HI all, I am hoping that someone else on the list had to face this growing security concern and found a way to do this. This is the concern that came back from a security audit:
"Attachment are not being scanned at the server level and the application can only rely on the fact that the user may or may not use a scanning system (anti-virus for example). This does not prevent user to willingly add a malicious file. The files should be scanned to stop SVG files to be uploaded at the server level." I know I can have an API that would run on the server and would look at the tickets created and if there is an attachment, to extract it and scan it etc. But any one has a better idea? Or knows of some utility that is already out there that could do this? Thank you, Pascale Kenavo ar wech all If you are not the intended addressee, please inform us immediately that you have received this e-mail in error, and delete it. We thank you for your cooperation. _______________________________________________________________________________ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org attend wwrug12 www.wwrug12.com ARSList: "Where the Answers Are"
