-
Notifications
You must be signed in to change notification settings - Fork 21
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Malware check for attachments #2905
Comments
This feature is also relevant for compliance with regulatory requirements in Denmark. I will probably take a stab at a PR in the coming days. My initial idea for an MVP of this feature goes something like this:
This could be extended in the future to include:
Thoughts? |
Sounds pretty good. I think for the very first version:
I think we have everything setup so that the attachment is first uploaded to a temporary file, so that may be available for the scanner so It could be that sometimes the scan is slow, so ideally the architecture may be something like:
But I would do the simple version first. |
REMS does not perform malware scanning to the uploaded files. An attacker can upload a malicious file to the server. If the malicious file is run by a handler, the user's device can get infected, and the malware can spread.
The text was updated successfully, but these errors were encountered: