"The following attachment did not pass security scan:xxxxxxx.xlsm"

Tepp
Tera Expert

HI 

When a user attached a file to a change management ticket, an email was sent to the administrator with the message "The following attachment did not pass security scan".

Does this mean that ServiceNow prohibits attaching files that use macros?

Or is it that the ".xlsm" extension is not supported?

4 REPLIES 4

Kalyani21
Mega Guru

Hello Author,

Antivirus Scanning scans file attachments stored in your attachment [sys_attachment] table to help protect users from uploading and downloading infected files. All the document types supported by the Platform are scanned by Antivirus Scanning.

The Antivirus Protection plugin (com.glide.snap) is activated and enabled by default on your instance. As an administrator, you can deactivate and reactivate the Antivirus Scanning feature across your instance at the switch of a toggle, set configuration options, and review antivirus activity on the instance.

Please refer following documentation link:

https://docs.servicenow.com/bundle/quebec-platform-administration/page/administer/security/concept/antivirus-protection.html

 

Mark the answer as correct or helpful..

 

 

Regards,

Kalyani Shaha

Thank you for your answer.

 

I found that the "antivirus.infected" event was firing and sending email notifications.
Is it possible that this event fires for something other than a virus infection?

Is it possible that ".xlsm" is forbidden?

Hello Tepp,

 

Not sure if we can...

You can give a try by following mentioned steps in ServiceNow doc:

https://docs.servicenow.com/bundle/quebec-platform-administration/page/administer/security/task/configure-antivirus-protection.html

https://docs.servicenow.com/bundle/quebec-platform-administration/page/administer/security/reference/dictionary-attributes-antivirus-scan.html

Let us know how it goes..

 

 

Regards,

Kalyani Shaha

 

 

Sailakshmi Budd
Tera Contributor

I want to know where <antivirus.infected> even was called can anyone please let me know.

one user reported it as an issue So I want to know when it will trigger exactly.