"The following attachment did not pass security scan:xxxxxxx.xlsm"
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
ā05-26-2021 11:33 PM
HI
When a user attached a file to a change management ticket, an email was sent to the administrator with the message "The following attachment did not pass security scan".
Does this mean that ServiceNow prohibits attaching files that use macros?
Or is it that the ".xlsm" extension is not supported?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
ā05-26-2021 11:41 PM
Hello Author,
Antivirus Scanning scans file attachments stored in your attachment [sys_attachment] table to help protect users from uploading and downloading infected files. All the document types supported by the Platform are scanned by Antivirus Scanning.
The Antivirus Protection plugin (com.glide.snap) is activated and enabled by default on your instance. As an administrator, you can deactivate and reactivate the Antivirus Scanning feature across your instance at the switch of a toggle, set configuration options, and review antivirus activity on the instance.
Please refer following documentation link:
https://docs.servicenow.com/bundle/quebec-platform-administration/page/administer/security/concept/antivirus-protection.html
Mark the answer as correct or helpful..
Regards,
Kalyani Shaha
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
ā05-27-2021 12:06 AM
Thank you for your answer.
I found that the "antivirus.infected" event was firing and sending email notifications.
Is it possible that this event fires for something other than a virus infection?
Is it possible that ".xlsm" is forbidden?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
ā05-27-2021 01:39 AM
Hello Tepp,
Not sure if we can...
You can give a try by following mentioned steps in ServiceNow doc:
https://docs.servicenow.com/bundle/quebec-platform-administration/page/administer/security/task/configure-antivirus-protection.html
https://docs.servicenow.com/bundle/quebec-platform-administration/page/administer/security/reference/dictionary-attributes-antivirus-scan.html
Let us know how it goes..
Regards,
Kalyani Shaha
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
ā06-12-2024 10:57 PM
I want to know where <antivirus.infected> even was called can anyone please let me know.
one user reported it as an issue So I want to know when it will trigger exactly.