Malware Scanning - We Want Your Feedback!
Hi Zendesk Community!
We have been in development of bringing more security to you all by incorporating a Malware Scanning Service(MSS) to file attachment uploads in Support product.
This feature will scan asynchronously all file attachment uploads in the Support Product (Agent Workspace, Guide, Mobile) and then show a verdict only if the file attachment contains malware.
This will be our first iteration of our release and would like your feedback on how this will be used to collect information, preventing security breaches and along with any improvements you may want to see in the future.
Our questions for you
- How would you use this feature to help your current security problem today
- Would establishing an audit log of malware events be beneficial? If so, what details in the future audit log will be important to have?
- How are you currently preventing malware via file attachments?
How to help
Please add your thoughts and comments below. This is our first release and we know there will be more iterations to be made in the future. We will collect your comments as research for future releases. The plan is to incorporate your feedback on filtering into our roadmap for next year 2022.
We are also interested in having a Zoom conversation to dig deeper with a few customers. If you’re interested in participating in our research that way, please please indicate that in your comment as well and we’ll follow up via email.
Thank you!
-
Hi Chika! Thank you for being part of Community Day today.
How would you use this feature to help your current security problem today
- This is fantastic and I would love to see it in Zendesk. We've had folks fall for a phishing attack in a different department at our company, so I can only imagine it will happen with us eventually. The more security we can have the better. I would like to be able to add a permission for custom roles to allow them to override the lock. Particularly for the managers on the team who aren't admins, but have more permissions than agents on their teams.
Would establishing an audit log of malware events be beneficial? If so, what details in the future audit log will be important to have?
- Yes, this would be fantastic. First it could prove value (especially if this ends up being a paid feature). Additionally, I would want to be able to report out on how often malware is being identified and know who (if anyone) is overriding the lock.
How are you currently preventing malware via file attachments?
- We currently forward email to Zendesk after it goes through IronPort. Which works well for email attachments, but we don't currently allow attachments on our forms, because we don't have a way to route those through IronPort before they come into Zendesk. We have a similar problem with chat. We do allow attachments there, but it would be great if we could eventually have the same protection in that channel.
-
Hi Chris!
Thank you for your feedback! Especially on the custom roles for permission to do overrides.
I would love to chat more next quarter. I will add my calendly link here in the beginning of next year in order to chat with you and anyone interested.
-
If your team adds a "Malware Scanning Service" feature, I wish it could be turned on and off as an option.
-
I wish the audit log provided various filters like the article management of the guide.
I need an activity category for the activity.
For example, I would like to be able to view only specific items by filtering login, ticket field change, ticket form edit, user information change, etc. by category. There are so many audit logs right now, it's so hard to find the one I'm looking for. -
Malware scanning:
For me, it is vital to prevent the malware to reach our agents. A malware scanner is a good step towards prevention.
In order to be sure no malware is sent, we should be able to select the file types that are accepted. Even if this means only accepting images (jpeg, png, etc.).
So we disabled the options in zendesk which do not permit us to filter attachment types (loss of functionality). Ideally, we should be able to configure all entry points to Zendesk to select allowed filetypes. This would be the easiest (and safest) solution.
A malware scanner has its value though as some malware can be injected through scripts and other means. So a flag of "scanned" (in the message received in zendesk) would help the agent (plus the blacklisting of all executables and zips that are sent to zendesk). -
Thanks for the feedback, Philippe!
-
Thank you all for your comments and feedback. We are excited to have this out to you all soon as a first step in stopping/ preventing malicious attacks!
-
The feature does not seem to work at all. I am able to attach an EICAR virus file in Zendesk. Can you let me know how to test if this feature is working correctly?
-
Thanks again for using this forum for your questions and feedback.
In regards to your question about this feature. The behavior of the malware scanning feature; automatically scans file attachments on specific channels outlined on this article. And the feature will present warning designations if the file attachments are deemed malicious. Agents on desktop view on the Support via tickets will see warning designations if the file attachment is deemed malicious.
Is there an expected behavior that you were hoping to see and in what channel? Did you test out the EICAR file in your sandbox in the specific channels that the article outlined?
I hope this clears any specific unclarity. I am happy to meet and chat more if need be.
Thanks!
-
Hi Chika Chima,
I am afraid I don't see this feature, at all, anywhere still. Can you let us know specifically how to test this? Here I am, sending a virus to our chat in as a customer, without issue, just 5 minutes ago:
It really doesn't seem like this feature is live on our account. Please let me know how to confirm if this is the case.
Edit: I can send the EICAR zip via the form just fine, too. No warnings.
-
Hi CJ Johnson
I created a ticket for us to discuss more in detail
-
Hello! As promised this is a calendly link to sign up to hear more about your feedback on this feature!
-
Hi Chika Chima,
I'm curious to follow up on this thread, will Zendesk detect Eicar test files? Also I am curious to find out if there is any reports/logs that can be generated about what files were found by this scanning.
Thanks!
-
you can try sending the EICAR file by itself, not compressed as a .zip file.
Please again note that generally no scanners are 100% accurate and there are no guarantees of identifying all malicious files. We recommend therefore that you also consider further protection measures as appropriate and as per your Security team’s instructions and policies.In regards to reports/logs, we currently do not have that on any roadmap. But i am curious in what would you want to see? Such as format and data?
-
What Malware is used to scan the documents? It is important to know from the perspective that client is very data sensitive and wants to know everything.
-
Can someone clarify if messaging channels are protected against malware as well?
-
Hi Hussain thanks for reaching out!
We understand how important security is to our customers and to Zendesk. Although, we cannot share what party we have partnered with to give you the malware scanning solution(MSS), the feature is on prem meaning that we developed this feature to be within zendesk only.
Thanks for reaching out! In this help center article; in regards to Messaging; MSS feature scans files that are uploaded by agents via Agent Workspace; mobile sdk and web widget for messaging.
-
hi Chika Chima,
Zendesk malware scanner is able to correctly classify EICAR and malicious exe files.
However, it is not able to identify simple files meant to perform XSS attacks (like a PDF with XSS code).
Shouldn't this be covered?
-
Thank you for reaching out with your question.
While Zendesk’s malware scanning service does scan all file types, the nature of malware scanning makes it difficult for scanning engines to differentiate between malicious and benign for some file types. For example, HTML, JavaScript, macro-enabled documents can be very difficult to determine what is safe vs. malicious. This is due to the nature of how scanning engines work because they lack the overall context. Additionally, malicious code can be obfuscated to bypass scanning engine detection.
-
Is there a method to provide feedback or take action on false positives? Our support utility EXE is now being flagged as malicious as we provide low-level OS support requiring code that hooks into areas some AV utilities would flag.
댓글을 남기려면 로그인하세요.
20 댓글