendesk.com/marketplace/apps/support/867529/auto-remove-attachments/
0
Simon
Max McCal
Do you know if there is a way to block certain filetypes from being attached via the contact form using Javascript?
0
Max McCal
Hi, Simon
I'm not an expert in Javascript, and wouldn't know. I'd guess you're considering using a custom theme in the Help Center to do something? I wouldn't be able to comment on the possibility personally. I can say that we have plans to support actual file type restrictions for file uploads in the entire suite, but are currently in early exploration phases.
0
Chris
absolutely ridiculous, how is still thing that is being discussed? A million dollar company can't build a simple feature that takes any dev 30 minutes in 5 years???
#shambles
2
Anton Van Heerden
+1 for the ability to have a whitelist of allowed file types. There are ways to build custom restrictions in the Help Center templates but that is not s secure way to do it. We need an admin or perhaps even owner only driven config setting that allows only certain types of attachments.
2
Ryan Worthen
This is definitely a pain point for us as new users with Zendesk. We're receiving a variety of attachments and would like to have granular control to determine allowable types. I tried the Attachment Manager plugin, but it's not very helpful. For one, the plugin doesn't work as it claims; we added htm and html files as invalid types so they would be rejected, but they are still coming through just fine. Secondly, we don't want to accept zip files, but the rejection message sent by the app tells users:
There is no way to customize this message, so this support app is of little use to us.
1
Sorin Alupoaie
Ryan Worthen the Auto-Remove Attachments app can help you restrict the type of attachments to certain file extensions only.
0
Ryan Worthen
Sorin Alupoaie The Attachment Manager is free from Zendesk...it just doesn't work as it claims. I'm not going to pay an additional $55/month to a third party for this functionality. I'm just realizing as a new customer (1 month in) that we won't be using Zendesk long term due to issues like this.
0
Anastasia Kachanova
+1 here
Zendesk admins should have granular control over attachment types for email and forms.
We do not want to use any 3rd party app and prefer to see this solution provided directly by Zendesk (preferably directly in the Admin center settings and not as another app)
3
Rene-Christian.Foidl
I agree with this. We'd like to restrict the file types we are receiving in order to prevent file types that could do harm on download/opening. Furthermore, we would like to restrict the amount of files that can be uploaded as well as the total file size that can be uploaded. Currently there is an unlimited amount of files that can be uploaded so although there is a possible single file limit of 50mb, you can apparently upload an unlimited amount of files with 50mb
1
WeiSheng
Hi,
Base on the first comment of this thread, its almost 5 years. Is there any update on the file restriction? It's important for most companies to have a file restriction to prevent malicious attacks. What is the status of this development?
0
Vincenzo
HI,
As administrator I need to be able to exclude certain types of attachments and prevent agents from downloading them (e.g. .exe)
1
Atanas Tomov
+1 on this. Definitely a must have functionality especially for companies dealing with sensitive documents and are subject to GDPR.
1
Chika Chima
Hi everyone,
As always, thank you for the feedback. We certainly understand this feature request significance to our customers. While we cannot commit to a date or planned release of this feature, however, it is on a roadmap.
0
CSE
Hi,
my company wants to block .HEIC data.
If there is any possibility on this feature would be great to get it into Zendesk.
0
Destiny
Zendesk Support does allow you to block entire categories of file types, such as executables or video files, but not individual file types within those categories.
We understand the potential value of this feature and we're grateful for your suggestion. Your feedback is truly essential for us and it gets taken into account when planning our product evolution.
Unfortunately, we can't provide a timeline or a guarantee that it will be included in future updates. We would like to assure you, however, that every feature request is taken seriously and discussed thoroughly within our team.
We appreciate your understanding and patience. If you have any more questions or need assistance with other features, please feel free to ask. Thank you~!
1
Sorin Alupoaie
CSE you can use the Auto-Remove Attachments app to automatically and consistently delete attachments in new tickets. The app also allows you to configure a list of file extensions to keep or exclude, no coding required.
0
Jenny Hertel
Hello,
We urgently need a function in the contact form to allow only certain files as attachments.
With regard to the security of our internal system, we cannot allow attachments that may contain viruses and malware.
It is very risky to allow Excel files, Word files, zip files, etc.
As soon as an internal employee processes the request and is not careful when downloading, the entire system is down in seconds.
After asking support, we were recommended the "attachment manager" app, but unfortunately this only shows which files are invalid.
The files can still be downloaded without any problems.
We urgently need a solution, otherwise we cannot allow attachments in the contact form, which simply makes the contact form unusable for the end user.
Thank you very much.
2
Vaughan
August 2019 this was said to be on the roadmap with no ETA.
In December 2023 we heard the same update.
Are there any updates on where this is at?
0
Michael Harriff
Did Zendesk really delete Collin's comment that explained exactly why this gaping security flaw is so dangerous, citing examples and proof? This is a pretty dark precedent.
1
Chika Chima
Hello!
Due to the sensitivity of the post, we have taken the precautionary step of removing the comment to safeguard our customer community against potential threats. Our Community Team has also reached out to Collin thanking them for sharing this information with us and letting them know why the comment was removed.
At Zendesk, enhancing product security is an ongoing endeavor—Malware scanning is just the start. As outlined in our pinned post, we're always discovering on incorporating new features including file type restrictions. Although we have not finalized a release timeline, prioritizing this feature is important to us.
Additionally , Zendesk's Security team always strongly advises all customers to implement their own security measures as another component of their business operations
-1
Collin
I'm interested in setting up a call to talk more about our concerns.
1
Chika Chima
sure thing Collin, I have reached out
0
bill cicchetti
Hackers are taking advantage of embedded links in PDF's for phishing purposes. Being able to restrict certain file types is vital in this day and age.
1
Vaughan
Looking for an ETA on when this is expected to be deliverable. This request is over 5 years old, creates high risk to security, and the only update we have is it is “planned”. Can we expect this in 2024?
0
Clay Congleton
I would like to bump this as well. It would be helpful if Zendesk could block .htm attachments as they can be made to look like any file object.
1
Max McCal
I wanted to step in here and confirm again that this is planned. We aren't able to comment with an ETA at this time. Providing a timeline right now would involve more guesswork than we're comfortable with. We are making improvements to our attachment handling, and have a number of projects that we are excited to share in the upcoming months, but aren't able to give specifics about timing yet. I realize this is frustrating, and this is definitely an issue that we are aware of and need to provide fixes for. If you're interested in discussing further, please let me know.
-1
Amie Brennan
hey Max McCal
Is there any further update on this? With the release of file storage this year, it's now becoming more imperative to have this type of feature so customers can reduce the amount of file attachments coming in etc on tickets. As a ZD partner, I have quite a few customers asking if they can limit the file types which can be sent through so they can reduce the amount of storage they utilise etc. but also for spam prevition of malicious file types from being sent in.
Best,
Amie
0
Vahe Khumaryan
Hi Zendesk team. It's been more than a quarter after the last update here. Do you probably have an update on timeline? This would greatly optimize our own planned effort if know exactly whether Zendesk commits to resolving this security vulnerability asap.
0
David Rachamim
Our organization is also experiencing challenges with the lack of file type restrictions. While the forms feature would be extremely valuable for our operations, we cannot utilize it without proper security measures in place to filter file types.
Given that this request has been pending since 2019 and similar functionality already exists in Zendesk Chat, could we get an updated timeline on when this security feature might be implemented? This capability is becoming increasingly critical for organizations that need to maintain strong security postures while still providing efficient customer service channels.
0