Our client has asked us to allow their users to upload Excel spreadsheets with macros but raised a concern about potentially harmful files being circulated between users.
A user is basically an author of articles to which they can attach files to share with their internal communities. Currently we restrict any macro based files but it has now become important for them to be able to share XLTM files.
The environment:
- Windows Web Server 2008R2
- Eset File Security (latest)
- Asp.net based CMS system (Dnn)
My questions:
- Will Eset scan the file after it's uploaded or is it only if someone working on the server tries to open the file? (If the latter then we could still be spreading infected files because the next user that views the article and downloads the attachment wouldn't know that it's not safe unless they had good antivirus software, which we can't guarantee and have little control over)
- If Eset detects a problematic file will it intervene somehow in the HTTP Request pipeline? (I.e. I'm trying to understand what will happen when a user clicks the publish button for an article. If Eset finds an infected file, will it somehow end the current request prematurely (perhaps throwing a HTTP 500 error) which in effect stops the article from being published (the user at least knows something went wrong and we don't end up with infected files on the server at all).
No comments:
Post a Comment